3.8 Success Answers
1. IDSes can be described in terms of what fundamental functional components?
A. Information Sources
D. No Answer is Correct
Explanation: Many IDSs can be described in terms of three fundamental functional components:
2. The majority of commercial intrusion detection systems are:
Explanation: The majority of commercial intrusion detection systems are network-based. These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts.
Historically, IDS started out as host-based, which is the other major type of IDS. Identity-based and signature-based are not types of IDS.
3. Which of the following is a drawback of Network-based IDSs?
A. It cannot analyze encrypted information.
B. It is very costly to set up.
C. It is very costly to manage.
D. It is not effective
Explanation: Network-based IDSs cannot analyze encrypted information. This problem is increasing as more organizations (and attackers) use virtual private networks. Most network-based IDSs cannot tell whether or not an attack was successful; they can only discern that an attack was initiated. This means that after a network-based IDS detects an attack, administrators must manually investigate each attacked host to determine whether it was indeed penetrated.
4. Host-based IDSs normally utilize information from which of the following sources?
A. Operating system audit trails and system logs
B. Operating system audit trails and network packets
C. Network packets and system logs
D. Operating system alarms and system logs
Explanation: Host-based IDSs normally utilize information sources of two types, operating system audit trails, and system logs. Operating system audit trails are usually generated at the innermost (kernel) level of the operating system, and are therefore more detailed and better protected than system logs. However, system logs are much less obtuse and much smaller than audit trails, and are furthermore far easier to comprehend. Some host-based IDSs are designed to support a centralized IDS management and reporting infrastructure that can allow a single management console to track many hosts. Others generate messages in formats that are compatible with network management systems.
Host-based systems do not generally use network packets (although some may inspect all packets destined for the particular host in question). Similarly, they traditionally rely on logs rather than on real-time alarms.
5. What is known as a decoy system designed to lure a potential attacker away from critical systems?
A. Vulnerability Analysis System
B. Honey Pot
C. Padded Cell
D. File Integrity Checker
Explanation: Honey pots are decoy systems that are designed to lure a potential attacker away from critical systems. Honey pots are designed to:
Vulnerability analysis systems measure a system or network's vulnerability to attack, not whether or not an attack has occurred. File Integrity Checkers are used to see if system files have been altered by an attacker.
6. Which of the following attacks can force a browser to come to your WWW server instead of the real site?
A. DNS spoofing
C. Man in the middle
D. Land attack
Explanation: There are vulnerabilities in the Netscape and Internet Explorer browsers. Using DNS spoofing to force a browser to come to your WWW server instead of the real site can demonstrate the ability to attack web clients.
Hijacking can be used behind the scenes to accomplish the same results in some circumstances but requires more work on the attacker's part and does not necessarily involve redirection to a separate site. MITM attacks generally do not involve browser redirection. Land attacks are network-level attacks.
7. A PBX with a maintained modem attached should
A. Be turned off except during actual maintenance periods
B. Have strong authentication for use
C. Be left on for high priority updates to the PBX software
D. PBXes don't use modems
Explanation: All but the smallest PBX systems can be updated by a modem. It is very easy to get default passwords and syntax for most PBX systems. Leaving the maintenance modem on is like leaving the key to the front door in the lock when going home at night.
8. When backing up using tape the administrator needs to
A. Periodically confirm the tape is still valid
B. Clean the tape drive
C. Store the tape off-site in a secured area
D. All of these choices are correct
E. No choice is correct
Explanation: More than one company has found that storing tape in a high security area off site still needs to check the tapes. In one case a freezer running in an adjoining security area erased the tapes. The motor running the compressor created enough EMI to erase the tapes in the adjoining area.
9. Choose the technology that enables the use of one-time passwords or pass phrases.
C. Genius cards
D. USB hub
E. No choice is correct
Explanation: Smart cards and other access tokens rely on one-time-only passwords, challenge-response phrases or public-key security to dramatically increase authentication strength.
Biometrics involves unique physical characteristics, not passwords or tokens. USB hubs do not require passwords.
10. Classic ON/NOS hardening includes
A. Disabling unneeded protocols and services
B. Applying patches
C. Monitoring email and web sites for new issues
D. All choices are correct
Explanation: This one is pretty self-explanatory. Some good web links for different operating systems include:
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.