| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Answers to Questions 41-45 41. What technology is being used to detect anomalies? A. IDS B. FRR C. Sniffing D. Capturing Explanation: Intrusion Detection is a quickly evolving domain of expertise. In the past year we have seen giant steps forward in this area. We are now seeing IDS engines that will detect anomalies, and that have some built-in intelligence. It is no longer a simple game of matching signatures in your network traffic. & Section 2.3.3.3: Packet Sniffing & Section 3.1.9: IDS (Intrusion Detection System) & Section 3.4: Intrusion Detection ![]()
42. IDSs can be described in terms of what fundamental functional components? A. Information Sources B. Analysis C. Response D. No Answer is Correct Explanation: Many IDSs can be described in terms of three fundamental functional components:
& Section 2.3.3.3: Packet Sniffing & Section 3.1.9: IDS (Intrusion Detection System) & Section 3.4: Intrusion Detection ![]()
43. Host-based IDSs normally utilize information from which of the following sources? A. Operating system audit trails and system logs B. Operating system audit trails and network packets C. Network packets and system logs D. Operating system alarms and system logs Explanation: Host-based IDSs normally utilize information sources of two types, operating system audit trails, and system logs. Operating system audit trails are usually generated at the innermost (kernel) level of the operating system, and are therefore more detailed and better protected than system logs. However, system logs are much less obtuse and much smaller than audit trails, and are furthermore far easier to comprehend. Some host-based IDSs are designed to support a centralized IDS management and reporting infrastructure that can allow a single management console to track many hosts. Others generate messages in formats that are compatible with network management systems. Host-based systems do not generally use network packets (although some may inspect all packets destined for the particular host in question). Similarly, they traditionally rely on logs rather than on real-time alarms. & Section 2.3.3.3: Packet Sniffing & Section 3.1.9: IDS (Intrusion Detection System) & Section 3.4: Intrusion Detection & Section 3.4.2: Host Based (Intrusion Detection) ![]()
44. What is known as decoy system designed to lure a potential attacker away from critical systems? A. Vulnerability Analysis Systems B. Honey Pots C. Padded Cells D. File Integrity Checker Explanation: Honey pots are decoy systems that are designed to lure a potential attacker away from critical systems. Honey pots are designed to: Divert an attacker from accessing critical systems, Collect information about the attacker's activity, and encourage the attacker to stay on the system long enough for administrators to respond. Vulnerability analysis systems measure a system or network's vulnerability to attack, not whether or not an attack has occurred. File Integrity Checkers are used to see if system files have been altered by an attacker. & Section 3.4.3: Honey Pots ![]()
45. A simple firewall screening method is to screen requests and ensure that they come from: A. Acceptable domain name and IP addresses B. Acceptable domain name and IGMP addresses C. Acceptable domain name and phone numbers D. Acceptable IP addresses and CA Explanation: There is a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable (previously identified) domain name and Internet Protocol addresses. For mobile users, firewalls allow remote access in to the private network by the use of secure logon procedures and authentication certificates. IGMP is a routing protocol, not an addressing scheme. Phone numbers are not directly related to IP addresses. & Section 3.1.1: Firewalls
Home - Table Of Contents - Contact Us CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com Version 1.0 - Version Date: November 15, 2004 Adapted with permission from a work created by Tcat Houser et al. CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |