Answers to Questions 56-60
56. An internal (private) network that uses TCP/IP protocols and services is called a
D. No choice is correct
Explanation: Intranets are micro-versions of the Internet that use the same technologies as the Internet, simplifying installation and maintenance. An extranet is an extension of a company's intranet to its business partners. An internet is an Internetwork of networks, generally one that is not controlled by any central authority.
& Section 18.104.22.168: Intranet
57. Packet scanning a network for known attack signatures is called
A. Network based IDS
B. Host based IDS
Explanation: "Monitors all network traffic passing on the segment where the agent is installed, reacting to any anomaly or signature based suspicious activity. Basically this is a packet sniffer with attitude. They come in the guise of appliance-based products that you just plug in and it goes, to software that installed on off the shelf computers. Depending on your LAN speeds they don't necessarily have to be hi spec PCs. They analyze every packet for attack signatures, or look for anomalies within the protocol." -- networkintrusion.co.uk
Host-based IDS looks only at a single host, not the entire network's traffic.
& Section 3.4.1: Network based (Intrusion Detection)
58. A active NIDS can do what that a passive system cannot
A. Trigger events such as drop the connection
B. Log the event
C. Both are correct
D. Neither choice is correct
Explanation: An active NIDS can take rule-based actions. (And an attacker can make a poorly configured Active NIDS create a self-inflicted DoS)
Both active and passive NIDS can log events.
& Section 22.214.171.124: Active Detection (Network Based Intrustion Detection)
59. What is your 1st step if you suspect an illegal intrusion has occurred?
A. Secure devices
B. Shut down systems
C. Alert senior management
D. All choices are correct
Explanation: Never turn a system off, if possible. Secure devices by disconnecting the network cable. Turning off a system can lose valuable data in RAM. The next step is to notify senior management and get help.
& Section 3.4.4: Incident Response
60. Classic ON/NOS hardening includes:
A. Disabling unneeded protocols and services
B. Applying patches
C. Monitoring email and web sites for new issues
D. All choices are correct
E. Apply BIOS changes
Explanation: This one is pretty self-explanatory. Some good web links for different operating systems
& Section 3.5.1: OS/NOS hardening
& Section 3.5.2: Network Hardening
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.