14.1.9 Practice exam
Unlock all answers in this set
Unlock answersquestion
Which of the following activities are considered passive in regards to the functioning of anintrusion detection system? (Select two.)
answer
Monitoring the audit trails on a server Listening to network traffic
question
An active IDS system often performs which of the following actions? select two
answer
Update filters to block suspect traffic Perform reverse lookups to identify an intruder
question
What does an IDS that uses signature recognition use for identifying attacks?
answer
Comparison to a database of know attacks
question
Which of the following are security devices that perform stageful inspections of packet data, looking for patterns that indicate malicious code? select two
answer
IPS IDS
question
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment?
answer
Periodic reviews must be conducted to detect malicious activity or policy violations.
question
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?
answer
IDS
question
You are connected about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when poosible to stop or prevent the attacks. Which tool should you use?
answer
IPS
question
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
answer
Host based IDS
question
You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections.) Which type of device should you use?
answer
Anomaly based IDS
question
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
answer
Disconnect the intruder
question
You have worked as a network Admin for a company for seven months. One day all picture files on the server become corrupted. You discover that a user downloaded a virus from the internet onto his workstation, and it propagated to the server. You successfully restore all files from backup, but your boss adam at that this situation does not occur. What should you do?
answer
Install a network virus detection software solution.
question
Which of the following actions should you take to reduce the attack surface of a server?
answer
Disable unused services
question
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. Which tool should you use?
answer
Port scanner
question
Which of the following intrusion detection and prevention systems use fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data?
answer
honeypot
question
What does a tarpit specifically do to detect and prevent intrusion into your network?
answer
Answer connection requests in such a way that the attacking computer is stuck for a period of time