Term
| Which UNIX command can be used to show the patches that are installed for a specific software package? |
|
Definition
|
|
Term
| How does stateful packet filtering differ from basic packet filtering? |
|
Definition
| b. Stateful packet filtering looks at the packets in relation to other packets. |
|
|
Term
| Adding more services and applications to a system helps to harden it. |
|
Definition
|
|
Term
| Which of the following is NOT a general step in securing a networking device? |
|
Definition
| c. Maintaining SNMP community strings Correct |
|
|
Term
| Which of the following is NOT an advantage of network-based IDS? |
|
Definition
| b. They can reduce false positive rates. |
|
|
Term
| A _________ is a more formal, large software update that may address several or many software problems. |
|
Definition
|
|
Term
| Windows Defender does all of the following EXCEPT: |
|
Definition
|
|
Term
|
Definition
| b. Describe the state of initialization and what system services are operating in a Linux system Correct |
|
|
Term
| While NIDS are able to detect activities such as port scans and brute force attacks, it is unable to detect tunneling. |
|
Definition
|
|
Term
| Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. |
|
Definition
|
|
Term
| A new breed of IDS that is designed to identify and prevent malicious activity from harming a system. |
|
Definition
|
|
Term
| One of the advantages of HIDS is that |
|
Definition
| a. They can reduce false-positive rates |
|
|
Term
| Only active intrusion detection systems (IDS) can aggressively respond to suspicious activity, whereas passive IDS cannot. |
|
Definition
|
|
Term
| Network-based IDS examines activity on a system such, as a mail server or web server. |
|
Definition
|
|
Term
| Which UNIX command would you use to change permissions associated with a file or directory? |
|
Definition
|
|
Term
| What is the process of establishing a system's security state called? |
|
Definition
|
|
Term
| Simple rule sets that are applied to port number and IP addresses are called |
|
Definition
|
|
Term
| On a UNIX system, if a file has the permission r-x rw- ---, what permission does the world have? |
|
Definition
|
|
Term
| Hotfixes are usually smaller than patches, and patches are usually smaller than service packs. |
|
Definition
|
|
Term
| Which of the following is NOT a component of an IDS? |
|
Definition
| c. Expert knowledge database |
|
|
Term
| What must you do in order to sniff the traffic on all ports on a switch? |
|
Definition
| c. Enable port mirroring. |
|
|
Term
| Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. |
|
Definition
|
|
Term
| What is the first step in addressing issues with passwords? |
|
Definition
| a. The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with. Correct |
|
|
Term
| Only active intrusion detection systems (IDS) can aggressively respond to suspicious activity, whereas passive IDS cannot. |
|
Definition
|
|
Term
| Permissions under Linux are the same as for other UNIX-based operating systems. |
|
Definition
|
|
Term
| Which of the following is NOT an advantage of network-based IDS? |
|
Definition
| b. They can reduce false positive rates. Correct |
|
|
Term
| When hardening Mac OS X, the same guidelines for all UNIX systems apply. |
|
Definition
|
|
Term
| Which of the following is true of the registry permissions area settings in security templates? |
|
Definition
| c. They control who can access the registry and how it can be accessed. |
|
|
Term
| Antivirus products do all of the following EXCEPT: |
|
Definition
| c. Block network traffic based on policies |
|
|
Term
| The security tool that will hide information about the requesting system and make the browsing experience secret is a |
|
Definition
|
|
Term
| Hardening applications is similar to hardening operating systems, in that you remove functions that are not needed, restrict access where you can, and make sure the application is up to date with patches. |
|
Definition
|
|
Term
| Hostile activity that does not match an IDS signature and goes undetected is called a false positive. |
|
Definition
|
|
Term
| The model that most modern intrusion detection systems use is largely based upon a model created by Dorothy Denning and Peter Neumann called: |
|
Definition
| c. Intrusion Detection Expert System (IDES) |
|
|
Term
| Which of the following is NOT a component of an IDS? |
|
Definition
| c. Expert knowledge database |
|
|
Term
| An initial baseline should be performed when? |
|
Definition
| c. After administrators have finished patching, securing, and preparing a system |
|
|
Term
| The nuisance of web pages that automatically appear on top of your current web page can be remedied with |
|
Definition
|
|
Term
| Which of the following is the command to stop a service in UNIX? |
|
Definition
|
|
Term
| Securing access to files and directories in Solaris is vastly different from most UNIX variants. |
|
Definition
|
|
Term
| A sniffer must use a NIC in promiscuous mode; otherwise it will not see all the network traffic coming into the NIC. |
|
Definition
|
|
Term
| Which of the following is NOT a UNIX file permission? |
|
Definition
|
|
Term
| Network-based IDS examines activity on a system such, as a mail server or web server. |
|
Definition
|
|
Term
| The NIDS signature database is usually much larger than that of a host-based system. |
|
Definition
|
|
Term
| A sniffer must use a NIC in promiscuous mode; otherwise it will not see all the network traffic coming into the NIC. |
|
Definition
|
|
Term
| How does IPS differ from an IDS? |
|
Definition
| c. IPS will block, reject, or redirect unwanted traffic; an IDS will only alert. |
|
|
Term
| Linux and other operating systems use the _______ command to change the read-write-execute properties of a file or directory. |
|
Definition
|
|
Term
| Mac OS X FileVault encrypts files with 3DES encryption. |
|
Definition
|
|
