Active Vulnerability Scanner
Autor: Jai Ice • June 29, 2015 • Exam • 945 Words (4 Pages) • 1,550 Views
Page 1 of 4
- A (n) active vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
- Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as fingerprinting.
- A (n) supplicant is a proposed systems user
- A (n) listener vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. False
- Trap and trace applications use a combination of techniques to detect an intrusion and then trace it back to its source.
- Honeypots are decoy systems designed to lure potential attackers away from critical systems.
- A (n) honey pot system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks.
- Intrusion correction activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
- Enticement is the action of luring an individual into committing a crime to get a conviction. False
- A passive response is a definitive action automatically initiated when certain types of alerts are triggered. False
- Which of the following ports is commonly used for the HTTP protocol? 80
- A sniffer cannot be used to eavesdrop on network traffic. False
- A n) intrusion occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
- A HIDPS can monitor systems logs for predefined events. True
- The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called noise
- A (n) smart IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
- In TCP/IP networking, port 0 is not used.
- A signature-based IDPS is sometimes called a (n) knowledge-based IDPS.
- IDPS researchers have used padded cell and honeypot systems since the late 1980
- Alarm clustering and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.
- Using LFM the system reviews the log files generated by servers, network devices, and even other IDPSs.
- A starting scanner is one that initiates traffic on the network in order to determine security holes. True
- A(n) padded cell is a honey pot that has been protected so that it cannot be easily compromised
- The initial estimation of the defensive state of an organization’s networks and systems is called doorknob. rattling
- In application protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use
- Three methods dominate the IDPSs detection methods: signature-based approach, statistical anomaly-based approach or the stateful packet inspection approach
- A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. True
- The attack protocol is a series of steps or processes used by an attacker, in a logical sequence, to launch an attack against a target system or network.
- A HIDPS is optimized to detect multi host scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches. False
- Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. False
- A packet sniffer is a network tool that collects copies of packets from the network and analyzes them.
- A (n) host-based IDPS resides on a particular computer or server and monitors activity only on that system.
- NIDPSs are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
- A (n) IDS works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
- Among all possible biometrics, iris, fingerprints, retina is (are) considered truly unique.
- A false positive is the failure of an IDPS system to react to an actual attack event. False
- Most NBA sensors can be deployed in passive mode only, using the same connection methods as network-based IDPSs.
- A (n) packet sniffer is a network tool that collects copies of packets from the network and analyzes them.
- HIDPSs are also known as system integrity verifiers.
- A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. True
- The crossover error rate is the level at which the number of false rejections equals the false acceptances, also known as the equal error rate.
- The monitoring port is also known as a switched port analysis port or mirror port.
- A (n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. False
- Minutiae are unique points of reference that are digitized and stored in an encrypted format when the user’s system access credentials are created. True
- A fully distributed IDPS control strategy is the opposite of the centralized strategy. True
- A (n) network-based IDPS is focused on protecting network information assets.
- A (n) log file monitor is similar to a NIDPS. True
- To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known signatures in their knowledge base.
- A padded cell is a hardened honeynet. False
- HIDPSs benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
...