1. What would these iptables rules do?
iptables -A INPUT -p tcp -m tcp
--dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Allow web server traffic |
||
Block web server traffic |
||
Force port 80 traffic to port 443 |
||
Allow traffic from both 80 and 443 using UDP protocols |
2. Timestamps are important because
can not be changed or deleted by attackers |
||
when configured properly, allows you to correlate events across the network |
||
can always be used to attribute actions to a user |
||
are always synced by NTP servers to ensure accuracy |
3. The softest target for an attacker is usually the
router |
||
firewill |
||
operating system |
||
the user |
4. The most basic snort rule:
alert tcp any any -> any any (msg:"Sample Alert"; sid:00001;)
Would alert on what condition
Only packets containing "Sample Alert" |
||
All TCP connections |
||
All UDP connections |
||
Only packets containing "00001" |
5. Honeypots can perform all of the following roles except
Intrusion Prevention |
||
Intelligence gathering |
||
Warnings and Indicator collection |
||
Forensic capabilities |
6. Unix systems typically execute instructions in one of two general contexts: the kernel or the root user.
True
False
7. The NTLM hashes that are dumped from the windows machines can reveal user passwords.
True
False
8. Which of the following is not a Unix permission?
Read |
||
Write |
||
Delete |
||
Execute |
9. All TCP packets are IP packets, but all IP packets are not TCP packets
True
False
10. The payload, in relation to viruses and worms, is the:
part of the malware that is used to hide itself from antivirus and intrusion detection systems. |
||
legitimate program that the malware hijacks |
||
data in a ICMP packet |
||
malicious code that is executed on a compromised host |
11. Signature Detection requires a baseline of the network to ensure accuracy.
True
False
12.A poorly written signature that fails to generate an alert would be considered a:
False Positive |
||
False Negative |
||
Positive Negative |
||
Negative Positive |
13. A Snort alert does not generate a log.
True
False
14. In Antivirus Software, Heuristic detection looks for things like anomalies, Signature based detection uses content matches.
True
False
15. Web-based attacks offer NO significant advantages for attackers
True
False
16. What is Two Factor Authentication?
Cisco's new IDS platform. |
||
A technique used to store passwords on a machine. |
||
The process in which DPI ensures accurate detection. |
||
A method that requires a user to initiate two separate challenges in order to obtain access. Usually Something you have and something you know. |
1. What would these iptables rules do? iptables -A INPUT -p tcp -m tcp --dport 80...
1. Let’s consider the network shown in Figure 1 where Snort is
deployed.
1.1: In Figure 1, why is Snort deployed in the DMZ instead of
the Internal Network? (9 points)
1.2: In Figure 1, say True or False to the following statement:
“Snort can see both incoming packets from the left firewall and
outgoing packets from the right firewall”. (5 points)
1.3: In Figure 1, assume a packet P matches the following Snort
rule when the packet is analyzed...
166 Chapter 8: TCP/IP Applications Getting Down to Business The way network communication all those ls and Os) goes in and out of a machine physically is through the NIC (network interface card). The way network communication goes in and out of a machine logically though, is through a program or service. A service is a program that runs in the background, independent of a logon, that provides functionalities to a system. Windows client machines, for instance, have a Workstation...
Chapter 06 Applied Cryptography 1. How is integrity provided? A. Using two-way hash functions and digital signatures B. Using one-way hash functions and digital signatures C. By applying a digital certificate D. By using asymmetric encryption 2. Which term refers to the matching of a user to an account through previously shared credentials? A. Nonrepudiation B. Digital signing C. Authentication D. Obfuscation 3. Which term refers to an arranged group of algorithms? A. Crypto modules B. Cryptographic service providers (CSPs)...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...