Question

1. What would these iptables rules do?

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT

		Allow web server traffic
		Block web server traffic
		Force port 80 traffic to port 443
		Allow traffic from both 80 and 443 using UDP protocols

2. Timestamps are important because

		can not be changed or deleted by attackers
		when configured properly, allows you to correlate events across the network
		can always be used to attribute actions to a user
		are always synced by NTP servers to ensure accuracy

3. The softest target for an attacker is usually the

		router
		firewill
		operating system
		the user

4. The most basic snort rule:

alert tcp any any -> any any (msg:"Sample Alert"; sid:00001;)

Would alert on what condition

		Only packets containing "Sample Alert"
		All TCP connections
		All UDP connections
		Only packets containing "00001"

5. Honeypots can perform all of the following roles except

		Intrusion Prevention
		Intelligence gathering
		Warnings and Indicator collection
		Forensic capabilities

6. Unix systems typically execute instructions in one of two general contexts: the kernel or the root user.

True

False

7. The NTLM hashes that are dumped from the windows machines can reveal user passwords.

True

False

8. Which of the following is not a Unix permission?

		Read
		Write
		Delete
		Execute

9. All TCP packets are IP packets, but all IP packets are not TCP packets

True

False

10. The payload, in relation to viruses and worms, is the:

		part of the malware that is used to hide itself from antivirus and intrusion detection systems.
		legitimate program that the malware hijacks
		data in a ICMP packet
		malicious code that is executed on a compromised host

11.  Signature Detection requires a baseline of the network to ensure accuracy.

True

False

12.A poorly written signature that fails to generate an alert would be considered a:

		False Positive
		False Negative
		Positive Negative
		Negative Positive

13. A Snort alert does not generate a log.

True

False

14. In Antivirus Software, Heuristic detection looks for things like anomalies, Signature based detection uses content matches.

True

False

15. Web-based attacks offer NO significant advantages for attackers

True

False

16. What is Two Factor Authentication?

		Cisco's new IDS platform.
		A technique used to store passwords on a machine.
		The process in which DPI ensures accurate detection.
		A method that requires a user to initiate two separate challenges in order to obtain access. Usually Something you have and something you know.

Answer 1

Allow traffic from Both 80 and 443 using UDp Protocols 2) When Configured Properly allows you to create correlate events across the Network 3) Operating System 4) An TCP Connections 5) Intelligence gathering 6) True 7) True 8) Delete 9) false 10) malicious code that is Executed on a compromised host 11) True 12) False Negative 13) False 14) True 15) False 16) A Method that Vequrren a user to initiate two Separate chalec in order to obtain access Usally something you have & something you know