2. These Types of IDS S Look for Known Malicious Commands Or Data in a Network Packets Payload

Name:

Test 3

Section 1 (60 pts.)

1. What firewall technology performs bandwidth management and allows the administrator to prioritize some types of network traffic over other types to ensure it gets through to the destination?

A. NAT

B. Qos

C. PAT

D. MAC

2. These types of IDS’s look for known malicious commands or data in a network packets payload.

A. Anomaly-Detection

B. Buffer Overflow-Detection

C. Signature-Detection

D. DDOS-Detection

3. With this type of NAT, multiple computers on the inside of a firewall can share a pool of outside global addresses. However, you are limited to the total number of global addresses for different inside computers being able to talk at the same time.

A. Dynamic NAT

B. Static NAT

C. PAT

D. DAT

4. This type of VPN allows users to work from a remote location as if they were physically in an office.

A. PC

B. SD

C. RA

D. L2L

5. This is currently the most popular VPN protocol. It requires VPN client software to be installed on a client that wants to connect to the VPN.

A. IPSec

B. PPTP

C. L2TP

D. SSL

6. Based on the coverage pattern, what type of wireless antenna is this?

A. Hyper Directional

B. Semi Directional

C. Yagi

D. Omni Directional

7. This wireless radio technology refers to wide-frequency and low-power transmission signals.

A. InSSID

B. Spread Spectrum

C. Narrowband

D. ACM

8. OSSEC, the IDS that we installed as a lab in class, is an example of what type of IDS?

A. Host based IDS

B. Network based IDS

C. Security Onion based IDS

D. Transistor based IDS

9. What is one way that attackers may try to bypass a signature based IDS?

A. Changing the date on the packet

B. Launching a “Hail Mary” attack in Metasploit

C. Using Nessus to check for vulnerabilities

D. Encoding the data in a non-ASCII format

10. At what OSI model layer is filtering by TCP/UDP ports considered to take place?

A. 3

B. 4

C. 5

D. 7

11. When using this VPN protocol and mode both the IP header and the payload data are encrypted.

A. IPSec transport mode

B. IPSec tunnel mode

C. SSH transport mode

D. SSH tunnel mode

12. This is the type of spread spectrum that is used by 802.11 compatible wireless networks.

A. FHSS

B. BHSS

C. QSSS

D. DSSS

13. True / False: The first generation of firewalls were able to keep up with active network sessions which put their functionality at layer 4.

14. This type of firewall is capable of handling more than just ip and port blocking, it also handles anti-virus, anti-spam, web content filtering, intrusion detection, and malware blocking.

A. DNS

B. Snort

C. OSSEC

D. UTM

15. This VPN technology allows a user to browse the Internet as well as using the corporate VPN at the same time.

A. Bifurcation bending

B. Signal Streaming

C. Split Tunneling

D. Breaking Banter

16. True / False: By default, most VPN’s place the user at the outside edge of the firewall once they have logged in. Then the user still goes through the same Access Control List that other outside users go through, the difference is that the communication is encrypted.

17. Given the standard 802.11b/g frequency range, what 3 channels can be used in the same area and not have frequency overlap? (Select 3)

A. 1

B. 5

C. 6

D. 8

E. 10

F. 11

G. 15

H. 16

18. This technology term refers to the practice of a wireless access point receiving an ACK for every successful transmission. The purpose of this is to avoid collisions on the wireless network and to allow everyone to have a chance to talk on the network.

A. MCSE/A+

B. CCNA/SC

C. CISSP/MA

D. CSMA/CA

19. In order for your network based IDS to receive and process packets that were originally intended for other hosts, 2 conditions must be met, what are they? (Select 2)

A. The network card must be in promiscuous mode

B. The SMTP network driver must be installed in the kernel

C. The TCP/IP stack must be properly reversed so that the network card will recognize it

D. You must have a SPAN/mirror port setup on the switch (or you can use a hub instead)

20.What is the main difference between an IDS and an IPS?

A. IDS’s use databases while IPS’s do not

B. IDS’s use DNS while IPS’s do not

C. IPS’s try to block attacks while IDS’s merely alert to their presence

D. IDS’s try to block attacks while IPS’s merely alert to their presence

Section 2 (40pts.) (Short Answer)

1. Explain Static NAT, Dynamic NAT, and PAT and a usage scenario for each.

2. List 4 client checks commonly used to secure remote access VPNs.

3. Describe what client isolation on a wireless network means and why is this useful in securing a wireless network.

4. Explain the difference between anomaly-detection IDSs and signature-detection IDSs. List an advantage and a disadvantage for each.