• Choose a category
• All
• Classic-Fiction

By Root 3333 0

meeting of all administrators has been called at MTS. It appears that an unauthorized user has been routinely entering the network after hours. A response to this intrusion must be formulated by those assembled. What is the process of formulating a reaction to a computer attack officially called?

a. Incident response

b. Evidence gathering

c. Entrapment

d. Enticement

9. Which of the following is not a part of an incident response?

a. Identification

b. Investigating

c. Entrapment

d. Repairing

10. Which protocol is mainly used to enable access to the Internet from a mobile phone or PDA?

a. WEP

b. WTLS

c. WAP

d. WOP

11. Which protocol operates on 2.4GHz and has a bandwidth of 1Mbps or 2Mbps?

a. 802.11

b. 802.11a

c. 802.11b

d. 802.11g

12. You’re outlining your plans for implementing a wireless network to upper management. Suddenly, a paranoid vice president brings up the question of security. Which protocol was designed to provide security to a wireless network and can be considered equivalent to the security of a wired network?

a. WAP

b. WTLS

c. WPA2

d. IR

13. Which of the following is a primary vulnerability of a wireless environment?

a. Decryption software

b. IP spoofing

c. A gap in the WAP

d. Site survey

14. As the administrator for MTS, you want to create a policy banning the use of instant messaging, but you’re receiving considerable opposition from users. To lessen their resistance, you decide to educate them about the dangers inherent in IM. To which of the following types of attacks is IM vulnerable?

a. Malicious code

b. IP spoofing

c. Man-in-the-middle attacks

d. Replay attacks

15. What is the process of identifying the configuration of your network called?

a. Footprinting

b. Scanning

c. Jamming

d. Enumeration

16. During the annual performance review, you explain to your manager that this year you want to focus on looking at multiple sources of information and determining what systems your users may be using. You think this is a necessary procedure for creating a secure environment. What is the process of identifying your network and its security posture called?

a. Footprinting

b. Scanning

c. Jamming

d. Enumeration

17. When an event is detected when it is happening, it is being detected in:

a. Present time

b. Here-and-now

c. Active time

d. Real time

18. A user calls with a problem. Even though she has been told not to use instant messaging, she has been doing so. For some reason, she is now experiencing frequent interrupted sessions. You suspect an attack and inform her of this. What is the process of disrupting an IM session called?

a. Jamming

b. Broadcasting

c. Incident response

d. Site survey

19. You’ve just received a call from an IM user in your office who visited an advertised website. The user is complaining that his system is unresponsive and about a million web browser windows have opened on his screen. What type of attack has your user experienced?

a. DoS

b. Malicious code

c. IP spoofing

d. Site survey

20. A fellow administrator is reviewing the log files for the month when he calls you over. A number of IDS entries don’t look right to him, and he wants to focus on those incidents. Which of the following terms best describes an occurrence of suspicious activity within a network?

a. Event

b. Occurrence

c. Episode

d. Enumeration

Answers to Review Questions

1. A, B. Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.

2. C. A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.

3. C. Dynamically changing the system’s configuration to protect the network or a system is an active response.

4. A. By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.

5. D. The analyzer function