Which of the following tools allows an attacker to intentionally craft the packets to gain unauthorized access?
Each correct answer represents a complete solution. (Choose two.)
A. Tcpdump
B. Ettercap
C. Fragroute
D. Mendax
Which of the following types of Intrusion Detection Systems consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state?
A. APIDS
B. PIDS
C. NIDS
D. HIDS
Which of the following modules registers DNAT-based and SNAT-based transformations?
A. iptable_raw
B. iptable_nat
C. iptable_mangle
D. iptable_filter
You work as a Forensic Investigator.
Which of the following rules will you follow while working on a case?
Each correct answer represents a part of the solution. (Choose all that apply.)
A. Follow the rules of evidence and never temper with the evidence.
B. Prepare a chain of custody and handle the evidence carefully.
C. Never exceed the knowledge base of the forensic investigation.
D. Examine original evidence and never rely on the duplicate evidence.
You work as a Network Administrator for a bank. For securing the bank's network, you configure a firewall and an IDS. In spite of these security measures, intruders are able to attack the network. After a close investigation, you find that your IDS is not configured properly and hence is unable to generate alarms when needed.
What type of response is the IDS giving?
A. False Negative
B. False Positive
C. True Positive
D. True Negative
Sam works as a Network Administrator for Gentech Inc. He has been assigned a project to develop the
rules that define the IDP policy in the rulebase.
Which of the following will he define as the components of the IDP policy rule?
Each correct answer represents a complete solution. (Choose all that apply.)
A. IDP Profiler
B. IDP rule notifications
C. IDP rule IP actions
D. IDP appliance deployment mode
The general form of the Cisco IOS is a.b.c.de.
Which of the following indicates the major version number of the Cisco IOS?
A. b
B. a
C. e
D. d
Which of the following commands will you use with the tcpdump command to capture the traffic from a filter stored in a file?
A. tcpdump -F file_name
B. tcpdump -D file_name
C. tcpdump -A file_name
D. tcpdump -X file_name
Your customer is concerned about security. He wants to make certain no one in the outside world can see the IP addresses inside his network.
What feature of a router would accomplish this?
A. Firewall
B. Port forwarding
C. NAT
D. MAC filtering
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple small-sized packets to the target computer. Hence, it becomes very difficult for an IDS to detect the attack signatures of such attacks.
Which of the following tools can be used to perform session splicing attacks?
Each correct answer represents a complete solution. (Choose all that apply.)
A. Y.A.T.
B. Fragroute
C. Whisker
D. Nessus