Network Defense and Countermeasures

Attack Types

Defense Strategies

Attacker Techniques

Policies and Standards

Defense Tools

100

What is a software that self-replicates?

Virus

100

Scanning using a rules-based approach is considered what type of scanning?

Heuristic

100

True or False a connect scan is the most reliable type of scan?

True

100

What should someone do first is they believe their password has been exposed online?

Change their password immediately.

100

What protects the actual packet data in IPsec?

ESP

200

Taking control of the communication link between two machines best describes what type of hacking action?

session hacking/hijacking

200

The most common method of virus propagation is through what?

Email attachments

200

Trying to identify the machines on a target network is called ______.

Enumerating

200

What is the most important characteristic all user policies must have in order to be effective?

They must have consequences.

200

PPTP is based on what earlier protocol?

PPP

300

Sending a packet that appears to come from a trusted IP address.

IP Spoofing

300

A database containing system settings describes what?

The Registry

300

The tool OphCrack does what?

Retrieves Windows passwords

300

What is the first step after discovering a machine or machines have been infected with a virus?

Quarantine infected machines

300

In a network is several workstations and servers, what devices would be best for managing logs from all devices?

SIEM

400

What DoS attack is based on leaving connections half open?

SYN Flood

400

What level of privileges should all users have?

Least Possible

400

When sending a SYN packet to an open port, what is the correct response?

SYN/ACK

400

Which security model (Clark-Wilson, Bell-LaPadula, Biba) prevents transactions from inadvertently altering secure data?

Clark-Wilson

400

IDS is an acronym for:

Intrusion-detection system

500

One recommended configuration for a firewall that is used to defend against DoS attacks is what?

Block ICMP packets from outside of the network

500

What number of account lockout attempts does the NSA recommend?

3 Tries

500

You scan a target network to find port 445 open and active. What does this tell you?

The system uses Windows

500

What is a Chinese wall, in the context of business practices?

A barrier to information flow

500

A system that is set up for attracting and monitoring intruders is called what?

Honeypot