CertiGuide to Security+  9  Chapter 7:  Practice Exam Answers

Answers to Questions 51-55 1 Answers to Questions 61-65

56. An internal (private) network that uses TCP/IP protocols and services is called a

A. Internet

B. Extranet

C. Intranet

D. No choice is correct

Explanation: Intranets are micro-versions of the Internet that use the same technologies as the Internet, simplifying installation and maintenance. An extranet is an extension of a company's intranet to its business partners. An internet is an Internetwork of networks, generally one that is not controlled by any central authority.

& Section 3.3.1.2: Intranet

57. Packet scanning a network for known attack signatures is called

A. Network based IDS

B. Host based IDS

C. VPN

D. IPSec

Explanation: "Monitors all network traffic passing on the segment where the agent is installed, reacting to any anomaly or signature based suspicious activity. Basically this is a packet sniffer with attitude. They come in the guise of appliance-based products that you just plug in and it goes, to software that installed on off the shelf computers. Depending on your LAN speeds they don't necessarily have to be hi spec PCs. They analyze every packet for attack signatures, or look for anomalies within the protocol." -- networkintrusion.co.uk

Host-based IDS looks only at a single host, not the entire network's traffic.

& Section 3.4.1: Network based (Intrusion Detection)

58. A active NIDS can do what that a passive system cannot

A. Trigger events such as drop the connection

B. Log the event

C. Both are correct

D. Neither choice is correct

Explanation: An active NIDS can take rule-based actions. (And an attacker can make a poorly configured Active NIDS create a self-inflicted DoS)

Both active and passive NIDS can log events.

& Section 3.4.1.1: Active Detection (Network Based Intrustion Detection)

59. What is your 1st step if you suspect an illegal intrusion has occurred?

A. Secure devices

B. Shut down systems

C. Alert senior management

D. All choices are correct

Explanation: Never turn a system off, if possible. Secure devices by disconnecting the network cable. Turning off a system can lose valuable data in RAM. The next step is to notify senior management and get help.

& Section 3.4.4: Incident Response

60. Classic ON/NOS hardening includes:

A. Disabling unneeded protocols and services

B. Applying patches

C. Monitoring email and web sites for new issues

D. All choices are correct

E. Apply BIOS changes

Explanation: This one is pretty self-explanatory. Some good web links for different operating systems

& Section 3.5.1: OS/NOS hardening

& Section 3.5.2: Network Hardening

Answers to Questions 51-55 1 Answers to Questions 61-65