Intrusion Defense School Entrance Exam

Intrusion Defense School Entrance Exam

Intrusion Defense School

Begin the first lesson:

Webcast: Intrusion defense: How to keep the perimeter secure

Article: The role of key technologies in intrusion defense

Return to Intrusion Defense School
1. Which of these technologies does Unified Threat Management (UTM) complement?
  1. Antispam
  2. Antiphishing
  3. Antivirus
  4. Compliance
2. What type of intrusion defense tool specifically looks for malware propagation signs and uses that information to help isolate infected systems?
  1. NBAD systems
  2. Desktop antivirus
  3. Perimeter antivirus
  4. Intrusion detection systems
3. Intrusion defense is predicated on what technology?
  1. SIM/SEM
  2. IDS
  3. IPS
  4. Firewall
4. Rate-based IPSes are also marketed as what?
  1. Bandwidth management tools
  2. DoS and DDoS defense tools
  3. NBAD systems
  4. Content filtering tools
5. In-line antivirus scanners, typically incorporated into firewalls, look at what kind of traffic?
  1. Incoming and outgoing SMTP traffic
  2. Mail protocol (POP and IMAP) traffic
  3. Web (HTTP) traffic
  4. All of the above
6. Why haven't NBAD systems become a popular means of catching spam when they could do so in much the same way they can detect phishing attacks?
  1. Damage to the user as a result of spam is not considered significant.
  2. Tools that specifically target spam have already become widely used.
  3. The NBAD system can't tell the difference between spam and phishing attacks.
  4. Phishing, in terms of identity theft, is considered an end-user problem, where spam can have a greater impact on bandwidth and affect the enterprise.
7. What role do both reputation-based and heuristic-based antivirus scanners play in an enterprise antivirus strategy?
  1. They replace traditional virus scanners.
  2. They are adjuncts to traditional virus scanners.
  3. The technologies have not yet developed to the point of making them a viable part of an AV strategy.
8. Which of the following is true of firewalls/UTM?
  1. Firewalls/UTM are as effective as an edge e-mail security appliance at catching viruses.
  2. Firewalls/UTM are as effective as an edge proxy server at catching spyware.
  3. Firewalls/UTM catch infected systems by behavioral anomaly.
  4. Firewalls/UTM fail to catch threats that "go around" other devices.
9. Which of the following technologies can you depend on unified threat management to provide?
  1. Antispam
  2. Content filtering
  3. Compliance
  4. Intrusion prevention
10. Which of the following is a drawback to in-line antivirus scanners?
  1. Performance issues make it nearly impossible to scan all traffic coming into all ports.
  2. They look at only incoming and outgoing SMTP traffic.
  3. Because they are not as flexible or reliable as standalone AV, they are not worth the effort to deploy.
  4. None of the above.

Check your score

  • 9-10 correct: You're an intrusion defense master. Stay a step ahead of your peers and visit Lesson 5 for a glimpse at the future of intrusion defense.
  • Less than 8 correct: You're an intrusion defense amateur. Start with a lesson in network perimeter security basics and proceed through Intrusion Defense School at your own pace.

    • SearchSecurity.com members who attend all five 20-minute Intrusion Defense School webcasts receive a certificate of completion. CISSPs and SSCPs are also eligible to earn CPE credits from (ISC)².

    This was first published in April 2006

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top