1.) An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?
a. Inspection of password files to detect inadvisable passwords
b. Mechanisms put in place to reenact known methods of attack and record system responses
c. Inspection of system to detect policy violations
d. Inspection of configuration files to detect inadvisable settings
2.) Which of the following is the best definition of risk analysis when discussing IT security?
a. Risk analysis looks at the probability that a hacker may break in to your system.
b. Risk analysis looks at the probability that your security measures won't stop a hacker breaking in to your system.
c. Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.
d. Risk analysis looks at the probability that a vulnerability exists in your system.
e. Risk analysis looks at the consequences of being connected to the Internet.
3.) What type of attacks do some firewalls try to limit by enforcing rules on how long a GET or POST request can be?
b. Denial of service
c. Buffer overflow
4.) What happens if you digitally sign and inject a footer on an e-mail message in the wrong order?
b. The message won't be sent.
c. The footer will invalidate the signature.
d. The footer will be illegible.
5.) Which is the correct set of network components that need to be available for the Internet-facing network card of a dual-homed IIS Web server running on Windows 2000?
a. Client for Microsoft Networks, File and Printer Sharing for Microsoft Networks, Internet Protocol (TCP/IP)
b. Client for Microsoft Networks, Internet Protocol (TCP/IP)
c. Internet Protocol (TCP/IP)
d. File and Printer Sharing for Microsoft Networks, Internet Protocol (TCP/IP)
e. None of the above
6.) What firewall topology utilizes a triple-homed firewall?
a. Series circuit
b. Bastion host
c. Screened subnet
d. Dual firewalls
7.) What is the difference between a network vulnerability assessment and a penetration test?
a. A penetration test identifies running services, and vulnerability assessments provide a more in-depth understanding of vulnerabilities.
b. A penetration test enumerates resources, and a vulnerability assessment enumerates vulnerabilities.
c. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities.
d. They are one in the same.
8.) What differentiates a pop-up download from a drive-by download?
a. A pop-up download is a program that automatically downloads to the user's computer.
b. A pop-up download asks the user's permission before downloading a program to their computer.
c. A pop-up download is frequently installed with another application.
d. A pop-up download is carried out invisibly to the user.
9.) Which of the following vulnerabilities allows an attacker to take control of IIS?
a. ISAPI Extension buffer overflows
b. Microsoft Server Message Block vulnerability
c. Windows License Logging Service overflow
d. All of the above
10.) What is the purpose of a shadow honeypot?
a. To flag attacks against known vulnerabilities.
b. To help reduce false positives in a signature-based IDS.
c. To randomly check suspicious traffic identified by an anomaly detection system.
d. To enhance the accuracy of a traditional honeypot.
This was first published in October 2005