Quiz: Preventing data leaks

A six-question multiple-choice quiz to test your understanding of the content presented by expert Richard Bejtlich in this lesson of SearchSecurity.com's Data Protection Security School.

SearchSecurity.com Security School

This tip is part of SearchSecurity.com's Data Protection Security School lesson, Preventing data leaks. Visit the lesson page for more learning resources.

1. Which of the following is not an equivalent term for events associated with extrusion detection/prevention?

  1. Intellectual property leakage (ILP)
  2. Exception handling
  3. Data exfiltration
  4. Content exposure
  5. Information disclosure / breach

2. Which of the following can not be accomplished with an extrusion detection product that is offline?

  1. Passive inspection of network traffic
  2. Identification of suspicious content
  3. Blocking individual packets/streams as they pass through an interface
  4. Knocking down connections with TCP RST segments
  5. Profiling network traffic

3. Which of the following is not a specialized set of data that could be protected by extrusion detection products?

  1. System calls
  2. Database communications
  3. Instant messaging
  4. Email
  5. Web traffic

4. Which of the following could not be used as an open source extrusion detection tool?

  1. Snort (in inline mode)
  2. SnortSam
  3. L-7 Filter
  4. FWsnort
  5. Encase Enterprise

5. Which of the following statements is true with respect to extrusion detection?

  1. Properly configured Layer 3 and 4 firewalls make extrusion detection/prevention systems unnecessary.
  2. Properly configured application proxies make extrusion detection/prevention systems unnecessary.
  3. Extrusion detection/prevention products acting as passive bridges are reliable enough to place inline.
  4. Extrusion detection/prevention products use a "blacklist" or "deny some, allow all else" approach instead of a "whilelist" or "allow some, deny all else" approach.
  5. Extrusion detection products can dynamically inspect any form of encrypted traffic.

6. Which of the following tools can be used to rebuild the contents of a TCP session?

  1. Darkstat
  2. SANCP
  3. Tcpflow
  4. P0f
  5. Snort

If you answered two or more questions incorrectly, revisit the materials from the lesson Preventing data leaks:

This was last published in May 2007

Dig Deeper on Data loss prevention technology