Quiz answers: What's your infosec IQ?

Answers to the quiz "What's your infosec IQ?"

1.) An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?
The correct answer is: b. Mechanisms put in place to reenact known methods of attack and record system responses.

Answer from the SearchSecurity.com glossary:
Typically, an ID system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to reenact known methods of attack and to record system responses.

<< Back to quiz

2.) Which of the following is the best definition of risk analysis when discussing IT security?
The correct answer is: c. Risk analysis determines what resources you need to protect and quantifies the costs of not protecting them.

Risk analysis is determining what resources you need to protect and quantifying any costs linked to not protecting them, such as loss of data, replacement of equipment, etc. It ranks those risks by level of severity. A vulnerability assessment looks at the likelihood of those risks actually happening.

<< Back to quiz

3.) What type of attacks do some firewalls try to limit by enforcing rules on how long a GET or POST request can be?
The correct answer is: c. Buffer overflow

Answer from OWA may malfunction with some firewalls: Some firewalls have standing rules about how long a GET or POST request can be as a way of limiting possible buffer-overflow attacks through massively lengthy or malformed URLs.

<< Back to quiz

4.) What happens if you digitally sign and inject a footer on an e-mail message in the wrong order?
The correct answer is: c. The footer will invalidate the signature.

According to E-mail Security School guest instructor Joel Snyder:
Injecting a footer into a message after it is signed by the sender will invalidate the digital signature.

<< Back to quiz

5.) Which is the correct set of network components that need to be available for the Internet-facing network card of a dual-homed IIS Web server running on Windows 2000?
The correct answer is: c. Internet Protocol (TCP/IP)

The only service you need to run for IIS on the Internet facing network card is the Internet Protocol (TCP/IP). You have two network cards in a dual-homed systems and the internal-facing card requires the Internet Protocol (TCP/IP) and Client for Microsoft Networks. This instance of Client for Microsoft Networks is sufficient to allow IIS to run. All other protocols and services, such as File and Printer Sharing for Microsoft Networks should not be enabled.

<< Back to quiz

6.) What firewall topology utilizes a triple-homed firewall?
The correct answer is: c. Screened subnet

Answer from Choose the right firewall topology:
"The second option, the use of a screened subnet, offers additional advantages over the bastion host approach. This architecture uses a single firewall with three network cards (commonly referred to as a triple homed firewall)."

<< Back to quiz

7.) What is the difference between a network vulnerability assessment and a penetration test?
The correct answer is: c. A penetration test exploits vulnerabilities, and a vulnerability assessment finds vulnerabilities.

A vulnerability assessment looks for the holes in an environment, which can be vulnerable services running, unpatched systems, misconfigurations, open ports, etc. Although vulnerability scanning tools are different in many ways, they all do this same basic functionality. If a company wants to know that the vulnerability is truly a threat and understand the depth of the vulnerability, the vulnerability will need to be exploited. The activity of exploiting vulnerabilities with the purpose of proving that an intruder can enter the environment through a specific vulnerability is called a penetration test. Most vulnerability scanning assessment tools have penetration testing capabilities that can be calibrated through configurations.

<< Back to quiz

8.) What differentiates a pop-up download from a drive-by download?
The correct answer is: b. A pop-up download asks the user's permission before downloading a program to their computer.

Answer from the SearchSecurity.com glossary:
A pop-up download (sometimes called a download pop-up) is a pop-up window that asks the user to download a program to their computer's hard drive. (Read the rest of the definition.)

<< Back to quiz

9.) Which of the following vulnerabilities allows an attacker to take control of IIS?
The correct answer is: d. All of the above

This answer is from the Checklist of known IIS vulnerabilities, from Lesson 1 of SearchSecurity.com's Web Security School.

<< Back to quiz

10.) What is the purpose of a shadow honeypot?
The correct answer is: c. To randomly check suspicious traffic identified by an anomaly detection system.

Answer from Hybrid honeypots 'shadow' intrusion prevention systems:
"Shadow honeypots," as researchers call them, share all the same characteristics of protected applications running on both the server and client side of a network and operate in conjunction with an ADS. When sensors detect something suspicious, it's sent to the shadow honeypot for further analysis. This reduces the number of false positives immediately generated by the ADS. As a backup, the traffic sent through is randomly checked again by the shadow honeypot to increase accuracy and prevent actual attacks from getting into the network.

<< Back to quiz

This was last published in October 2005

Dig Deeper on Information security certifications, training and jobs