Pages

Showing posts with label Question. Show all posts
Showing posts with label Question. Show all posts

Wednesday, May 23, 2018

10 Questions on IDS



(1)An organisation has installed a IDS which monitor general patterns of activity and creates the database. Which of the following intrusion detection systems (IDSs) has this feature?

A. Packet filtering

B. Signature-based

C. Statistical-based

D. Neural networks

(2) The component of an IDS that collects the data is:

A. Sensor
B. Analyzer
C. User interface
D. Administration console


(3)Even for normal activity, which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms?

A. Statistical-based
B. Signature-based
C. Neural network
D. Host-based

(4)An IS auditor is reviewing installation of intrusion detection system (IDS). Which of the following is a GREATEST concern?

A. number of non-alarming events identified as alarming
B. system not able to identify the alarming attacks
C. automated tool is used for analysis of reports/logs
D. traffic from known source is blocked by IDS


(5)An organization wants to detect attack attempts that the firewall is unable to recognize. A network intrusion detection system (IDS) between the:

A. Internet and the firewall
B. firewall and organisation’s internal network
C. Internet and the IDS.
D. IDS and internal network


(6) Which of the following is a function of an intrusion detection system (IDS)?
A. obtain evidence on intrusive activity
B. control the access on the basis of defined rule
C. blocking access to websites for unauthorised users
D.preventing access to servers for unauthorised users




(7) Which of the following is the most routine problem in implementation of intrusion detection system (IDS)?

A. instances of false rejection rate.

B. instances of false acceptance rate.

C. instances of false positives.

D. denial-of-service attacks.




(8)Attempts of intrusion attacks and penetration threat to a network can be detected by which of the following by analysing the behaviour of the system?

A. Router
B. Intrusion detection system (IDs)
C. Stateful inspection
D. Packet filters




(9) To detect intrusion, BEST control would be:

A.Controlled procedure for granting user access
B.Inactive system to be automatically logged off after time limit.
C.Actively monitor unsuccessful login attempts.
D. Deactivate the user ID after specified unsuccessful login attempts.



(10)An IS auditor reviewing the implementation of IDS should be most concerned if:

A. High instances of false alarm by statistical based IDS.

B.IDS is placed between firewall and internal network.

C.IDS is used to detect encrypted traffic.

D.Signature based IDS is not able to identify new threats.


(1)Correct answer

D. Neural networks

Explanation:
Packet filtering - Packet filtering is a type of firewall and IDS.
Signature based - Signature based IDS identify the Intrusion on the basis of known type of attacks. Such known patterns are stored in form of signature. This is also known as rule based IDS.
Statistical based -Statistical based IDS determine normal (known and expected) behaviour of the system. Any activity which falls outside the scope of normal behaviour is flagged as intrusion.
Neural network -Neural network is similar to statistical based IDS but with added self-learning functionality. IDS monitor the general pattern of activities and create a database.

2.Correct Answer: A. Sensor
Explanation:
Sensors-Collects the data. Data can be in form of network packets, log files etc.
Analyzers -Analyze the data and determine the intrusive activity.
Administration Console -To manage the IDS rules and functions.
User Interface -Enable user to view results and take necessary action.



(3)Correct Answer: A. Statistical-based

Explanation:
Statistical based IDS determine normal (known and expected) behaviour of the system. Any activity which falls outside the scope of normal behaviour is flagged as intrusion. Statistical based IDS is most likely to generate false positive (i.e. false alarm) as compared to other IDS. Since normal network activity may include unexpected behaviour (e.g., frequent download by multiple users), these activities will be flagged as suspicious.

(4)Answer: B. system not able to identify the alarming attacks

Explanation:
Major concern will be of system not able to identify the alarming attacks. They present a higher risk because attacks will be unnoticed and no action will be taken to address the attack. High false positive is a concern but not a major concern. Also, logs/reports are first analyzed by an automated tool to eliminate known false-positives, which generally are not a problem, and an IDS does not block any traffic.


(5)Answer: B. firewall and organisation’s internal network
Explanation:
Placement of Intrusion Detection System:
(1)If a network based IDS is placed between Internet & the firewall, it will detect all the attack attempts (whether or not they enter the firewall).
(2)If a network based IDS is placed between firewall & the corporate network, it will detect only those attack attempts which enter the firewall. (i.e. cases where firewall failed to block the attack)

(6) Answer: A. obtain evidence on intrusive activity
Explanation:
Obtaining evidence on intrusive activity is a function of IDS. Other options are functions of firewall.

(7)Correct answer :C. instances of false positives.

Explanation:
Main problem in operating IDSs is the recognition (detection) of events that are not really security incidents—false positives (i.e. false alarm). Option A & B are the concerns of biometric implementation. Denial of service is a type of attack and is not a problem in the operation of IDSs.


(8) Answer: B. Intrusion detection system (IDs)
Explanation:
IDS determine normal (known and expected) behaviour of the system. Any activity which falls outside the scope of normal behaviour is flagged as intrusion. Router, Stateful inspection and packet filters are types of firewalls designed to block certain types of communications routed or passing through specific ports. It is not designed to discover someone bypassing or going under the firewall.

(9)Answer: C.Actively monitor unsuccessful login attempts.
Explanation: BEST method to detect the intrusion is to actively monitor the unsuccessful logins. Deactivating the user ID is preventive method and not detective. 

(10)Correct answer :C.IDS is used to detect encrypted traffic.

Explanation:
IDS cannot detect attacks which are in form of encrypted traffic. So if organisation has misunderstood that IDS can detect encrypted traffic also and accordingly designed its control strategy, then it is major concern.



 
Posted by at No comments:
Labels:

Tuesday, April 10, 2018

Random Questions



01.
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is:
 
A. sequence check. B. key verification.   C. check digit.   D. completeness check.

02.
Which of the following Capability Maturity Model levels ensures achievement of documented process?

A. Repeatable (level 2)   B. Defined (level 3) C. Managed (level 4)   D. Optimizing (level 5)


03.
An IS auditor reviewing the implementation of IDS should be most concerned if:

A. High instances of false alarm by statistical based IDS.
B.IDS is placed between firewall and internal network.
C.IDS is used to detect encrypted traffic.
D.Signature based IDS is not able to identify new threats.
 
04.
Which of the following is the most routine problem in implementation of intrusion detection system (IDS)?

A. instances of false rejection rate.
B. instances of false acceptance rate.
C. instances of false positives.
D. denial-of-service attacks.














Answers:

01. B. key verification.

02. B. Defined (level 3)

 03. C (IDS cannot detect attacks which are in form of encrypted traffic)

04. C. instances of false positives.
Posted by at No comments:
Labels:

Tuesday, March 6, 2018

Domain-5 Questions Set02

  • 20. 
    Which of the following technique is more relevant to test wireless (Wi-Fi) security of an organization?
    • A. 
      A. WPA-2
    • B. 
      B. War dialling
    • C. 
      C. War driving
    • D. 
      D. Social Engineering
    •  
  • 21. 
    Which of the following should be a concern to an IS auditor reviewing a wireless network?
    • A. 
      A. System hardening of all wireless clients.
    • B. 
      B. SSID (service set identifier) broadcasting has been enabled.
    • C. 
      C. WPA-2 (Wi-Fi Protected Access Protocol) encryption is enabled.
    • D. 
      D. DHCP (Dynamic Host Configuration Protocol) is disabled at all wireless access points.
    •  
  • 22. 
    Dynamic Host Configuration Protocol (DHCP)is disabled at all wireless access points. Which of the following statement is true when DHCP is disabled for wireless networks?
    • A. 
      A. increases the risk of unauthorized access to the network.
    • B. 
      B. decreases the risk of unauthorized access to the network.
    • C. 
      C. automatically provides an IP address to anyone.
    • D. 
      D. it disables SSID (Service Set Identifier).
    •  
  • 23. 
    Best method to ensure confidentiality of the data transmitted in a wireless LAN is to:
    • A. 
      A. restrict access to predefined MAC addresses.
    • B. 
      B. protect the session by encrypting with use of static keys.
    • C. 
      C. protect the session by encrypting with use dynamic keys.
    • D. 
      D. initiate the session by encrypted device.
    •  
  • 24. 
    Usage of wireless infrastructure for use of mobile devices within the organization, increases risk of which of the following attacks?
    • A. 
      A. Port scanning
    • B. 
      B. Social Engineering
    • C. 
      C. Piggybacking
    • D. 
      D. War driving
    •  
  • 25. 
    For man-in-the-middle attach, which of the following encryption techniques will BEST protect a wireless network?
    • A. 
      A. Wired equivalent privacy (WEP)
    • B. 
      B. MAC-based pre-shared key (PSK)
    • C. 
      C. Randomly generated pre-shared key (PSK)
    • D. 
      D. Service set identifier (SSID)
    •  
  • 26. 
    The most robust configuration in firewall rule base is:
    • A. 
      A. Allow all traffic and deny the specified traffic
    • B. 
      B. Deny all traffic and allow the specified traffic
    • C. 
      C. Dynamically decide based on traffic
    • D. 
      D.Control traffic on the basis of discretion of network administrator.
    •  
  • 27. 
    A packet filtering firewall operates on which layer of following OSI model?
    Discuss
    • A. 
      A. Network layer
    • B. 
      B. Application layer
    • C. 
      C. Transport layer
    • D. 
      D. Session layer
    •  
  • 28. 
    Which of the following would be the MOST secure firewall system implementation?
    • A. 
      A. Screened-host firewall
    • B. 
      B. Screened-subnet firewall
    • C. 
      C. Dual-homed firewall
    • D. 
      D. Stateful-inspection firewall
    •  
  • 29. 
    Which of the following types of firewalls provide the MOST secured environment?
    • A. 
      A. Statefull Inspection
    • B. 
      B. Packet filter
    • C. 
      C. Application gateway
    • D. 
      D. Circuit gateway
    •  
  • 30. 
    An organization wants to protect a network from Internet attack. Which of the following firewall structure would BEST ensure the protection?
    • A. 
      A. Screened subnet firewall
    • B. 
      B. Screened host firewall
    • C. 
      C. Packet filtering router
    • D. 
      D. Circuit-level gateway
    •  
  • 31. 
    The firewall that allows traffic from outside only if it is in response to traffic from internal hosts, is
    • A. 
      A. Application level gateway firewall
    • B. 
      B. Stateful Inspection Firewall
    • C. 
      C. Packet filtering Router
    • D. 
      D. Circuit level gateway
    •  
  • 32. 
    An organization with the objective of preventing downward of file through FTP (File Transfer Protocol) should configure which of the firewall types ?
    • A. 
      A. Stateful Inspection
    • B. 
      B. Application gateway
    • C. 
      C. Packet filter
    • D. 
      D. Circuit gateway
    •  
  • 33. 
    An organization wants to connect a critical server to the internet. Which of the following would provide the BEST protection against hacking?
    • A. 
      A. Stateful Inspection
    • B. 
      B. A remote access server
    • C. 
      C. Application-level gateway
    • D. 
      D. Port scanning
    •  
  • 34. 
    An IS auditor should be most concern about which of the following while reviewing a firewall?
    • A. 
      A. Properly defined security policy
    • B. 
      B Use of latest firewall structure with most secure algorithm.
    • C. 
      C. The effectiveness of the firewall in enforcing the security policy.
    • D. 
      D. Technical knowledge of users.
    •  
  • 35. 
    An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:
    • A. 
      A. exposure is greater, since information is available to unauthorized users.
    • B. 
      B. operating efficiency is enhanced, since anyone can print any report at any time.
    • C. 
      C. operating procedures are more effective, since information is easily available.
    • D. 
      D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among users.
    •  
  • 36. 
    Security administration procedures require read-only access to:
    • A. 
      A. access control tables.
    • B. 
      B. security log files.
    • C. 
      C. logging options.
    • D. 
      D. user profiles.
    •  
  • 37. 
    Which of the following would MOST effectively reduce social engineering incidents?
    • A. 
      A. Security awareness training
    • B. 
      B. Increased physical security measures
    • C. 
      C. E-mail monitoring policy
    • D. 
      D. Intrusion detection systems
    •  
  • 38. 
    Disabling which of the following would make wireless local area networks more secure against unauthorized access?
    • A. 
      A. MAC (Media Access Control) address filtering
    • B. 
      B. WPA (Wi-Fi Protected Access Protocol)
    • C. 
      C. LEAP (Lightweight Extensible Authentication Protocol)
    • D. 
      D. SSID (service set identifier) broadcasting
    •  
  • 39. 
    During an audit of a telecommunications system, the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
    • A. 
      A. encryption.
    • B. 
      B. callback modems.
    • C. 
      C. message authentication.
    • D. 
      D. dedicated leased lines.
    •  
  • 40. 
    To ensure compliance within security policy requiring that passwords be a combination of letters and numbers, the IS auditor should recommend that:
    • A. 
      A. the company policy be changed.
    • B. 
      B. passwords be periodically changed.
    • C. 
      C. an automated password management tool be used.
    • D. 
      D. security awareness training be delivered.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)