Exin SCNS SCNS Tactical Perimeter Defense Exam Practice Test

What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?

You are training some network administrators to analyze log files. Some of the logs present IP addresses in binary. You explain the usefulness of reading addresses in multiple formats. You demonstrate several conversions between decimal and binary. What is the decimal equivalent of the following binary IP address:

11001111.10001010.01101101.01110001

In your organization a decision has been made to implement a multicasting application. You are configuring your firewall to allow this application to flow through in both directions. What address range are you going to address on the firewall?

The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine that establishes a TCP communication with Node 10, a Windows 2003 Server. The routers are Cisco 2500 series running IOS 11.2.

While working at Node 10, you run a packet capture. Packets received by Node 10, and sent from Node 7 will reveal which of the following combination of source IP and source Physical addresses:

You are configuring the Access Lists for your new Cisco Router. The following are the commands that are entered into the router for the list configuration.

Router(config)#access-list 13 deny 10.10.10.0 0.0.0.255

Router(config)#access-list 13 permit 10.10.11.0 0.0.0.255

Router(config)#access-list 15 deny 10.10.12.0 0.0.0.255

Router(config)#access-list 15 permit 10.10.11.0 0.0.0.255

Router(config)#interface Ethernet 0

Router(config-if)#ip access-group 15 out

Router(config-if)#interface Ethernet 2

Router(config-if)#ip access-group 15 out

Based on this configuration, and using the exhibit, select the answers that identify what the list will accomplish.

You are planning on implementing a token-based authentication system in your network. The network currently is spread out over four floors of your building. There are plans to add three branch offices. During your research you are analyzing the different types of systems. Which of the following are the two common systems token-based authentication uses?

You were recently hired as the security administrator of a small business. You are reviewing the current state of security in the network and find that the current logging system must be immediately modified. As the system is currently configured, auditing has no practical value. Which of the following are the reasons that the current auditing has little value?

During your investigation into wireless security options, you are reading about the 820.11 standards.

What wireless standard is designed to address the security issues of 802.11 networks?

If you capture an 802.11 frame, and the ToDS bit is set to zero and the FromDS bit is set to zero, what type of WLAN is this frame a part of?

In the image, there are two nodes communicating directly, without an access point. In the packet on the right side of the image, the Address 1 field is blank. If this packet is going to the other computer, what is the value that must be filled in this blank address field?

You are configuring a new IDS, running Snort, in your network. To better configure Snort, you are studying the configuration file. Which four of the following are the primary parts of the Snort configuration file?

Your network is going to implement a new network security solution, and as part of this you are configuring IPSec on a Windows Server 2003 machine. Which of the following is the description of the Client (Respond Only) default IPSec Policy?

The exhibit shows a router with three interfaces E0, E1 and S0. Interfaces E0 and E1 are connected to internal networks 192.168.10.0 and 192.168.20.0 respectively and interface S0 is connected to the Internet.

The objective is to allow two hosts, 192.168.20.16 and 192.168.10.7 access to the Internet while all other hosts are to be denied Internet access. All hosts on network 192.168.10.0 and 192.168.20.0 must be allowed to access resources on both internal networks. From the following, select all the access list statements that are required to make this possible.

You are designing a new IPSec implementation for your organization, and are trying to determine your security needs. You need to clearly understand the implementation choices, before you make any changes to the network. Which of the following describes what transport and tunnel modes protect using IPSec?

You are considering your options for a new firewall deployment. At which three layers of the OSI model does a stateful packet filtering firewall operate?

You have been given the task of establishing a new wireless network in your office. What are the two primary types of wireless LAN topologies?

You have just installed a new Intrusion Detection System in your network. You are concerned that there are functions this system will not be able to perform. What is a reason an IDS cannot manage hardware failures?

As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different methods of detection. If an IDS uses the process of matching known attacks against data collected in your network, what is this known as?

You have just installed your new network-based IDS. What kinds of attacks will this system be able to detect?

The main reason you have been hired at a company is to bring the network security of the organization up to current standards. A high priority is to have a full security audit of the network as soon as possible. You have chosen an Independent Audit and are describing it to your coworkers. Which of the following best describes an Independent audit?

You have been given the task of installing a new firewall system for your network. You are analyzing the different implementation options. Which of the following best describes a Single Packet Filtering Device?

During your packet capture of traffic to check if your network is getting hit by a Denial of Service attack, you analyze TCP headers. You notice there are many headers that seem to have the same SEQ number, with the responding computer using different SEQ and ACK numbers in response. If you are analyzing a normal three-way handshake between two Windows 2000 nodes, and the first packet has a SEQ of

0xD36077AF, what will the responding computer use as an ACK?

If you are physically examining the office where your WLAN is configured, what are you performing?

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> 10.0.10.0/24 any (msg: "NULL scan detected"; flags: 0;)

What is the effect of this rule?

You have just installed ISA Server 2006 on a Windows Server in your network, and you are familiarizing yourself with the new firewall. What are the three basic areas of a newly installed ISA Server 2006 firewall?

You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, you find the three default options under the IP Filter List. What are these three default options?

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> 10.0.10.0/24 any (msg: "SYN-FIN scan detected"; flags: SF;)

What is the effect of this rule?

You have decided to install Snort on your Windows Server 2003 and are making changes to the default configuration file. You see the following two lines:

include classification.config

include reference.config

What should these two lines read, after you make your changes, on a default installation?

You are configuring your new IDS machine, and are creating new rules. You enter the following rule:

Alert tcp any any -> any 23 (msg: "Telnet Connection Attempt";)

What is the effect of this rule?

You are going to add another computer to the pool that you use for detecting intrusions. This time you are making a customized Snort machine running on Windows 2000 Professional. Prior to running Snort you must install which of the following programs?

In your office, you are building the new wireless network, and you will need to install several access points. What do wireless access points use to counter multipath interference?

You have been working with Snort, on your Windows Server 2003, for some time as a packet capture tool, and now wish to connect Snort to a database on your server. You install MySQL as the database, and are ready to configure Snort. If the database is named: snortdb1, has a user name of: snort, and a password of: snortpass, what is the configuration line you need to add to Snort?

You are configuring the new Intrusion Detection System at your office. Your CEO asks you what the IDS will do for the organization. You tell the CEO about the three main components of Network Security and explain how an IDS can be used to meet two of those components. What are the two major components of network security that an IDS can meet?

Your company has many different services that go through your ISA Server 2006, and you need to prioritize the network traffic. What does ISA Server 2006 use to prioritize packets?