3D053 Vol 2

1. The disadvantage of a network-based intrusion detection system (NIDS) is that it

Cannot analyze encrypted packets because it has no method for decrypting the data

Monitors log files for inadvisable settings or passwords

Monitors traffic on the network on which it is installed

Consumes very few network resources

2. What was the previous name for what is now called the McAfee Firewall Enterprise?

Sidewinder

Death Star

Blue Coat

Viper

3. The disadvantage of a host-based intrusion detection system (HIDS) is that it

Can analyze any encrypted data if it is decrypted before reaching the target host

Consumes resources on the host resides on and slows the device down

Monitors log files for inadvisable settings or passwords

Monitors traffic on the host which it is installed

4. Which port range constitutes well-known ports?

0-1023

1024-23535

23536-49151

49152-65535

5. Integration of the capabilities of personnel, operations, and technology, and the evolution to network centric warfare best describes what concept?

Firewalls

Information condition (INFOCON)

Security tools

Defense in depth

6. What is the default read community string of a simple network management protocol (SNMP) agent?

Private

Public

Secure

Unsecure

7. Which firewall management interface menu option views the association between MAC addresses on the firewall and its corresponding internet protocol (IP) address?

Address Resolution Protocol (ARP)

Getroute

Ping host

Traceroute

8. In which type of port scan does the scanner connect to the same port on more than one machine?

Strobe

Sweep

Stealth

Vanilla

9. Message that are sent to the person administering a mail system are generally addressed to

Domain.admin

Administrator

Postmaster

Mail-host

10. When the cached information is verified to be up-to-date, the proxy has ensured information?

Currency

Freshness

Timeliness

Authenticity

11. Who owns the Enterprise Telephony Management system?

Unix

McAfee

Microsoft

SecureLogix

12. To limit the risks associated with using simple network management protocols (SNMP),

Use access control lists on SNMP agents to accept SNMP messages from all SNMP managers

Keep devices requiring SNMP together with those that do not through VLANs

Disable all SNMP devices/services if not required

Enable the set community strings if possible

13. Restricting what traffic travels in and out of the network best describes what concept?

Firewalls

Internet Security Scanner

Security tools

Defense in depth

14. When using secure split mail services, all external simple message transfer protocol (SMTP) hosts will connect to the firewall's

Local servers

Non-internet server

Internal sendmail server

External sendmail server

15. Which access control list (ACL) restricts packets into or out of a given layer 3 interface?

Port Access Control (PACL)

Router Access Control List (RACL)

Virtual Local Area Network Access Control List (VACL)

Firewall Access Control List (FACL)

16. Above which layer of the open systems integration (OSI) model are protocols designed to reside?

Presentation

Transport

Network

Session

17. Voice Protection System (VPS) reports provides full-service reporting package that enables you to do all the following except

View telecom resource use

Track phone network usage

Provide conversation transcripts

Report on service performance and call quality

18. Which flexible command line can be used to gather information form domain name servers (DNS)?

NSlookup

Server

Yype

Dig

19. A firewall burb can best be defined as

A network stack

A security policy

A set of one or more interfaces

A particular installation of a firewall

20. While monitoring your network, a guideline you should remember is to

Observer regular network traffic and look for anomalies

Review logs and network statistics at least annually

Set triggers for unique intrusions

Use a single master intrusion detection system (IDS) product

21. Which name server is the only one that should have changes to domain name server (DNS) data?

Named

Cache-Only

Master/Primary

Slave/Secondary

22. Port Scanning

Is the act of sporadically scanning a computer's ports

Sends out a request to connect to any computer

Notes which ports responded to the scan

Is always malicious in nature

23. Most of the firewall implementations you will encounter will be found at the

Integrated network operation security center (INOSC)

Air Force network operating center (AFNOC)

Based-level

Major command (MAJCOM)

24. What does a firewall support that improves systems performance by lessening the load place on the system kernel?

Domain name server (DNS)

Burbs

Proxies

Fast path sessions

25. For what Berkeley Internet Name Domain (BIND) server type can there be as many servers as needed in a domain?

Named

Cache-Only

Master/Primary

Slave/Secondary

26. The vulnerabilities of voice and data converged networks were highlighted in a report released by the

President's National Security Telecommunications Advisory Committee

Air Force Information Warfare Battlelab

Air Force Network Integration Center

Cryptographic Systems Group

27. Which open source network-based intrusion detection system performs packet logging and real-time traffic analysis as well as protocol analysis, content searching/matching, and active blocking or passive detecting of a variety of attacks and probes?

Snort

Open source security (OSSEC)

Host based security system (HBSS)

Intruder alert (ITA)

28. Which intrusion detection system (IDS) examines servers or client computers for the patterns of an intrusion?

Active IDS

Passive IDS

Host-based IDS

Network-based IDS

29. Which port tool is not used to test your simple network management protocol (SNMP) security?

WU_PingProPackage

SolarWinds

SNMPutil

Security Mapper (SMAP)

30. The use of two or more network interface cards (NIC) best describes which type of firewall?

Network-level

Application-level

Corporate/enterprise

Personal/small office home office (SOHO)

31. Use the high availability shared cluster addresses dialog box to do all the following except

Configure the shared cluster address

Specify or sending and receiving heartbeats

Handle the fastest network traffic on your appliance

Isolate the cluster address from the domain name server (DNS) and default routers

32. What term is used for a domain name server (DNS) architecture when one or more name servers reside behind a firewall, and contain an "inside" hostname and IP address?

Split

Dual

Secure

Generic

33. Which intrusion detection system (IDS) examines traffic for suspicious patterns?

Active IDS

Passive IDS

Hosted-based IDS

Network-based IDS

34. When using an intrusion detection system (IDS), remember to

Update IDS signatures periodically

Deploy one IDS for the entire network

Use a centralized management console for system management

Consider using either a network -based IDS or host-based IDS

35. The integrated network operations and security center (INOSC) has several responsibilities except

Main sole administrative privileges on the firewall

Standardize, configure, back up, and otherwise the firewall

Maintain a single naming/configuration standard for boundary devices

Install patches or perform any upgrade provided by the AF Enterprise Network

36. Active intrusion detection system (IDS) blocks network traffic when it detects an intrusion. Normally, active IDSs are incorporated into

Switches

Firewalls

Routers

Servers

37. Proxies do not

Block unwanted or malicious downloads

Protect copyrighted media and intellectual property

Prevent organizations from obtaining visibility of users

Block webmail and instant messaging (IM) virus propagation

38. When using transparent mail services, the following mail filtering features are available except

Message attachment filtering

Destination address filtering

Command filtering

Header filtering

39. Which network-based security tool is a hardware and software and software system that sits on AF networks "listening" for "suspicious activity" that is characteristic of intruder techniques?

Snort

Automatic Security Incident Measurement (ASIM)

Enterprise Security Manager (ESM)

Internet Security Scanner (ISS)

40. You can implement all of the following security features to help define our internet protocol (IP) telephony systems from attackers except

Consolidating your voice with your data using virtual local area network (VLAN)

Enabling access control lists (ACL) on firewalls, routers, an switches.

Deploying protection from dynamic host configuration protocol (DHCP) spoofing

Enabling port security access to only allow the required devices needed by the client.

41. Which Voice Protection System (VPS) tree pane contains predefined Report Templates, Elements, and Date Ranges provided with your system?

User

PUBLIC

SecureLogix

Administrators

42. What is the default firewall shutdown option?

Halt system

Power down system

Reboot to operational kernel

Shutdown to emergency maintenance mode

43. Which Berkeley Internet Name Domain (BIND) system file provide reverse mapping?

Resource records

Pointer (PTR) records

Zone records

Root cache

44. Which intrusion detection system (IDS) monitors packets for protocol anomalies and known virus signatures?

Active IDS

Passive IDS

Host-based IDS

Network-base IDS

45. Which Voice Protection System (VPS) application generates reports of VPS system activity, policy processing, telecom cost accounting, and resource utilization?

Performance Manager

Directory Manager

System Console

Usage Manager

46. Which type of firewall is typically used when speed is essential?

Network-level

Application-level

Corporate/enterprise

Personal/small office home office (SOHO)

47. Who approves or disapproves IS (including software and services) connections to the Air Force Global Information Grid (AF GIG) and accepts any risk created by the approved connections?

Air Force Network Operations Command (AFNetOps/CC)

Air Force Information Warfare Center/Information Operations Directorate (AFIWC/IO)

Air Force Network Operations Center (AFNOC)

23 Information Operations Squadron (IOS)

48. Which mail system components sends or retrieves mail between the other agents using specific protocols?

Transport agent

Delivery agent

Security agent

User agent

49. Which McAfee Firewall Enterprise management interface is the graphical software that runs a windows computer within your network?

Control center

Admin console

Command center

Command-line interface (CLI)

50. During the initial research for voice system security, who recognized that the most common security threats could be addressed by voice protection systems (VPS)?

President's National Security Telecommunications Advisory Committee

The Air Force Information Warfare Battlelab

The Air Force Network Integration Center

The Cryptographic Systems Group

51. Which intrusion detection system (IDS) uses software sensors?

Active IDS

Passive IDS

Host-based IDS

Network-based IDS

52. Which proxy is located near the web server and acts as an intermediary between a web server and the internet?

Reverse proxy

Forward proxy

Application proxy

Software-based proxy

53. What severity code applies to any vulnerability that provides information that gives an unauthorized person the means to circumvent security controls?

I

II

III

IV

54. Which Voice Protection System (VPS) application provides allows you to view real-time monitoring and policy processing, view system diagnostics, and the VPS rules-based policy applications?

Performance Manager

Directory Manager

System Console

Usage Manager

55. Which firewall shutdown option is useful if you need to connect directly to the firewall to access the basic input/output systems (BIOS)?

Halt system

Power down system

Reboot to operational kernel

Shutdown to emergency maintenance mode

56. Which is not a category of software package available today used that is used to detect and monitor network activity?

Intrusion detection

Packet-capture

Filters/triggers

Firewalls

57. All of the following are characteristics and capabilities of a Voice Protection System (VPS) except

Securing communications

Enabling of real-time event notifications

Centralizing yet distributing management

Detecting and blocking all inbound and outbound modem connections

58. All of the following are Voice Protection System (VPS) policy types except

Intrusion Protection System (IPS)

Voice

Firewall

Recording

59. Which email server relays all email entering or exiting the local network?

Exchange server

Sendmail server

Simple message transfer protocol (SMTP) server

Proxy server

60. Which security tool is designed to manage sensitive data and enforce security policies across a full range of client/server platforms?

Snort

Automatic Security Incident Measurement (ASIM)

Enterprise Security Manager (EDM)

Internet Security Scanner (ISS)

61. In regards to Berkeley Internet Name Domain (BIND) system files, items stored in the domain name server (DNS) database best describes

Resource records

Point (PTR) records

Zone records

Root cache

62. What severity code applies to any vulnerability that, when resolved, will prevent the possibility of degraded security?

I

II

III

IV

63. Which Berkeley Internet Name Domain (BIND) server is responsible for zone transfers?

Named

Cache-Only

Master/Primary

Slave/Secondary

64. Which email server delivers all outgoing email to the mail relay server?

Exchange server

Sendmail server

Simple mail transfer protocol (SMTP) server

Proxy server

65. Who reports all backdoors and unauthorized connections to Air Force networks discovered during the course of operations?

Air Force Network Operations Command (AFNetOps/CC)

Air Force Information Warfare Center/Information Operations Directorate (AFIWC/IO)

Air Force Network Operations Center (AFNOC)

23 Information Operations Squadron (IOS)

66. Which organization has the responsibility of developing Air Force Ports, Protocols and Services (AF PPS) policies and procedures?

Air Force Network Integration Center (AFNIC)

Air Force Network Operations Center (AFNOSC)

Air Force Information, Services and Integration Directorate (SAF/XCIA)

Air Force Operations Commander (AFNetOps/CC)

67. Which organization has direct operational control of Air Force Ports, Protocols and Services (AF PPS)?

Air Force Network Integration Center (AFNIC)

Air Force Network Operations Center (AFNOSC)

Air Force Information, Services and Integration Directorate (SAF/XCIA)

Air Force Operations Commander (AFNetOps/CC)

68. Which type of firewall views information as a data stream and not as a series of packets?

Network-level

Application-level

Corporate/enterprise

Personal/small office home office (SOHO)

69. What type of proxy must be run because of an attacker's potential to exploit an operating system?

Reverse proxy

Forward proxy

Application proxy

Software-based proxy

70. What severity code applies to any vulnerability that provides information that potentially could lead to a compromise?

I

II

III

IV