Last Updated on December 11, 2018 by
Which tool can identify malicious traffic by comparing packet contents to known attack signatures?
- Nmap
- Netflow
Zenmap
- IDS
Explanation:
An IDS, or intrusion detection system, is a device that can scan packets and compare them to a set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection.
Fill in the blank.
A botnet is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.
Explanation:
A compromised or hacked computer that is controlled by a malicious individual or group is known as a bot. A group of these hacked computers under the control of a malicious individual or group is known as a botnet.
Refer to the exhibit. Rearrange the letters to fill in the blank.
ITC Chapter 4 Quiz Answers 001
Behavior-based analysis involves using baseline information to detect anomaly that could indicate an attack.
Noted: You should type “anomaly” in our system exam, but you can type one of the folowing answer with nedacad test system:
- anomalies
- anomaly
Explanation:
Behavior-based security uses informational context to detect anomalies in the network.
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
- Netflow
- Snort
- Nmap
- SIEM
Explanation:
Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.
What is the last stage of the Cyber Kill Chain framework?
- remote control of the target device
creation of malicious payload
gathering target information
malicious action
Explanation:
Fill in the blank.
Any device that controls or filters traffic going in or out of the network is known as a firewall .
Explanation:
A firewall is a network device used to filter inbound or outbound traffic or both.
What type of attack disrupts services by overwhelming network devices with bogus traffic?
brute force
port scans
zero-day
DDoS
Explanation:
DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.
Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?
HTTPS
Telnet
- NAT
NetFlow
Explanation:
NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.
- Recommend
Last Updated on October 18, 2019 by Zenmap Explanation: An IDS, or intrusion detection system, is a device that can scan packets and compare them to a
set of rules or attack signatures. If the packets match attack signatures, then the IDS can create an alert and log the detection. Explanation: A compromised or hacked computer that is
controlled by a malicious individual or group is known as a bot. A group of these hacked computers under the control of a malicious individual or group is known as a botnet.Which tool can identify malicious traffic by comparing packet contents to known attack signatures?
Fill in the blank.
A botnet is a group of compromised or hacked computers (bots) controlled by an individual with malicious intent.
Refer to the exhibit. Rearrange the letters to fill in the blank.
ITC Chapter 4 Quiz Answers 001
Behavior-based analysis involves using baseline information to detect anomaly that could indicate an attack.
Noted: You should type “anomaly” in our system exam, but you can type one of the folowing answer with nedacad test system:
- anomalies
- anomaly
Explanation:
Behavior-based security uses informational context to detect anomalies in the network.
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
- Netflow
- Snort
- Nmap
- SIEM
Explanation:
Snort is an open source intrusion protection system (IPS) that is capable of performing real-time traffic and port analysis, packet logging, content searching and matching, as well as detecting probes, attacks, port scans, fingerprinting, and buffer overflow attacks.
What is the last stage of the Cyber Kill Chain framework?
- remote control of the target device
creation of malicious payload
gathering target information
malicious action
Explanation:
Fill in the blank.
Any device that controls or filters traffic going in or out of the network is known as a firewall .
Explanation:
A firewall is a network device used to filter inbound or outbound traffic or both.
What type of attack disrupts services by overwhelming network devices with bogus traffic?
brute force
port scans
zero-day
DDoS
Explanation:
DDoS, or distributed denial of service, attacks are used to disrupt service by overwhelming network devices with bogus traffic.
Which protocol is used by the Cisco Cyberthreat Defense Solution to collect information about the traffic that is traversing the network?
HTTPS
Telnet
- NAT
NetFlow
Explanation:
NetFlow is used both to gather details about the traffic that is flowing through the network, and to report it to a central collector.