Appendix  ■   Answers to Practice Test Questions  5

Appendix 

  Answers to Practice Test Questions

others of service. It is performed by overwhelming the service with bogus traffic. When 

it is performed from multiple hosts on the Internet, it is very difficult to prevent and stop. 

A denial of service (DoS) attack is typically carried out by one source and is relatively 

easy to mitigate. IP address spoofing is a tactic in which the source IP address is spoofed 

in a packet in an attempt to bypass security. Session hijacking is an attack in which a 

conversation between two hosts is hijacked by an attacker.

 6.  B.  An intrusion detection system, or IDS, can detect an attack based upon its signature. 

They are commonly found in firewall systems such as Firepower Threat Defense (FTD). 

Although similar to an IPS, the IDS will only notify someone in the event of a detection. 

Honey pots are server or network appliances that have been security weakened to attract 

bad actors so their actions and tactics can be examined. An intrusion prevention system, 

or IPS, can detect and prevent attacks based on their signature. They too are commonly 

found in firewall systems such as Firepower Threat Defense (FTD). A host intrusion 

detection system (HIDS) is an application that runs on a host to detect intrusions. A HIDS 

is similar to an IDS, but it is all software based and resides on the host it is to protect.

 7.  D.  Ping sweep scans are used by attackers to discover hosts on a network. The scan sends 

a flood of ICMP echo requests to the perimeter network and awaits echo replies. When 

ICMP is blocked at the perimeter, an attacker would not be able to scan the network 

via ICMP. Although deploying a host intrusion detection system (HIDS) and intrusion 

detection system (IDS) is a good idea, these systems will only notify you of a ping sweep 

scan and will not prevent it. Blocking RFC 1918 addresses at the perimeter is also a 

positive security measure. However, RFC 1918 addresses are not Internet routable, and 

this measure does not prevent an internal ping sweep scan.

Common features of IPS can be found in the Cisco Adaptive Security Appliance. Honey 

pots are server or network appliances that have been security weakened to attract bad 

actors so their actions and tactics can be examined. An intrusion detection system, or IDS, 

can detect an attack based upon its signature. They are also commonly found in firewall 

systems such as Firepower Threat Defense (FTD) devices. Although similar to an IPS, the 

IDS will only notify someone in the event of a detection. A host intrusion detection system 

(HIDS) is an application that runs on a host to detect intrusions. A HIDS is similar to an 

IDS, but it is all software based and resides on the host it is to protect.

 9.  C.  IP address spoofing is a common attack method used to attempt to gain access to 

a system by spoofing the originating IP address. A denial of service, or DoS, attack is 

typically carried out by one source and is relatively easy to mitigate. Distributed denial 

of service, or DDoS, is a common attack technique used to deny others of service. It is 

performed by overwhelming the service with bogus traffic. When it is performed from 

multiple hosts on the Internet, it is very difficult to prevent and stop. Session hijacking is 

an attack in which a conversation between two hosts is hijacked by an attacker.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: