Question 1

DNS can use services of________using the well known port 53&#10;A)udp&#10;B)tcp&#10;C)either (a) or (b)&#10;D)none of the above

Accepted Answer

DNS can use both UDP and TCP for its services. Typically, DNS uses UDP for query requests to keep the communication fast. However, when the response data size exceeds 512 bytes or for tasks like zone transfers, DNS uses TCP.

Question 2

In the DNS the names are defined in _____ sturucture&#10;A)a linear list&#10;B)an invertred tree&#10;C)a graph&#10;D)none

Accepted Answer

In the DNS (Domain Name System), names are defined in an inverted tree structure, where the root is at the top and branches out to more specific domains.

Question 3

The root of DNS tree is____&#10;A)a string of characters&#10;B)a string of 63 characters&#10;C)an empty string&#10;D)none

Accepted Answer

The root of the DNS (Domain Name System) tree is represented by an empty string, indicating the top-level of the DNS hierarchy.

Question 4

A full domain name is sequence of lables seperated by____&#10;A)semicolons&#10;B)dots&#10;C)colons&#10;D)none

Accepted Answer

A full domain name is a sequence of labels separated by dots. Each label is a fragment of the domain name, and the dots serve to delimit these labels from one another.

Question 5

When discussing IDS/IPS, what is a signature?&#10;A)an electronic signature used to authenticate the identity of a user on the network&#10;B)patterns of activity or code corresponding to attacks&#10;C)&#34;normal,&#34; baseline network behavior&#10;D)none of the above

Accepted Answer

Signatures in the context of Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) refer to patterns of activity or code that correspond to known attacks. These signatures are used to detect and potentially block malicious activities.

Question 6

Which is true of a signature-based IDS?&#10;A)it cannot work with an ips&#10;B)it only identifies on known signatures&#10;C)it detects never-before-seen anomalies&#10;D)it works best in large enterprises.

Accepted Answer

Signature-based IDS identifies threats by comparing the incoming traffic against a database of known attack patterns or signatures. It does not detect new, unknown anomalies; it requires prior knowledge of attack signatures to identify threats.

Question 7

A false positive can be defined as:&#10;A)an alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior&#10;B)an alert that indicates nefarious activity on a system that, upon further inspection, turns out to truly be nefarious activity&#10;C)the lack of an alert for nefarious activity&#10;D)all of the above

Accepted Answer

A false positive in the context of system security refers to an alert that signals potential malicious activity which, after further investigation, is found to be benign or legitimate activity. This is in contrast to a true positive (B), where the activity is indeed malicious, or a false negative (C), where malicious activity goes undetected.

Question 8

The features of traditional IPSes are found in all of these modern systems, except:&#10;A)next-generation firewalls&#10;B)antimalware&#10;C)unified threat management appliances&#10;D)network behavior analysis systems

Accepted Answer

Antimalware primarily focuses on preventing, detecting, and removing malicious software on individual devices rather than monitoring and controlling network traffic for malicious activities, which is the main function of traditional Intrusion Prevention Systems (IPS).

Question 9

How does machine learning benefit IDSes/IPSes?&#10;A)by lowering the volume of attacks analyzed&#10;B)by adding heuristic anomaly detection capabilities&#10;C)by searching for similar patterns to known attacks&#10;D)by helping identify signatures more quickly

Accepted Answer

The answer of How does machine learning benefit IDSes/IPSes?&#10;A)by lowering...

Deck 2: DNS, IDS/IPS, and Digital Investigations