Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list stáhnout pdf (Strana 6)

642-531

C. Rootkit

D. Exposure

Answer: B

Explanation:

Exploits activity-Indicative of someone attempting to gain access or compromise systems on your network,

such as Back Orifice, failed login attempts, and TCP hijacking

Reference: Cisco Intrusion Detection System - Cisco Secure Intrusion Detection System

QUESTION 14

Which of the following describes the evasive technique whereby control characters are sent to disguise an

attack?

A. Flooding

B. Fragmentation

C. Obfuscation

D. Exceeding maximum transmission unit size

Answer: C

Explanation:

Intrusion Detection Systems inspect network traffic for suspect or malicious packet formats, data payloads and

traffic patterns. Intrusion detection systems typically implement obfuscation defense - ensuring that suspect

packets cannot easily be disguised with UTF and/or hex encoding and bypass the Intrusion Detection systems.

Recently, the CodeRed worm has targeted an unpatched vulnerability with many MicroSoft IIS systems and

also highlighted a different encoding technique supported by MicroSoft IIS systems.

Reference:Cisco Courseware 3-27

QUESTION 15

Which of the following represents a technique that can be used to evade intrusion detection technology?

A. man-in-the-middle

B. TCP resets

C. targeted attacks

D. obfuscation

Answer: D

Explanation:

Early intrusion detection wa easily evaded by disguising an attack by unsing special characters to conceal an

attack. The term used to describe this evasive technique is obfuscation. Obfuscation is now once again

becoming a popular IDS evasive technique. The following are forms of obfuscation:

1) Control characters

2) Hex representation

1 2 3 4 5 6 7 8 9 10 11 ... 122 123

Žádné komentáře

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list Strana 6