978-0789757463 Chapter 9

True / False

1. The category of intrusion detection systems that looks for patterns that don’t match

those of normal use is called anomaly detection.

2. Snort is an open-source firewall.

3. A server with fake data used to attract an attacker is a honeypot.

4. When an administrator proactively seeks out intelligence on potential threats or groups,

this is called infiltration.

5. The method to attract an intruder to a subsystem setup for the purpose of observing

him is called intrusion deterrence.

6. An on-demand virus scanner runs in the background and is constantly checking your

7. Heuristic scanning uses rules to determine whether a file or program behaves like a

8. Linux and Windows typically are not shipped with firewalls.

9. A screening firewall works in the application layer of the OSI model.

10. A stateful packet inspection firewall examines each packet, and denies or permits

access based not only on the current packet, but also on data derived from previous

packets in the conversation.

Multiple Choice

1. A list of virus definitions is generally in a file with a ________ extension.

a. .dat

b. .txt

c. .vir

d. def

2. Typically, when you update virus definitions _____________.

a. The virus program scans your computer.

b. Your computer restarts.

c. You are updating the virus definition file on your computer

d. None of the above

3. A file that stays in memory after it executes is a(n) _____________.

a. Terminate and Stay Resident program

b. Executable

c. Text file

d. Bug

4. The virus scanning technique that uses rules to determine if a program behaves like a

virus is _________ scanning.

a. Download

b. File

c. Heuristic

d. Sandbox

5. The virus scanning technique that means you have a separate area isolated from the

operating system in which a file is run, so it won’t infect the system is ________.

a. Download

b. File

c. Heuristic

d. Sandbox

6. Java and ActiveX codes should be scanned before they are _________.

a. Downloaded to your computer

b. Known about

c. Infected

d. None of the above

7. Mistaking a legitimate program for a virus is a ____________.

a. Heuristic error

b. False negative

c. False positive

d. None of the above

8. A _________ is a barrier between your network and the outside world.

a. Firewall

b. Web server

c. File server

d. None of the above

9. A packet-filtering firewall is a(n) ____________ firewall.

a. Packet Filgering

b. Application gateway

c. Circuit-level gateway

d. Domain gateway

10. A(n)___________ firewall examines the entire conversation between client and

server, not just individual packets.

a. Stateful Packet Inspection

b. Packet filtering

c. Circuit-level gateway

d. Domain gateway

11. In which firewall configuration is the software installed on an existing machine with

an exiting operating system?

a. Network host-based

b. Dual-homed host

c. Router-based

d. Screened host

12. In which firewall configuration is the firewall running on a server with at least two

network interfaces?

a. Network host-based

b. Dual-homed host

c. Router-based

d. Screened host

13. A firewall ______ is a tool that can provide information after an incident has

occurred.

a. Log

b. Scan

c. Port

d. None of the above