CISSP For Dummies

1. 

The two types of intrusion detection are

1. Attack-based systems and response-based systems

2. Signature-based systems and anomaly-based systems

3. Knowledge-based systems and scripture-based systems

4. Passive monitoring systems and active monitoring systems

2. 

Recording data traveling on a network is known as

1. Promiscuous mode

2. Packet sniffing

3. Packet snoring

4. Packing sneaking

3. 

Which of the following is NOT an example of penetration testing?

1. Radiation monitoring

2. War driving

3. Port scanning

4. War diving

4. 

Trusted recovery is concerned with

1. The ability of a system to be rebuilt

2. The vulnerability of a system while it’s being rebuilt

3. The ability of a system to rebuild itself

4. The willingness of a system to rebuild itself

5. 

The third-party inspection of a system is known as a(n)

1. Confidence check

2. Integrity trail

3. Audit trail

4. Audit

6. 

One of the primary concerns with long-term audit log retention is

1. Whether anyone will be around who can find them

2. Whether any violations of privacy laws have occurred

3. Whether anyone will be around who understands them

4. Whether any tape/disk drives will be available to read them

7. 

The required operating state of a network interface on a system running a sniffer is

1. Open mode

2. Promiscuous mode

3. Licentious mode

4. Pretentious mode

8. 

Filling a system’s hard drive so that it can no longer record audit records is known as a(n)

1. Audit lock-out

2. Audit exception

3. Denial of Facilities attack

4. Denial of Service attack

9. 

An investigator who needs to have access to detailed employee event information may need to use

1. Keystroke monitoring

2. Intrusion detection

3. Keystroke analysis

4. Trend analysis

10. 

Which of the following is NOT true about a signature-based IDS?

1. It reports a low number of false-positives.

2. It requires periodic updating of its signature files.

3. It reports a high number of false-positives.

4. It can’t detect anomalies based on trends.

1. 

B. Signature-based systems and anomaly-based systems. The two types of IDS systems are signature-based and anomaly-based. Review “Intrusion detection and prevention.”

2. 

B. Packet sniffing. Packet sniffing is the technique used to record network traffic. Review “Penetration testing.”

3. 

D. War diving. War diving isn’t a testing technique, but radiation monitoring, war driving, and port scanning are. Review “Penetration testing.”

4. 

B. The vulnerability of a system while it’s being rebuilt. Most operating systems in single-user mode lack the security controls present in a system that’s fully operational. Review “Security Controls.”

5. 

D. Audit. An auditis an inspection of a system or process. Review “Security Auditing and Due Care.”

6. 

D. Whether any tape/disk drives will be available to read them. The challenge with audit log retention is choosing a medium that will be readable many years in the future. Review “Retaining audit logs.”

7. 

B. Promiscuous mode.This is the term that describes the state of a system that is accepting all packets on the network, not just those packets destined for the system. Review “Penetration testing.”

8. 

D. Denial of Service attack. Filling a system’s hard drive is one way to launch a Denial of Service attack on an audit log mechanism. This will prevent the mechanism from being able to write additional entries to the log. Review “Protection of audit logs.”

9. 

A. Keystroke monitoring. Keystroke monitoring records every key press and mouse movement. Review “Keystroke monitoring.”

10. 

C. It reports a high number of false-positives. Signature-based IDSes generally have a low number of false-positives. Review “Intrusion detection and prevention.”