IT 223 EXAM 3 QUESTIONS WITH VERIFIED
ACCURATE ANSWERS
What is a firewall in everyday life? in IT? - Answers -In everyday life a firewall is a
fireproof barrier intended to prevent the spread of fire
In IT a firewall is a system component (or multiple components) that control movement
of data between networks.
What is a packet filter? - Answers -a packet filter examines fields in the IP header
What makes a stateless packet filter "stateless"? - Answers -stateless because each
packet is examined in isolation, there is no awareness of the packet's state or
relationship to other packets
What is a stateful (or dynamic) packet filter? - Answers -stateful because it takes into
account the state of a packet in relation to other packets, typically tracks the state of a
TCP connection
What is a socket? What are its components? - Answers -A socket is the combination of
an IP address and a TCP (or UDP) port number
What is deep packet inspection? - Answers -A more sophisticated form of a network
firewall, it looks at the application data in the innermost payload and applies application-
specific contextual rules
What is a private (or reserved) IP address? Why is it useful? - Answers -private IP
addresses are IP addresses that never go outside a private network, and their packets
must be sent over an "inter-enterprise link". This was useful for the duplication of IP
addresses because unique IP addresses are running out
What is network address translation? - Answers -When a router has a singular IP
address for connection to the internet but multiple private IP addresses connecting to
the router
What is a back channel? Why is it a security risk? - Answers -an alternative path into
the network that doesn't go through the setup network security measures, rendering
them useless.
What is "spoofing" of an address? - Answers -using the incorrect IP address to conceal
the user's true origin
,What is a replay attack? - Answers -A replay attack (also known as playback attack) is
a form of network attack in which a valid data transmission is maliciously or fraudulently
repeated or delayed.
What is an intrusion detection system? What are other names for it? - Answers -a
system of sensors that measure a value within a range. a possible intrusion is detected
when the measured value crosses some threshold value.
What is the purpose of an IDS? - Answers -the purpose of an IDS is to detect when the
network has a possible intruder on it.
What is a binary sensor? How can other sensors types be made equivalent to a binary
sensor? - Answers -a binary sensor or threshold sensor produces only 2 results:
negative (sensor state is normal) or positive (sensor state is abnormal)
What is a negative result in this context (Binary Sensor)? What is a false negative? a
false positive? - Answers -a negative result would mean there is no detection currently
being made out of the ordinary. a false negative would be the IDS not detecting an
intruder, and a false positive would be the IDS detecting an intruder when there wasn't
one.
What problem does false negatives create? false positives? - Answers -false negatives
can cause a false sense of security to IDS operators, false positives can make and IDS
operator ignore a certain issue that could be a legitimate threat one day.
What are some reasons for using an IDS? - Answers -1: to prevent problem behaviours
2: to detect attacks and other security violations
3: to detect and deal with the preamble to an attack
4: to document an existing attack
What are the three types of components of an IDS? - Answers -1: information sources
2: analysis
3: response
What are the three types of IDS? - Answers -1: network-based
2: host-based
3: application-based
How does signature-based analysis work? - Answers -by examining the data content of
network packets, files, and other data resources and recognizing signatures - pre-
defined values, patterns or structures that are known to correspond to intruders
How does anomaly-based analysis work? - Answers -By comparing the activities of one
process with the expected behavior (or profile) for that type of process.
, Why does user behavior change over time? - Answers -due to changes in the system,
changes in the user population in general, or changes in the behavior of individual users
Why is it usually impossible to eliminate all false negatives AND all false positives? -
Answers -because the range of interactions you need to be tracking will be so wide that
to cover all of them is almost impossible because there will be some that are clean but
you don't have covered and some that aren't clean that slip through the cracks.
What is an active response? Can you give examples? - Answers -when the IDS does
something to actively change the system.
-collect more data
-change the system
-counter attack
Why is counter-attack a bad idea? - Answers -it could be illegal, and it could make the
problem worse if the hacker is more skilled than you are and re-strikes back even
harder
What is an passive response? Can you give examples? - Answers -the IDS simply
reports the detected event.
-visual or audible alarms
-pop-ups in the console window
- email/call/text
Why should a passive response avoid the network? - Answers -Because you want to
avoid letting the intruder know that they have been caught.
Why is backup important? - Answers -so if data is lost or stolen you can recover it
What is an exploit? What is a zero-day exploit? - Answers -an exploit is a way for an
attacker to get into your system, a zero-day exploit is an exploit found on the first day of
a new update that hasn't been discovered as an issue yet.
What are some names for an account with the highest level of permissions?How should
such an account be used? Why? - Answers -admins, root users
these accounts should be used as "permission granters" and for any high level actions
being done on the network, they should have the highest power but not used too heavily
in case they are stolen.
Why is it necessary to enforce restrictions on password choices? - Answers -because
human nature is to do the easiest thing and without enforcement people would go
basically passwrordless
ACCURATE ANSWERS
What is a firewall in everyday life? in IT? - Answers -In everyday life a firewall is a
fireproof barrier intended to prevent the spread of fire
In IT a firewall is a system component (or multiple components) that control movement
of data between networks.
What is a packet filter? - Answers -a packet filter examines fields in the IP header
What makes a stateless packet filter "stateless"? - Answers -stateless because each
packet is examined in isolation, there is no awareness of the packet's state or
relationship to other packets
What is a stateful (or dynamic) packet filter? - Answers -stateful because it takes into
account the state of a packet in relation to other packets, typically tracks the state of a
TCP connection
What is a socket? What are its components? - Answers -A socket is the combination of
an IP address and a TCP (or UDP) port number
What is deep packet inspection? - Answers -A more sophisticated form of a network
firewall, it looks at the application data in the innermost payload and applies application-
specific contextual rules
What is a private (or reserved) IP address? Why is it useful? - Answers -private IP
addresses are IP addresses that never go outside a private network, and their packets
must be sent over an "inter-enterprise link". This was useful for the duplication of IP
addresses because unique IP addresses are running out
What is network address translation? - Answers -When a router has a singular IP
address for connection to the internet but multiple private IP addresses connecting to
the router
What is a back channel? Why is it a security risk? - Answers -an alternative path into
the network that doesn't go through the setup network security measures, rendering
them useless.
What is "spoofing" of an address? - Answers -using the incorrect IP address to conceal
the user's true origin
,What is a replay attack? - Answers -A replay attack (also known as playback attack) is
a form of network attack in which a valid data transmission is maliciously or fraudulently
repeated or delayed.
What is an intrusion detection system? What are other names for it? - Answers -a
system of sensors that measure a value within a range. a possible intrusion is detected
when the measured value crosses some threshold value.
What is the purpose of an IDS? - Answers -the purpose of an IDS is to detect when the
network has a possible intruder on it.
What is a binary sensor? How can other sensors types be made equivalent to a binary
sensor? - Answers -a binary sensor or threshold sensor produces only 2 results:
negative (sensor state is normal) or positive (sensor state is abnormal)
What is a negative result in this context (Binary Sensor)? What is a false negative? a
false positive? - Answers -a negative result would mean there is no detection currently
being made out of the ordinary. a false negative would be the IDS not detecting an
intruder, and a false positive would be the IDS detecting an intruder when there wasn't
one.
What problem does false negatives create? false positives? - Answers -false negatives
can cause a false sense of security to IDS operators, false positives can make and IDS
operator ignore a certain issue that could be a legitimate threat one day.
What are some reasons for using an IDS? - Answers -1: to prevent problem behaviours
2: to detect attacks and other security violations
3: to detect and deal with the preamble to an attack
4: to document an existing attack
What are the three types of components of an IDS? - Answers -1: information sources
2: analysis
3: response
What are the three types of IDS? - Answers -1: network-based
2: host-based
3: application-based
How does signature-based analysis work? - Answers -by examining the data content of
network packets, files, and other data resources and recognizing signatures - pre-
defined values, patterns or structures that are known to correspond to intruders
How does anomaly-based analysis work? - Answers -By comparing the activities of one
process with the expected behavior (or profile) for that type of process.
, Why does user behavior change over time? - Answers -due to changes in the system,
changes in the user population in general, or changes in the behavior of individual users
Why is it usually impossible to eliminate all false negatives AND all false positives? -
Answers -because the range of interactions you need to be tracking will be so wide that
to cover all of them is almost impossible because there will be some that are clean but
you don't have covered and some that aren't clean that slip through the cracks.
What is an active response? Can you give examples? - Answers -when the IDS does
something to actively change the system.
-collect more data
-change the system
-counter attack
Why is counter-attack a bad idea? - Answers -it could be illegal, and it could make the
problem worse if the hacker is more skilled than you are and re-strikes back even
harder
What is an passive response? Can you give examples? - Answers -the IDS simply
reports the detected event.
-visual or audible alarms
-pop-ups in the console window
- email/call/text
Why should a passive response avoid the network? - Answers -Because you want to
avoid letting the intruder know that they have been caught.
Why is backup important? - Answers -so if data is lost or stolen you can recover it
What is an exploit? What is a zero-day exploit? - Answers -an exploit is a way for an
attacker to get into your system, a zero-day exploit is an exploit found on the first day of
a new update that hasn't been discovered as an issue yet.
What are some names for an account with the highest level of permissions?How should
such an account be used? Why? - Answers -admins, root users
these accounts should be used as "permission granters" and for any high level actions
being done on the network, they should have the highest power but not used too heavily
in case they are stolen.
Why is it necessary to enforce restrictions on password choices? - Answers -because
human nature is to do the easiest thing and without enforcement people would go
basically passwrordless
