cybersecurity 9

The category of intrusion detection systems that looks for patterns that don’t match those of normal use is called anomaly detection.

true

Snort is an open-source firewall.

false

A server with fake data used to attract an attacker is a honeypot.

true

When an administrator proactively seeks out intelligence on potential threats or groups, this is called infiltration.

true

The method to attract an intruder to a subsystem setup for the purpose of observing him is called intrusion deterrence.

false

An on-demand virus scanner runs in the background and is constantly checking your PC.

false

Heuristic scanning uses rules to determine whether a file or program behaves like a virus.

true

Linux and Windows typically are not shipped with firewalls.

false

A screening firewall works in the application layer of the OSI model.

false

A stateful packet inspection firewall examines each packet, and denies or permits access based not only on the current packet, but also on data derived from previous packets in the conversation.

true

A list of virus definitions is generally in a file with a ________ extension.

.dat

Typically, when you update virus definitions _____________.

Your computer restarts.

A file that stays in memory after it executes is a(n) _____________.

Terminate and Stay Resident program

The virus scanning technique that uses rules to determine if a program behaves like a virus is _________ scanning.

Heuristic

The virus scanning technique that means you have a separate area isolated from the operating system in which a file is run, so it won’t infect the system is ________.

sandbox

Java and ActiveX codes should be scanned before they are _________.

Downloaded to your computer

Mistaking a legitimate program for a virus is a ____________.

False positive

A _________ is a barrier between your network and the outside world.

Firewall

A packet-filtering firewall is a(n)  ____________ firewall.

Packet Filtering

A(n)___________ firewall examines the entire conversation between client and server, not just individual packets.

Stateful Packet Inspection

In which firewall configuration is the software installed on an existing machine with an existing operating system?

Network host-based

In which firewall configuration is the firewall running on a server with at least two network interfaces?

Dual-homed host

A firewall ______ is a tool that can provide information after an incident has occurred.

log