Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Fiche technique télécharger pdf (Page 13)

642 -531

Leading the way in IT testing and certification tools, www.testking.com

- 13 -

Section 4: Explain the difference between HIP and NIDS (0

questions)

Section 5: Describe the various techniques used to evade intrusion

detection (4 questions)

QUESTION NO: 1

Which of the following describes the evasive technique whereby control characters are

sent to disguise an attack?

A. Flooding

B. Fragmentation

C. Obfuscation

D. Exceeding maximum transmission unit size

Answer: C

Explanation:

Intrusion Detection Systems inspect network traffic for suspect or malicious packet formats,

data payloads and traffic patterns. Intrusion detection systems typically implement

obfuscation defense - ensuring that suspect packets cannot easily be disguised with UTF

and/or hex encoding and bypass the Intrusion Detection systems. Recently, the CodeRed

worm has targeted an unpatched vulnerability with many MicroSoft IIS systems and also

highlighted a different encoding technique supported by MicroSoft IIS systems.

Reference:

Cisco Courseware 3-27

QUESTION NO: 2

Which of the following represents a technique that can be used to evade intrusion

detection technology?

A man-in-the-middle

B TCP resets

C targeted attacks

D obfuscation

Answer: D

Explanation:

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 167 168

Pas de commentaire

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Fiche technique Page 13