Page 813 - StudyBook.pdf
P. 813
Self Test Appendix • Appendix 797
A. LibPcap
B. WinPcap
C. IDSCenter
D. A honeynet
B.The purpose of WinPcap is to allow programs like WinDump, Snort, and other IDS applica-
tions to capture low-level packets traveling over a network. It should be the first program
installed before using most Windows-based IDS systems.
Answers A, C , and D are incorrect because LibPcap is used for Linux computers. IDSCenter
is a graphical user interface (GUI) interface for Snort, and a honeynet is used to simulate a vul-
nerable network.
14. You must choose what type of IDS to recommend to your company.You need an IDS that can
be used to look into packets to determine their composition.What type of signature type do
you require?
A. File based
B. Context-based
C. Content-based
D. Active
C.A content-based signature looks at what is inside the content of the traffic such as specific
traffic.
Answers A, B, and D are incorrect because file-based is not a valid answer; a context-based sig-
nature would be one that can identify a pattern such as a port scan.An active signature does
not meet the requirements of the question and is invalid.
Chapter 8: Infrastructure
Security: System Hardening
1. Bob is preparing to evaluate the security on his Windows XP computer and would like to
harden the OS. He is concerned as there have been reports of buffer overflows.What would
you suggest he do to reduce this risk?
A. Remove sample files
B. Upgrade is OS
C. Set appropriate permissions on files
D. Install the latest patches
D.The best defense against buffer overflows is to apply the appropriate patches or fixes to elim-
inate the buffer overflow condition.
Answers A, B, and C are incorrect because removing sample files would not reduce the risk of
buffer overflows. Upgrading the OS may fix the immediate buffer overflow, but is not a sustain-
able long-term strategy. Patches and hotfixes were designed to address this issue. Setting appro-
priate file permissions will not prevent a buffer overflow.
www.syngress.com
