Chapter 32 Intrusion Detection Test Bank

Linux Essentials for Cybersecurity (Rothwell/Kinsey)

Chapter 32 Intrusion Detection

1) Which of the following major hacks occurring in the last few years resulted in the data of more than 40 million credit cards being compromised?

A) The eBay hack of 2013–2014

B) The Target hack of 2013

C) The Equifax hack of 2017

D) None of the above

2) Which of the following topics should be included in a recovery plan within a security policy?

A) There should be a plan in place to bring the compromised system(s) offline.

B) There should be a list of people who need to be notified, in a specific order.

C) A full diagnostic should be performed on the server(s).

D) All of the above

3) Which of the following commands can be used to display all active TCP connections?

A) netstat -ta

B) netstat -taupe

C) nmap

D) tcdump

4) Which of the following commands displays all open ports, which is important because hackers often will open new ports to create more backdoors into the system?

A) netstat -ta

B) netstat -taupe

C) nmap

D) tcdump

5) The __________ command is not as vulnerable to hackers as other commands, because you run this command from a different system than the potentially hacked system.

A) netstat -ta

B) netstat -taupe

C) nmap

D) tcdump

6) Which of the following tools allows you to probe network traffic, searching for any suspicious activity?

A) netstat -ta

B) netstat -taupe

C) nmap

D) tcpdump

7) Which of the following tools provides a GUI-based front end to the tcpdump command?

A) MD5

B) Wireshark

C) NIDS

D) HIDS

8) Which of the following files can be modified by a hacker to create a backdoor?

A) /etc/passwd

B) /etc/shadow

C) Both A and B

D) None of the above

9) Any account that has a UID (user ID) of __________ has full administrative rights.

A) 0

B) 1

C) 2

D) 3

10) If the password field for the nncp account is __________, this allows someone to log in with this user name and not have to provide a password.

A) too short

B) empty

C) too long

D) set to zero

11) Which of the following is a package management tool that determines if a file has changed since it was installed?

A) diff

B) cmp

C) nmap

D) rpm -V

12) Which of the following commands compare differences in files?

A) cmp

B) diff

C) Both A and B

D) None of the above

13) Which of the following commands is similar to the md5sum command?

A) sha1sum

B) sha256sum

C) sha512sum

D) All of the above

14) Which of the following file-change tools uses a unique key based on a file’s attributes and contents to create a one-way hash value?

A) diff

B) MD5 checksum

C) cmp

D) rpm -V

15) Which of the following IDS categories includes an IDS that attempts to automatically react or respond to intrusions?

A) Passive IDS

B) Reactive or Active IDS

C) NIDS

D) HIDS

16) Which of the following IDS categories includes a network-based IDS, designed to discover intrusions or attempts by monitoring key networks?

A) Passive IDS

B) Reactive or Active IDS

C) NIDS

D) HIDS

17) Which of the following IDS categories includes an IDS that detects possible intrusions and then notifies administrators?

A) Passive IDS

B) Reactive or Active IDS

C) NIDS

D) HIDS

18) Which of the following is a tool that is designed to report when key system files have been changed, and includes both a commercial version and an open source version?

A) Security Onion

B) AIDE

C) Snort

D) Tripwire

19) Which of the following is an IDS tool that has been available for more than 20 years that is used to provide real-time analysis of traffic and can also be used to log network packets?

A) Security Onion

B) AIDE

C) Snort

D) Tripwire

20) Which of the following is a distribution that primarily focuses on IDS tools?

A) Security Onion

B) AIDE

C) Snort

D) Tripwire