Mike, a network administrator, has been asked to passively monitor network traffic to the companys sales websites. Which of the following would be BEST suited for this task?
Mike, a network administrator, has been asked to passively monitor network traffic to the companys sales websites. Which of the following would be BEST suited for this task?
A host-based intrusion detection system (HIDS) is best suited for passively monitoring network traffic as it watches the audit trails and log files of a host system. It is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. Unlike a NIPS, which actively monitors and can prevent intrusions, HIDS passively analyzes data after it has been collected.
The network security engineer just deployed an IDS on the network, but the Chief Technical Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the following types of IDS has been deployed?
A signature-based IDS will monitor network traffic and compare it against a database of known signatures or attributes from known malicious threats. This aligns with the concern that the device is only able to detect known anomalies, as signature-based systems rely on pre-defined signatures to detect threats, thus unable to identify new or unknown threats.
Which the following flags are used to establish a TCP connection? (Choose two.)
To establish a TCP connection, the three-way handshake process involves the use of the SYN and ACK flags. First, the client sends a SYN message to the server to initialize the connection. The server responds with a SYN-ACK message to acknowledge the client's request and establish parameters for the connection. Finally, the client sends an ACK message to confirm the receipt of the server's SYN-ACK and complete the connection establishment process. Therefore, the flags used to establish a TCP connection are SYN and ACK.
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
The most appropriate component of an all-in-one security appliance to restrict access to peer-to-peer file sharing websites is a URL filter. A URL filter blocks access to specified websites based on their URLs. Peer-to-peer file sharing websites have specific URLs that can be blocked using this component, thus preventing access to these sites. Spam filters are specifically designed to filter emails and are not effective for blocking websites. Content inspection examines the content of web pages and can block inappropriate content, but it does not specifically block access to websites. Malware inspection scans for malicious software, but does not prevent website access.
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
To assess the effectiveness of existing security in an enterprise, the best place to start is to review past security incidents and their resolution. This allows the administrator to evaluate how well the current security measures have been working in practice and identify any recurring issues or deficiencies. By understanding the history and impact of past incidents, it becomes possible to make informed decisions about necessary improvements or changes to the security posture.