SCNS Practice Exam Questions with Answers SCNS Tactical Perimeter Defense Certification

Tightening

Cascading

Streamlining

Cleansing

Hardening

A Security Policy

AN IDS

A DNS server

An Email server

A WINS server

Snort.cfg

Config.snt

Snort.config

Snort.conf

Config.snort

In a Host-Based IDS sensors are installed in key positions throughout the network, and they all report to the command console. The sensors in this case, are full detection engines that have the ability to sniff network packets, analyze for known signatures, and notify the console with an alert if an intrusion is detected.

Host-Based IDS uses what are known as agents (also called sensors). These agents are in fact small programs running on the hosts that are programmed to detect intrusions upon the host. They communicate with the command console, or a central computer controlling the IDS.

In Host-Based IDS, the agents on the hosts are the ones that perform the analysis of the network traffic.

The intrusion data can be monitored in real-time.

In a Host-Based IDS sensors (also called agents) are placed on each key host throughout the network analyzing the network packets for intrusion indicators. Once an incident is identified the sensor notifies the command console.

In Host-Based IDS, the network traffic data is gathered and sent from the host to a centralized location.

There is no significant performance drop on the hosts because the agents simply gather information and send them elsewhere for analysis. However, due to the nature of the design, there is no possibility of real-time detection and response.

Secure Sockets Layer (SSL) Bridging

Web Caching and Delivery

Web Publishing Load Balancing

Enhanced Multi-factor Authentication

Robust Logging and Reporting

Bandwidth Management

Encryption

User Authentication

Packet Authentication

Key Management

Confidentiality verifies users to be who they say they are. In data communications, authenticating the sender is necessary to verify that the data came from the right source.

Data communications as well as emails need to be protected for privacy and confidentiality. Network security must provide a secure channel for the transmission of data and email that does not allow eavesdropping by unauthorized users. Data confidentiality ensures the privacy of data on the network system.

The security must limit user privileges to minimize the risk of unauthorized access to sensitive information and areas of the network that only authorized users should only be allowed to access.

Security must be established to prevent parties in a data transaction from denying their participation after the business transaction has occurred. This establishes Confidentiality for the transaction itself for all parties involved in the transaction.

Confidentiality is a security principle that ensures the continuous accuracy of data and information stored within network systems. Data must be kept from unauthorized modification, forgery, or any other form of corruption either from malicious threats or corruption that is accidental in nature.

0.0.15.255

0.0.16.254

255.240.0.0

0.0.240.0

10.0.16.1/20

Frequency Hopping Spread Spectrum (FHSS)

Direct Sequence Spread Spectrum (DSSS)

Lamar Anthell Transmission (LAT)

Digital Band Hopping (DBH)

Digital Channel Hopping (DCH)

This type of audit is typically done by a contracted external team of security experts who check for policy compliance.

This type of audit is usually done by internal resources to examine the current daily and on-going activities within a network system for compliance with an established security policy.

This type of audit is typically done by an internal team who ensures the security measures are up to international standards.

This type of audit is usually done by the current network administrators who ensure the security measures are up to international standards.

This type of audit is usually conducted by external resources and may be a review or audit of detailed audit logs.

RSA Public Key Cryptography

DES Public Key Cryptography

MD5 Private Key Cryptography

MD5 Public Key Cryptography

RSA Private Key Cryptography

10.18.10.211 & 10.18.71.12

10.28.33.131 & 10.28.64.20

172.16.30.1 & 172.16.30.2

17.26.30.1 & 19.26.30.2

212.168.15.1 & 192.168.15.2

Regulatory Access Control

Mandatory Access Control

Discretionary Access Control

Centralized Access Control

Distributed Access Control

Management Tools

Security Association API

IPSec Driver

IP Policy Agent

IP Security Policy and Security Association

The router will attempt to use SSH first, then use Telnet

The router will attempt to use Telnet first, then use SSH

The router will accept only SSH on VTY 0 4

The router will accept both Telnet and SSH connections

The router will accept only Telnet on VTY 0 4

Depth

Offset

Nocase

Flow_Control

Classtype

You are trying to protect against hijacking

You are trying to protect against spoofing

You are trying to protect against sniffing

You are trying to protect against splicing

You are trying to protect against capturing

The IP addresses for allowed networks

The port range of allowed applications

The word Established

The word Log

The string: no service udp-small-servers

Presentation

Data Link

Network

Application

Transport

This field is used to tell the upper layer protocols that IP is being used.

This field is used to tell the lower layer protocols that IP is being used.

This field is used to define the lower layer protocol to IP.

This field is used to define the upper layer protocol to IP.

This field is used to identify the version of the IP Protocol in use.

An independent audit is usually conducted by external or outside resources and may be a review or audit of detailed audit logs.

The independent audit is usually done by the current network administrators who ensure the security measures are up to international standards.

The independent audit is typically done by an internal team who ensures the security measures are up to international standards.

The independent audit is usually done by internal resources to examine the current daily and on-going activities within a network system for compliance with an established security policy.

The independent audit is typically done by a contracted outside team of security experts who check for policy compliance.

20

119

23

80

2021

Interval Analysis

Real-time Analysis

Statistical Analysis

Signature Analysis

Behavioral Use Analysis

Chaining

Stateful

DMZ

Stateless

KMZ

Powered light source

Beam Integrator

Beam Collider

Beam Splitter

Photon Analyzer

This is an alert rule, designed to notify you of SYN-FIN scans of the network in one direction.

This is an alert rule, designed to notify you of SYN-FIN scans of the network in either direction.

This is a logging rule, designed to capture SYN-FIN scans.

This is a logging rule, designed to notify you of SYN-FIN scans.

This is an alert rule, designed to notify you of SYN-FIN scans originating from the 10.0.10.0/24 network.

include C:\Snort\etc\classification.config

include C:\Snort\etc\reference.config

include \classification.config

include \reference.config

include //classification.config

include //reference.config

DMZ-Mode

Multi-NIC

3-Node Firewall

3-Leg Perimeter

DMZ-Mode, then select three as the number of NICs to configure

10.0.16.1/20

0.0.16.254

255.240.0.0

0.0.240.0

0.0.15.255