REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Bradley
 
 

 

Braindumps of 250-501
Intrusion Protection Solutions

Exam Questions, Answers, Braindumps (250-501)

Hi to all and thanks to www.exams.ws and www.4exam.com But there’s no need to have it from both of them, only questions from only one are sufficient I think. Here is my contribution.

Question: 1
Symantec Decoy Server offers a unique advantage in detecting which type of intrusion?
A.A slow scan
B.A brute force attack
C.A local buffer overflow
D.A distributed denial of service
Answer: A
Explanation:
Page 8Symantec Decoy Server 3.1Student ManualNovember 7, 2003 Finally, a honeypot can
detect and record incidents that might last for months. These "slow scans" are difficult to detect
usingan IDSbecause the duration involved makes them appear to be normal traffic.

Question: 2
What are two advantages of hosting multiple cages on Symantec Decoy Server? (Choose two.)
A.Network traffic is reduced.
B.There is greater ease of administration.
C.Each cage shares a network interface.
D.The cost of creating a deception network is reduced.
Answer: B, D
Explanation:
Page 42Symantec Decoy Server 3.1Student ManualNovember 7, 2003 Cages are virtual
environments that attackers can explore and change.Symantec Decoy Server allows a single
machine to host up to four cages, which reduces the costs associated with implementing a
deception network.Although the configuration options are endless, a sample configuration would
have each cage mimic an organization's FTP, HTTP, SMTP, or SQL servers. This capability
greatly reduces hardware costs, while increasing the probability of an attack to a cage rather than
an actual server. Each cage requires a dedicated network interface and has a unique IP address
[which indicates that option C is incorrect].

Question: 3
What kind of deployment is created if you have configured a router or firewall to redirect attacks
against high-value targets to Symantec Decoy Server?
A.Shield deployment
B.Stealth deployment
C.Minefield deployment
D.Redirection deployment
Answer: A
Explanation:
Page 11 Symantec Decoy Server 3.1 Implementation Guide The shield deployment scheme uses
a redirection device to redirect attacks against high-value targets to Symantec Decoy Server.

Question: 4
Which two benefits does Symantec Decoy Server provide? (Choose two.)
A.Zero day attack detection
B.Real-time network sniffing
C.Early warning Intrusion sensors
D.Improved host-based intrusion performance
Answer: A, C
Explanation:
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157
Symantec Decoy Server provides early detection of internal, external, and unknown attacks,
unauthorized use of passwords and server access to help prioritize threats, and increased.
network protection against intrusions. Page 48Symantec Decoy Server 3.1Student
ManualNovember 7, 2003 Decoy Server provides the following:
1.Early warning system
2.Unauthorized access and misuse detection
3.Zero-day attack detection
4.Network and kernel-level logging
5.Secure confinement area (attack actions logged and monitored)

Question: 5
Which two can be collected from the Symantec Decoy Server console? (Choose two.)
A.Virus activity
B.Network activity
C.Process history
D.Source quenching
Answer: B, C
Explanation:
Page 48Symantec Decoy Server 3.1Student ManualNovember 7, 2003 Decoy Server can detect
and isolate malicious behavior through the following:
1.Network activity
2.File system activity
3.Process activity
4.Kernel-level keystroke capture
Page 103 Symantec Decoy Server 3.1 Implementation Guide
Cage log data
1.All Records-Displaysall cage log records.
2.PTY Session Activity-Displaysall activity that occurred during an established PTY (pseudo
teletype) session with a cage. For example, if an intruder successfully telnets to a cage, all
keystrokes entered and output to the screen are recorded as PTYSessionActivity.
3.File System Activity-Displaysthe names of all files opened for writing.
4.Invoked Processes-Displaysall processes that have been executed within the cage.
5.Network Activity-Displays www.PrometricVUE.comwww. Leading the way in IT testing and
certification tools, www.Company.com
6 all incoming UDP or TCP connections, as well as connection attempts. Incoming connections
includetrlnetconnections, FTP connections, and port scans. These log records will contain the
source and destination IP addresses and ports.

250-501

 

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend