QUESTION NO: 1
Applications that use ephemeral ports on both sides of a connection are difficult to mine, because:
A. The ephemeral ports cannot be predicted
B. They all use the same port, TCP/1024
C. The well-known ports cannot be predicted
D. The ephemeral ports can be predicted but the port pairings are always different
QUESTION NO: 2
Mining FTP frames for both the Control and Data connections is difficult, because:
A. The server listens on TCP/20 and on ephemeral addresses that are difficult to predict.
B. The server listens on TCP/21 and multiple addresses that cannot be predicted.
C. The server listens on TCP/21 and ephemeral ports that are difficult to predict.
D. Many implementations of FTP exist that use varying well-known ports.
QUESTION NO: 3
Which of the following is NOT typically associated with network security auditing?
A. Inspection of passwords
B. Examining a network for signs of misuse
C. Troubleshooting network application efficiency
D. Looking for conformance to policy
QUESTION NO: 4
A sorted list of active ports can help to ________.
A. isolate data for further analysis
B. identify the use of specific applications in the network
C. locate the most active protocols
D. all of the above
QUESTION NO: 5
The easiest way to identify data for further analysis is to _______.
A. create an alias
B. group multiple protocols together
C. sort on port number
D. select all ephemeral ports
QUESTION NO: 6
A one to many relationship is indicative of:
B. Clients sending email to a relay server
C. Password guessing
QUESTION NO: 7
The selection of InfiniStream alert protocols is made on the _______ tab.
QUESTION NO: 8
Time duration and speed are _______.
A. primary limitations of mining and analysis
B. not relevant toInfiniStream
C. only related to Expert analysis
D. relevant, but secondary issues
QUESTION NO: 9
For testing, it is useful to convert your _______ into _______.
A. data / units of measurement
B. hypothesis / an if-then statement
C. hypothesis / a conclusion
D. conclusion / if-then statement
QUESTION NO: 10
Maintaining a baseline can aid in detecting bandwidth denial of service attacks by:
A. Listing status codes associated with denial of service.
B. Revealing significant changes in protocol activity and bandwidth through comparison.
C. Showing ports known to be associated with bandwidth denial of service.
D. Listing source IP addresses know to send denial of service attacks.