Intrusion Protection Solutions
Answers, Braindumps (250-501)
Hi to all
and thanks to www.exams.ws and www.4exam.com But there’s
no need to have it from both of them, only questions
from only one are sufficient I think. Here is my contribution.
Symantec Decoy Server offers a unique advantage in
detecting which type of intrusion?
A.A slow scan
B.A brute force attack
C.A local buffer overflow
D.A distributed denial of service
Page 8Symantec Decoy Server 3.1Student ManualNovember
7, 2003 Finally, a honeypot can
detect and record incidents that might last for months.
These "slow scans" are difficult to detect
usingan IDSbecause the duration involved makes them
appear to be normal traffic.
What are two advantages of hosting multiple cages
on Symantec Decoy Server? (Choose two.)
A.Network traffic is reduced.
B.There is greater ease of administration.
C.Each cage shares a network interface.
D.The cost of creating a deception network is reduced.
Answer: B, D
Page 42Symantec Decoy Server 3.1Student ManualNovember
7, 2003 Cages are virtual
environments that attackers can explore and change.Symantec
Decoy Server allows a single
machine to host up to four cages, which reduces the
costs associated with implementing a
deception network.Although the configuration options
are endless, a sample configuration would
have each cage mimic an organization's FTP, HTTP,
SMTP, or SQL servers. This capability
greatly reduces hardware costs, while increasing the
probability of an attack to a cage rather than
an actual server. Each cage requires a dedicated network
interface and has a unique IP address
[which indicates that option C is incorrect].
What kind of deployment is created if you have configured
a router or firewall to redirect attacks
against high-value targets to Symantec Decoy Server?
Page 11 Symantec Decoy Server 3.1 Implementation Guide
The shield deployment scheme uses
a redirection device to redirect attacks against high-value
targets to Symantec Decoy Server.
Which two benefits does Symantec Decoy Server provide?
A.Zero day attack detection
B.Real-time network sniffing
C.Early warning Intrusion sensors
D.Improved host-based intrusion performance
Answer: A, C
Symantec Decoy Server provides early detection of
internal, external, and unknown attacks,
unauthorized use of passwords and server access to
help prioritize threats, and increased.
network protection against intrusions. Page 48Symantec
Decoy Server 3.1Student
ManualNovember 7, 2003 Decoy Server provides the following:
1.Early warning system
2.Unauthorized access and misuse detection
3.Zero-day attack detection
4.Network and kernel-level logging
5.Secure confinement area (attack actions logged and
Which two can be collected from the Symantec Decoy
Server console? (Choose two.)
Answer: B, C
Page 48Symantec Decoy Server 3.1Student ManualNovember
7, 2003 Decoy Server can detect
and isolate malicious behavior through the following:
2.File system activity
4.Kernel-level keystroke capture
Page 103 Symantec Decoy Server 3.1 Implementation
Cage log data
1.All Records-Displaysall cage log records.
2.PTY Session Activity-Displaysall activity that occurred
during an established PTY (pseudo
teletype) session with a cage. For example, if an
intruder successfully telnets to a cage, all
keystrokes entered and output to the screen are recorded
3.File System Activity-Displaysthe names of all files
opened for writing.
4.Invoked Processes-Displaysall processes that have
been executed within the cage.
5.Network Activity-Displays www.PrometricVUE.comwww.
Leading the way in IT testing and
certification tools, www.Company.com
6 all incoming UDP or TCP connections, as well as
connection attempts. Incoming connections
includetrlnetconnections, FTP connections, and port
scans. These log records will contain the
source and destination IP addresses and ports.