Datasheet
642 -531
Leading the way in IT testing and certification tools, www.testking.com
- 13 -
Section 4: Explain the difference between HIP and NIDS (0
questions)
Section 5: Describe the various techniques used to evade intrusion
detection (4 questions)
QUESTION NO: 1
Which of the following describes the evasive technique whereby control characters are
sent to disguise an attack?
A. Flooding
B. Fragmentation
C. Obfuscation
D. Exceeding maximum transmission unit size
Answer: C
Explanation:
Intrusion Detection Systems inspect network traffic for suspect or malicious packet formats,
data payloads and traffic patterns. Intrusion detection systems typically implement
obfuscation defense - ensuring that suspect packets cannot easily be disguised with UTF
and/or hex encoding and bypass the Intrusion Detection systems. Recently, the CodeRed
worm has targeted an unpatched vulnerability with many MicroSoft IIS systems and also
highlighted a different encoding technique supported by MicroSoft IIS systems.
Reference:
Cisco Courseware 3-27
QUESTION NO: 2
Which of the following represents a technique that can be used to evade intrusion
detection technology?
A man-in-the-middle
B TCP resets
C targeted attacks
D obfuscation
Answer: D
Explanation: