Exam

: Enterasys Networks 2B0-018 : ES Dragon IDS

Title

Version : R6.1

www.Prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.

www.Prepking.com

 1. Which of the following is NOT a typical function of an Intrusion Detection System? A. Monitors segment traffic to detect suspicious activity B. Monitors network traffic and corrects attacks C. Monitors traffic patterns to report on malicious events D. Monitors individual hosts (HIDS) or network segments (NIDS) Answer: B 2. Which best describes a SYN Flood attack? A. Attacker redirects unusually large number of SYN/ACK packets B. Attacker sends relatively large number of altered SYN packets C. Attacker floods a host with a relatively large number of unaltered SYN packets D. Attacker floods a host with an unusually large number of legitimate ACK packets Answer: B 3. Which best describes a type of attack that aims to prevent the use of a service or host? A. Reconnaissance B. Denial of Service C. IP Spoofing D. Exploit Answer: B 4. Which of the following is NOT a valid detection method used by Dragon Network Sensor? A. Signature detection B. Protocol detection C. Policy detection D. Anomaly detection Answer: C 5. Which of the following is NOT a function of Dragon Forensics Console? A. Allows for central configuration of Active Response mechanisms to deter network attacks B. Centrally analyzes activity as it is occurring or has occurred over time C. Correlates events together across Network Sensor, Host Sensor, and any other infrastructure system (e.g., firewall, router) for which messages have been received (via Host Sensor log forwarding) D. Provides the tools for performing a forensics level analysis and reconstructing an attackers session Answer: A 6. Which of the following does NOT describe Dragon Host Sensors Multi-Detection methods? A. Monitors output to a hosts system and audit logs B. Monitors a hosts files via MD5 integrity-checking C. Monitors a hosts specified network interface promiscuously for anomalous activity
www.Prepking.com

 D. Monitors a hosts specific file attributes for changes to owner, group, permissions and file size E. Monitors a Windows hosts Registry for attributes that should not be accessed and/or modified Answer: C 7. What is the method that Dragon uses to secure the communication between the remote management host and Dragon Policy Manager? A. SSH B. SSL C. IPSec D. MD5 Answer: B 8. What is the primary and default source of event data for Dragon RealTime Console? A. dragon.log.xxx B. dragon.db C. Ring Buffer D. Dragon Workbench Answer: C 9. For what purpose can Dragon Workbench be used? A. Read data from TCPDUMP trace/capture file and write to dragon.db for later analysis B. Read data from dragon.db file and write to a TCPDUMP trace/capture file for later analysis C. Read data from RealTime Console and write to a TCPDUMP trace/capture file for later analysis D. This functionality is ONLY available on Dragon Appliances Answer: A 10. What is one benefit of Dragon Network Sensors dual network interface capability as deployed on a non-Dragon Appliance system? A. Secure management and reporting on one interface; Network Sensor invisible on other interface B. Allows for collection of event data from both interfaces simultaneously C. Allows for protocol detection from one interface, and anomaly detection from the other interface D. This functionality is ONLY available on Dragon Appliances Answer: A 11. Which component of Dragon is most responsible for enabling hierarchical deployments? A. Dragon Network Sensor B. Dragon Security Information Manager C. Dragon Event Flow Processor D. Dragon Hierarchy Agent Answer: C
www.Prepking.com

 12. What might be one benefit of configuring a Dragon Host Sensor Server? A. To provide IKE-level security for Host Sensors deployed in a corporate DMZ B. To centrally collect NIDS-event data from Network Sensors C. To collect HIDS-event data from systems on which it is not possible or practical to deploy a Dragon Host Sensor Answer: C 13. How many Dragon Policy Managers can simultaneously manage a single Dragon Network/Host Sensor? A. 1 B. 2 C. 10 D. Unlimited Answer: A 14. Why might an IDS administrator configure Dragon Enterprise Management Server to INITIATE outbound connections to remote Network/Host Sensors? A. To increase performance when traversing a corporate DMZ B. To provide the additional security that is inherent in the Server-initiated communication C. Dragon only allows server-initiated (outbound) connections D. To integrate Dragon into MSSP or other environments where firewalls prohibit inbound connections from Network/Host Sensors Answer: D 15. Which of the following best describes the relationship between policies and signatures on a Dragon Host Sensor? A. Policies can contain O/S-specific signatures B. Signatures can contain O/S-specific policies C. Policies and signatures are combined in a single library D. Policies and signatures are unrelated Answer: A 16. What two modes are available when installing a Dragon Host Sensor? A. Standalone and Enterprise B. Local and Remote C. Active and Standby Answer: A 17. What is the recommended method to start all installed Dragon components in Enterprise mode? A. ./dragon enterprise
www.Prepking.com

 B. ./driders enterprise C. ./dragonctl start D. ./dragonctl enterprise Answer: C 18. Which of the following is NOT a recommended means for a Dragon Network Sensor to collect event data over multiple switched links? A. Port Redirection B. Network Tap(s) C. Port Trunking D. Strategic deployment of multiple Dragon Network Sensors Answer: C 19. Which of the following is required in order for the Dragon installation script (install.pl) to be completed? A. Dragon license key B. Pre-configured user and group named dragon C. Active link to the internet Answer: B 20. What is one method of de-activating a Dragon Policy Manager on a Linux host? A. ./dragonctl kill PolicyManager B. ./dragonctl kill policy-manager C. ./dragonctl stop PolicyManager D. ./dragonctl stop policy-manager Answer: C 21. What is one drawback of deploying a single Dragon Network Sensor on the inside (INTRAnet side) of a firewall that is configured to only allow http traffic? A. The Network Sensor will only see internet (external) attacks that originate from outside the firewall B. The Network Sensor will not see all internet (external) attacks because the firewall will block the associated traffic C. The Network Sensor will only see intranet (internal) attacks directed at port 80 D. The Network Sensor will not see intranet (internal) attacks Answer: B 22. Which is NOT a recommended means of securing a Dragon Network Sensor host? A. Install dual NICs; one with and IP address, the other without an IP address B. Install an O/S that supports VPN tunneling C. Replace Telnet/FTP with Secure Shell D. Turn off unnecessary O/S services
www.Prepking.com

 Answer: B 23. Which of the following best describes the components that must be installed in order for a Dragon Host Sensor for MS-Windows to successfully send event data to a Dragon Policy Manager? A. A Connection Manager on the DPM that the Host Sensor for MS-Windows communicates with B. A Connection Manager and an EFP on the DPM that the Host Sensor for MS-Windows communicates with C. A Connection Manager on the Host Sensor for MS-Windows that the DPM communicates with D. A Connection Manager and an EFP on the Host Sensor for MS-Windows that the DPM communicates with Answer: B 24. What is true regarding an installation of a Dragon Network Sensor that will NOT be in contact with a Dragon Policy Manager/Server? A. You must install both the Dragon Rider Sensor and Dragon Forensics Console components B. You must not install either the Dragon Rider Sensor or Dragon Forensics Console components C. You do not need to install Dragon Rider Sensor, but you should install Dragon Forensics Console D. You do not need to install Dragon Forensics Console, but you should install Dragon Rider Sensor Answer: C 25. Which of the following Dragon configuration files monitors IP payload fields and TCP/UDP network sessions? A. dragon.net B. dragon.sigs C. dragon.cfg D. driders.cfg Answer: B 26. Which of the following best describes the function of Dragons WEBCONVERT parameter? A. Converts the destination TCP port for all http traffic to port 81 for security reasons B. Performs signature translation on web attack attempts to avoid anti-IDS techniques C. Converts the IP addresses of web attack attempts to an address on the trusted network D. Performs IP address translation on trusted web servers to protect them from attack Answer: B 27. The following will significantly enhance Dragon Network/Host Sensor performance: A. shorter signatures B. less signatures C. signatures with wildcards D. signatures with active responses
www.Prepking.com

 Answer: B 28. Which Dragon signature configuration file might you edit in order to change a Dragon Network Sensor name? A. dragon.net B. dragon.sigs C. dragon.cfg D. driders.cfg Answer: A 29. When defining Dragon signatures, what isolated character (alone by itself) is disallowed in the string field? A. numbers B. / C. # D. ; Answer: B 30. In a default installation, the dragon.net and dragon.sigs configuration files are: A. located in the /usr/dragon directory B. symbolically linked to the /usr/dragon/sensor/conf directory C. located in the /usr/dragon/DB directory D. symbolically linked to the /usr/dragon/bin directory Answer: B 31. Which one of the following configuration files is used by a Dragon Network Sensor to monitor IP header information for Layer 3 probes and attacks? A. dragon.net B. dragon.sigs C. dragon.cfg D. driders.cfg Answer: A 32. Which of the following components is responsible for sending configuration information to a Dragon Network Sensor? A. Dragon Host Sensor B. Dragon Network Sensor C. Dragon Rider Sensor D. Dragon Policy Manager/Server E. Dragon Manager
www.Prepking.com

 Answer: D 33. What Dragon configuration file contains the TCP port number that the Dragon Policy Manager/Server uses to communicate with a Dragon Network Sensor? A. dragon.net B. dragon.sigs C. dragon.cfg D. driders.cfg Answer: D 34. Which best describes the /usr/dragon/DB/dragon.log.xxx Export Log file on a Dragon Policy Manager ? A. Stores error messages encountered in the operation of a Dragon Network/Host Sensor B. Contains a single event store made up of information potentially taken from multiple database files C. Concatenates entire contents of multiple dragon.db files into a single resource D. Log file that contains consolidated administration events from all Dragon components Answer: B 35. What are two primary functions of a Dragon Policy Manager/Server? A. Receive Network/Host Sensor events; send Network/Host Sensor configurations B. Receive Client events; send Apache html events C. Encrypt communication between Network Sensor and DPM Client; decrypt communication between Network Sensor and Host Sensor Answer: A 36. What component must be operational in order for a Dragon Network/Host Sensor to communicate with a Dragon Policy Manager/Server? A. Alarmtool Agent B. Dragon DB Agent C. Dragon Rider Sensor/Squire Daemon D. Dragon Trending Console with mySQL server active Answer: C 37. In which default subdirectory are ALL event data stored for a Dragon Network Sensor that has been actively collecting data for 37 hours? A. /var/log B. /usr/dragon/conf C. /usr/dragon/DB D. /usr/dragon/DB/[date] Answer: C 38. Which file would be used to determine the proper starting/stopping of a Dragon Network Sensor?
www.Prepking.com

 A. /usr/dragon/dragon.net B. /usr/dragon/dragon.sigs C. /usr/dragon/dragon.cfg D. /usr/dragon/logs/dragon.log Answer: D 39. Active Responses are enabled in which Dragon configuration file? A. dragon.net B. dragon.sigs C. dragon.cfg D. driders.cfg Answer: A 40. When updating a Dragon Network/Host Sensor, which of the following best describes the difference between the Install Version and the Pending Version? A. The Install Version reflects the current configuration; the Pending Version reflects the files queued but not pushed B. The Install Version reflects the files queued but not pushed; the Pending Version reflects the current configuration C. The Install Version and the Pending Version should always be identical D. The Install Version always reflects the factory default installation data; the Pending Version reflects the current configuration Answer: A 41. Which of the following represents the chronological procedure for pushing a configuration to a Dragon Network Sensor? A. Select the Network Sensor to update; Select the signature library to activate; Queue the files to be pushed; Push the configuration B. Select the signature library to update; Select Update Signature File; Push the configuration C. Select the Network Sensor to update; Select Update Net File; Push the configuration D. Select the Network Sensor to update; select the signature library to update; Select Update Network Sensor Answer: A 42. Assuming proper installation of your Dragon Network Sensor, which of the following best describes a method you might use to correct a red icon displaying in DPM for your Network Sensor? A. Re-install the Dragon Network Sensor B. Refresh the DPM Update Network Sensor web interface screen C. Stop and re-start all Dragon programs
www.Prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/2B0-018.htm