It is suspected that some recent network compromises are originating from the use of RDP. Which of the following TCP port traffic should be monitored?
a. 3389
b. 139
c. 138
d. 443
Answer: A
TCP port 3389 is used by RDP. Answer B is incorrect because UDP uses port 139 for network sharing. Answer C is incorrect because port 138 is used to allow NetBIOS traffic for name resolution. Answer D is incorrect because port 443 is used for HTTPS.
Learn More :
Protecting Networks
- Which of the following is most likely to use network segmentation as an alternate security method?
- Which of the following protocols supports DES, 3DES, RC2, and RSA2 encryption along with CHAP authentication, but was not widely adopted?
- Which of the following are examples of protocol analyzers? (Check all correct answers.)
- Which of the following are not methods for minimizing a threat to a web server? (Choose the two best answers.)
- What is a system that is intended or designed to be broken into by an attacker called?
- Which IDS function evaluates data collected from sensors?
- A junior administrator bursts into your office with a report in his hand. He claims that he has found documentation proving that an intruder has been entering the network on a regular basis. Which of the following implementations of IDS detects intrusions based on previously established rules that are in place on your network?
- Which of the following is an active response in an IDS?
- You're the administrator for Acme Widgets. After attending a conference on buzzwords for management, your boss informs you that an IDS should be up and running on the network by the end of the week. Which of the following systems should be installed on a host to provide IDS capabilities?
- Which of the following can be used to monitor a network for unauthorized activity? (Choose two.)
- Security has become the utmost priority at your organization. You're no longer content to act reactively to incidents when they occur—you want to start acting more proactively. Which system performs active network monitoring and analysis and can take proactive steps to protect a network?
- Which device monitors network traffic in a passive manner?
- Which type of active response fools the attacker into thinking the attack is succeeding while the system monitors the activity and potentially redirects the attacker to a system that is designed to be broken?
- Sockets are a combination of the IP address and which of the following?
- The IDS console is known as what?
- Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
- Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
- Which IDS system uses algorithms to analyze the traffic passing through the network?
- Which of the following implies ignoring an attack and is a common response?
- Which of the following copies the traffic from all ports to a single port and disallows bidirectional traffic on that port?
- Which of the following IDS types looks for things outside of the ordinary?
- In intrusion detection system parlance, which account is responsible for setting the security policy for an organization?
- Which Linux utility can show if there is more than one set of documentation on the system for a command you are trying to find information on?