+ Reply to Thread
Results 1 to 11 of 11
  1. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #1

    Default Signature Identification?

    I'll be taking the N+ in a couple days and am going over some practice exams and came over this question.

    Which of the following is used to verify configuration updates on a firewall? The answer is signature identification. Can someone please explain what signature identification is and how it applies here? I'm having difficulty finding the answer. Thanks in advance.
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    May 2011
    Posts
    67

    Certifications
    A+, N+, S+, CCNA
    #2
    My guess would be with how the firewall (I would more think IPS) would detect attacks, buy a signature of what the packets would look like.
    not sure what the rules are on linking other sites, but you can google signature identification firewall and there are some write-ups on it.
    Reply With Quote Quote  

  4. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #3
    Thanks for your help. I think you are on the right path but I'm looking for something a little more definitive.
    Reply With Quote Quote  

  5. Member
    Join Date
    May 2011
    Posts
    67

    Certifications
    A+, N+, S+, CCNA
    #4
    Signature-Based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action. Signatures can be exploit-based or vulnerability-based. Exploit-based signatures analyze patterns appearing in exploits being protected against, while vulnerability-based signatures analyze vulnerabilities in a program, its execution, and conditions needed to exploit said vulnerability.

    From Wikipedia on Intrusion Prevention Systems. Gave the N+ book to someone that I work with, or else I would look it up. and I was at work with a very limited firewall/proxy to what sites I van get to.
    Reply With Quote Quote  

  6. Member
    Join Date
    Dec 2011
    Location
    Toronto, Ontario
    Posts
    89

    Certifications
    A+, Network+
    #5
    It sounds more like a security+ exam material. I am actually reading on this too from Darril's book. I've taken the N10-004 exam, so perhaps they update a bit on the N10-005?
    Reply With Quote Quote  

  7. Registered Member Darril's Avatar
    Join Date
    May 2009
    Location
    Virginia Beach, VA
    Posts
    1,569

    Certifications
    MCT, A+, Net+, Security+, CASP, SSCP, CISSP, MCSE, MCITP...
    #6
    Quote Originally Posted by RoyalTech View Post
    I'll be taking the N+ in a couple days and am going over some practice exams and came over this question.

    Which of the following is used to verify configuration updates on a firewall? The answer is signature identification. Can someone please explain what signature identification is and how it applies here? I'm having difficulty finding the answer. Thanks in advance.
    One thing to be wary of is that some practice test questions that do not include explanations have incorrect answers. In other words, it may not be a correct answer.

    One possibility is that this is referring to a hash used as a signature to verify that the updates have not been modified. In other words, a vendor can release a file that can be used to update the configuration of a firewal. They can also create a hash of the file which can be used to verify the downloaded file has not been modified. I can envision how someone can refer to this hash as a signature for the configuration file, and call it "signature identification", but this isn't common terminology in my experience.
    Reply With Quote Quote  

  8. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #7
    Quote Originally Posted by charlesc09 View Post
    It sounds more like a security+ exam material. I am actually reading on this too from Darril's book. I've taken the N10-004 exam, so perhaps they update a bit on the N10-005?
    The practice exam I am using is for the N10-004.
    Reply With Quote Quote  

  9. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #8
    I sounds like no one has a definitive answer on this and that, in itself, helps me. It tells me that I shouldn't really get to concerned about it

    Darril, I run across a decent number of incorrect answers in every practice exam I have used in the past but the one I am currently using has a good reputation based on both my own experience with the A+, and friends experiences with t he N+ that I am about to take. I take your response to mean that there are practice exams out there the give explanations for each answer. Can you fill me in on where these practice exams are?

    Rakurai, I'd be interested to know if the text book you were using mention signature identification specifically. I know the two text books I am using do not mention it.

    Overall, I'm going to take what all of you said and just let it rest. There is obviously more important things to focus on.

    Thanks to everyone.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Aug 2011
    Location
    Little Rock, AR
    Posts
    816

    Certifications
    CISSP, CCNA (R&S, Sec), WGU BS:IT Sec, MCTS: Win 7 Config, Sec+, Project+, Storage+, Net+, A+
    #9
    I'm gonna have to agree with Darril here.

    It sounds like whoever wrote the question didn't fully understand either concept, which would be why you can't find a decent answer. Darril's explanation is right on, but I think that's pretty far out of scope for a Net+ exam.

    I see questions like this on nearly every practice test. It just seems like someone started googling keywords and slapping together some terms and calling it a practice test.
    Reply With Quote Quote  

  11. Member
    Join Date
    May 2011
    Posts
    67

    Certifications
    A+, N+, S+, CCNA
    #10
    Quote Originally Posted by swild View Post
    I'm gonna have to agree with Darril here.

    It sounds like whoever wrote the question didn't fully understand either concept, which would be why you can't find a decent answer. Darril's explanation is right on, but I think that's pretty far out of scope for a Net+ exam.

    I see questions like this on nearly every practice test. It just seems like someone started googling keywords and slapping together some terms and calling it a practice test.
    I agree too. I would think that both how a firewall detects based on signature or if it refers to MD5 hashing to verify the integrity of the file with where you downloaded it from, that they should be more in the Security+ cert instead. I did a 5 day bootcamp for N+ and took the test not 2 weeks ago (bootcamp didn't teach me much) but I think that the topic wasn't really discussed. I would be the safe one and just have a rough overview of each for that "just in case" question that may cover it (and I think that what has been said in this thread covers a rough idea of the two).
    Reply With Quote Quote  

  12. Member
    Join Date
    Feb 2012
    Location
    Thousand Oaks, CA
    Posts
    92

    Certifications
    A+, Network+, Security+
    #11
    Then it's unanimous. The question goes into the circular file. lol
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks