1. Right Answer: A
Explanation: Packet Filtering Firewall -Also Known as First Generation FirewallDo not maintain client session -The advantage of this type of firewall are simplicity and generally stable performance since the filtering rules are performed at the network layer.Its simplicity is also disadvantage, because it is vulnerable to attack from improperly configured filters and attack tunneled over permitted services.Some of the more common attack on packet filtering are IP Spoofing, Source Routing specification, Miniature fragment attack.Stateful Inspection Firewall -A stateful inspection firewall keep track of the destination IP address of each packet that leaves the organization's internal network.The session tracking is done by mapping the source IP address of incoming packet with the list of destination IP addresses that is maintained and updatedThis approach prevent any attack initiated and originated by outsider.The disadvantage includes stateful inspection firewall can be relatively complex to administer as compare to other firewall.The following were incorrect answers:All other choices presented were incorrect answers because they all had the proper definition.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 345 and 346

2. Right Answer: B
Explanation: In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure.A screened subnet firewall is often used to establish a demilitarized zone (DMZ).Below are few examples of Firewall implementations:Screened host Firewall -Utilizing a packet filtering router and a bastion host, this approach implements a basic network layer security and application server security.An intruder in this configuration has to penetrate two separate systems before the security of the private network can be compromisedThis firewall system is configured with the bastion host connected to the private network with a packet filtering router between internet and the bastion hostDual-homed Firewall -A firewall system that has two or more network interface, each of which is connected to a different networkIn a firewall configuration, a dual homed firewall system usually acts to block or filter some or all of the traffic trying to pass between the networkA dual-homed firewall system is more restrictive form of screened-host firewall systemDemilitarize Zone (DMZ) or screened-subnet firewallUtilizing two packet filtering routers and a bastion hostThis approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ networkTypically, DMZs are configured to limit access from the internet and organization's private network.The following were incorrect answers:The other types of firewall mentioned in the option do not utilize two packet filtering routers and a bastion host.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 346

3. Right Answer: C
Explanation: Neural Network based IDS monitors the general patterns of activity and traffic on the network, and create a database of normal activities within the system. This is similar to statistical model but with added self-learning functionality.Also, you should know below categories and types of IDS for CISA exam:An IDS works in conjunction with routers and firewall by monitoring network usage anomalies.Broad category of IDS includes:Network based IDS -Host based IDS -Network Based IDS -They identify attack within the monitored network and issue a warning to the operator.If a network based IDS is placed between the Internet and the firewall, it will detect all the attack attempts whether or not they enter the firewallHost Based IDS -They are configured for a specific environment and will monitor various internal resources of the operating system to warn of a possible attack.They can detect the modification of executable programs, detect the detection of files and issue a warning when an attempt is made to use a privilege account.Types of IDS includes -Signature Based IDS '' These IDS system protect against detected intrusion patterns. The intrusive pattern they can identify are stored in the form of signature.Statistical Based IDS '' This system needs a comprehensive definition of the known and expected behavior of systemNeural Network '' An IDS with this feature monitors the general patterns of activity and traffic on the network, and create a database. This is similar to statistical model but with added self-learning functionalityThe following were incorrect answers:The other types of IDS mentioned in the options do not monitor general patterns of activities and contains self-learning functionalities.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 346 and 347

4. Right Answer: B
Explanation: Host Based IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system.Also, you should know below mentioned categories and types of IDS for CISA examAn IDS works in conjunction with routers and firewall by monitoring network usage anomalies.Broad categories of IDS include:1. Network Based IDS2. Host Based IDSNetwork Based IDS -They identify attack within the monitored network and issue a warning to the operator.If a network based IDS is placed between the Internet and the firewall, it will detect all the attack attempts whether or not they enter the firewallNetwork Based IDS are blinded when dealing with encrypted trafficHost Based IDS -They are configured for a specific environment and will monitor various internal resources of the operating system to warn of a possible attack.They can detect the modification of executable programs, detect the detection of files and issue a warning when an attempt is made to use a privilege account.They can monitor traffic after it is decrypted and they supplement the Network Based IDS.Types of IDS includes:Statistical Based IDS '' This system needs a comprehensive definition of the known and expected behavior of systemNeural Network '' An IDS with this feature monitors the general patterns of activity and traffic on the network, and create a database. This is similar to statistical model but with added self-learning functionality.Signature Based IDS '' These IDS system protect against detected intrusion patterns. The intrusive pattern they can identify are stored in the form of signature.The following were incorrect answers:The other types of IDS mentioned in the options do not resides on important systems like database and critical serversThe following reference(s) were/was used to create this question:CISA review manual 2014 Page number 346 and 347

5. Right Answer: D
Explanation: Detecting zero day attack is an advantage of IDS system making use of behavior or heuristic detection.It is important to read carefully the question. The word 'NOT' was the key word.Intrusion Detection System are somewhat limited in scope, they do not address the following:Weakness in the policy definitionApplication-level vulnerability -Backdoor within application -Weakness in identification and authentication schemesAlso, you should know the information below for your CISA exam:An IDS works in conjunction with routers and firewall by monitoring network usage anomalies.Broad category of IDS includes:1. Network Based IDS2. Host Based IDSNetwork Based IDS -They identify attack within the monitored network and issue a warning to the operator.If a network based IDS is placed between the Internet and the firewall, it will detect all the attack attempts whether or not they enter the firewallNetwork Based IDS are blinded when dealing with encrypted trafficHost Based IDS -They are configured for a specific environment and will monitor various internal resources of the operating system to warn of a possible attack.They can detect the modification of executable programs, detect the detection of files and issue a warning when an attempt is made to use a privilege account.They can monitor traffic after it is decrypted and they supplement the Network Based IDS.Types of IDS includes:Statistical Based IDS '' This system needs a comprehensive definition of the known and expected behavior of systemNeural Network '' An IDS with this feature monitors the general patterns of activity and traffic on the network, and create a database. This is similar to statistical model but with added self-learning functionality.Signature Based IDS '' These IDS system protect against detected intrusion patterns. The intrusive pattern they can identify are stored in the form of signature.The following were incorrect answers:The other options mentioned are all limitations of an IDS.The following reference(s) were/was used to create this question:CISA review manual 2014 Page number 346 and 347