312-50V10 Question #145: Real Exam Question with Answer & Explanation

The correct answer is C: Encryption. When the NIDS encounters encrypted traffic, the only analysis it can perform is packet level analysis, since the application layer contents are inaccessible. Given that exploits against today's networks are primarily targeted against network services (application layer entities),

Evading IDS, Firewalls, and Honeypots

Question

You have successfully gained access to a Linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS). What is the best way to evade the NIDS?

Options

AOut of band signaling
BProtocol Isolation
CEncryption
DAlternate Data Streams

Explanation

When the NIDS encounters encrypted traffic, the only analysis it can perform is packet level analysis, since the application layer contents are inaccessible. Given that exploits against today's networks are primarily targeted against network services (application layer entities), packet level analysis ends up doing very little to protect our core business assets.

Topics

#NIDS evasion#traffic encryption#IDS bypass#post-exploitation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice