When trying to evade IDS/IPS devices, which mechanism allows the user to make the data incomprehensible without a specific key, certificate, or password?
I would agree
C and D both need keys to work and B is only used to go to another network but wont evade the IDS perse.
more info:
https://www.ciscopress.com/articles/article.asp?p=3100055&seqNum=3
By the Book, I believe Fragmentation would be correct.
Traditional IDS and IPS devices also suffer from many evasion attacks. The following are some of the most common evasion techniques against traditional IDS and IPS devices:
Fragmentation: Attackers can evade the IPS box by sending fragmented packets.
Using low-bandwidth attacks: Attackers can use techniques that use low-bandwidth or a very small number of packets to evade the system.
Address spoofing/proxying: Attackers can use spoofed IP addresses or sources, as well as intermediary systems such as proxies to evade inspection.
Pattern change evasion: Attackers may use polymorphic techniques to create unique attack patterns.
Encryption: Attackers can use encryption to hide their communication and information.
Steganography is used for hiding text. I believe that it is not the question.
Steganography is the practice of hiding a secret message inside of (or even on top of) something that is not secret. That something can be just about anything you want. These days, many examples of steganography involve embedding a secret piece of text inside of a picture. Or hiding a secret message or script inside of a Word or Excel document.
https://www.comptia.org/blog/what-is-steganography
Answer is the option D.
Incomprehensible = hiden
Steganography can be used to "hide" virtually any type of digital content, including text, image, video, or audio content. And to do this, you don't need a specific key, certificate or password.
The answer is C. encryption.
Encryption is the process of converting data into a form that is unreadable without a specific key. This can be used to evade IDS/IPS devices by making the data incomprehensible to them.
When an attacker is trying to evade detection by IDS/IPS devices, they may use encryption to make their communication unreadable to the security tools that are monitoring the network. By encrypting their data, the attacker can make it more difficult for the IDS/IPS devices to detect and analyze the content of their communication.
Fragmentation involves splitting up data into smaller packets, which can also be used to evade IDS/IPS devices, but it doesn't make the data incomprehensible.
After months of studying, I realized that C - Encryption is the correct answer.
- The question is "Evading IDS/IPS" and there is no way to use Stenography to evade IDS/IPS.
Intrusion Detection Evasive Techniques:
Most attackers are aware of IDSs and use evasive techniques to dodge them. These evasive techniques include flooding, fragmentation, encryption, and obfuscation.
https://www.pearsonitcertification.com/articles/article.aspx?p=174342&seqNum=3#:~:text=Most%20attackers%20are%20aware%20of,fragmentation%2C%20encryption%2C%20and%20obfuscation.
I believe the correct answer is "D"
Stenography is writing on a different way, which can be used to hide the true meaning of the subject.
The purpose of steganography is to conceal and deceive. It is a form of covert communication and can involve the use of any medium to hide messages. It's not a form of cryptography, because it doesn't involve scrambling data or using a key. Instead, it is a form of data hiding and can be executed in clever ways.
https://www.comptia.org/blog/what-is-steganography#:~:text=The%20purpose%20of%20steganography%20is,be%20executed%20in%20clever%20ways.
I would agree on A -->
"Traditional IDS and IPS devices also suffer from many
evasion attacks. The following are some of the most
common evasion techniques against traditional IDS and
IPS devices:
• Fragmentation: Attackers can evade the IPS box
by sending fragmented packets.
• Using low-bandwidth attacks: Attackers can
use techniques that use low-bandwidth or a very
small number of packets to evade the system.
• Address spoofing/proxying: Attackers can use
spoofed IP addresses or sources, as well as
intermediary systems such as proxies to evade
inspection.
• Pattern change evasion: Attackers may use
polymorphic techniques to create unique attack
patterns.
• Encryption: Attackers can use encryption to hide
their communication and information."
Ref: Cisco CyberOps Associate
CBROPS 200-201 Official
Cert Guide
Omar Santos
I might be wrong but encryption is used by threat actors as a method of evasion and obfuscation https://www.ciscopress.com/articles/article.asp?p=3100055&seqNum=2
From here I egree with answer C.
Both C and D are correct, as both fulfill the requirements, but C is on the exam objectives and D is not, so C. These questions are fairly terrible. People saying A need reading comprehension.
It says leads the data incomprehensible WITHOUT a key. Hence a key is required to decrypt it. I think you have misinterpreted it as it does not use a key.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
evra
Highly Voted 3 years, 9 months agoLeo_Visser
3 years, 6 months agofyticez
2 years, 3 months agoanonymous1966
Highly Voted 3 years, 4 months agoanonymous1966
3 years, 4 months agoabbeyade
Most Recent 2 days, 17 hours ago3000bd6
1 month, 3 weeks agod503c75
4 months agoWISDOM2080
1 year, 4 months agoFaio
1 year, 5 months agodrdecker100
1 year, 11 months agoSecurityGuy
1 year, 11 months agoyoussssef
1 year, 11 months agoaaawnd
2 years, 1 month agoChris1971
2 years agoSecurityGuy
2 years, 3 months agoGiacomius
2 years, 4 months ago[Removed]
2 years, 5 months agoNhendy
2 years, 6 months agoKane4555
2 years, 6 months agobodybod
2 years, 8 months agomsingh20
2 years, 6 months ago