Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

____________________ is a systematic survey of all of the target organization's Internet addresses.

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

The Metasploit Framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems.

A(n) __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.

A(n) ____________________ is a honeypot that has been protected so that it cannot be easily compromised.

The process of entrapment occurs when an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. _________________________

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDS.

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________

In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use.

When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________

____________________ scanning will allow an Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.

Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.

A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.