Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems

arrow
Exam 1: Introduction to Information Security50 Questionsadd course
Exam 2: Introduction to Networking50 Questionsadd course
Exam 3: Cryptography50 Questionsadd course
Exam 4: Firewall Technologies and Administration50 Questionsadd course
Exam 5: Network Authentication and Remote Access Using Vpn50 Questionsadd course
Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems50 Questionsadd course
Exam 7: Wireless Network Security49 Questionsadd course
Exam 8: Security of Web Applications50 Questionsadd course
Exam 9: Network Vulnerability Assessment49 Questionsadd course
Exam 10: Auditing, Monitoring, and Logging50 Questionsadd course
Exam 11: Contingency Planning and Networking Incident Response50 Questionsadd course
Exam 12: Digital Forensics50 Questionsadd course
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags
search iconSearch Question
flashcardsStudy Flashcards
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The failure of an IDPS to react to an actual attack event.

Free
(Short Answer)
4.9/5
(39)
Question 1
Correct Answer:
Verified

E

What does the tcpdump host 192.168.1.100 command do?

Free
(Multiple Choice)
4.8/5
(35)
Question 2
Correct Answer:
Verified

A

List three disadvantages of using a honeypot approach.

Free
(Essay)
4.9/5
(37)
Question 3
Correct Answer:
Verified

The disadvantages of using a honeypot approach are:
\bullet The legal implications of using such devices are not well defined.
\bullet An expert attacker, once diverted into a decoy system, may become angry and launch a more hostile attack against an organization's systems.
\bullet Administrators and security managers need a high level of expertise to use these systems.
\bullet Administrators should also be wary of the wasp trap syndrome. In this syndrome, a concerned homeowner installs a wasp trap in his backyard to trap the few insects he sees flying about. Because these traps use scented bait, however, they wind up attracting far more wasps than were originally present. Security administrators should keep the wasp trap syndrome in mind before implementing honeypots.
\bullet Special care must be taken in order to ensure that a honeypot cannot be compromised in a way that could lead to further attacks on your networks or systems.

List three advantages of operational NIDPSs.

(Essay)
4.9/5
(32)
Question 4

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a ____.

(Multiple Choice)
5.0/5
(41)
Question 5

When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.

(Multiple Choice)
4.9/5
(28)
Question 6

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -A value that sets the limit between normal and abnormal behavior.

(Short Answer)
4.7/5
(32)
Question 7

Define enticement and entrapment and compare the two.

(Essay)
4.7/5
(38)
Question 8

The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

(Multiple Choice)
4.7/5
(29)
Question 9

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing both false positives and false negatives.

(Short Answer)
4.8/5
(33)
Question 10

Blacklists and whitelists are most commonly used in ____ detection and stateful protocol analysis.

(Multiple Choice)
4.7/5
(31)
Question 11

Which tcpdump option specifies the number of packets to capture?

(Multiple Choice)
4.9/5
(31)
Question 12

By default, tcpdump will just print ____ information.

(Multiple Choice)
4.7/5
(40)
Question 13

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -An alert or alarm that occurs in the absence of an actual attack.

(Short Answer)
4.8/5
(33)
Question 14

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The process of reducing IDPS events in order to receive a better confidence in the alerts received.

(Short Answer)
5.0/5
(39)
Question 15

____ applications use a combination of techniques to detect an intrusion and trace it back to its source.

(Multiple Choice)
4.7/5
(36)
Question 16

List four problems a wireless IDPS can help detect.

(Essay)
4.7/5
(35)
Question 17

The first hurdle a potential IDPS must clear is functioning in your systems environment.

(True/False)
4.9/5
(35)
Question 18

Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.

(Multiple Choice)
4.9/5
(34)
Question 19

A sniffer can decipher encrypted traffic.

(True/False)
4.8/5
(30)
Question 20
Showing 1 - 20 of 50
close modal

Filters

  • Essay(0)
  • Multiple Choice(0)
  • Short Answer(0)
  • True False(0)
  • Matching(0)