Chat with AIExam 6: Network Monitoring and Intrusion Detection and Prevention Systems
Exam 1: Introduction to Information Security50 Questions
Exam 2: Introduction to Networking50 Questions
Exam 3: Cryptography50 Questions
Exam 4: Firewall Technologies and Administration50 Questions
Exam 5: Network Authentication and Remote Access Using Vpn50 Questions
Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems50 Questions
Exam 7: Wireless Network Security49 Questions
Exam 8: Security of Web Applications50 Questions
Exam 9: Network Vulnerability Assessment49 Questions
Exam 10: Auditing, Monitoring, and Logging50 Questions
Exam 11: Contingency Planning and Networking Incident Response50 Questions
Exam 12: Digital Forensics50 Questions
Select questions type
The ____________________ port, also known as a switched port analysis (SPAN) port or mirror port, is a specially configured connection on a network device that is capable of viewing all the traffic that moves through the entire device.
(Short Answer)
4.8/5 
(35)
(35) One of the best reasons to install a(n) ____ is to provide an organization with overall situational awareness - or a better overall understanding - of the activities that take place on the network.
(Multiple Choice)
4.9/5 (31)
(31) The tcpdump tool will output both the header and packet contents into ____ format.
(Multiple Choice)
4.7/5 (40)
(40) Because of its ubiquity in UNIX/Linux systems, ____ has become the de facto standard in network sniffing.
(Multiple Choice)
4.8/5 (33)
(33) Describe three factors that can delay or undermine an organization's ability to make its systems safe from attack and subsequent loss.
(Essay)
4.8/5 (41)
(41) A signature-based IDPS examines network traffic in search of patterns that match known ____.
(Multiple Choice)
4.8/5 (19)
(19) Deploying and implementing an IDPS is always a straightforward task.
(True/False)
4.7/5 (32)
(32) In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
(Multiple Choice)
5.0/5 (28)
(28) A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
(Short Answer)
4.8/5 (36)
(36) Match each item with a statement below.
a.Alert
f.False positive
b.Confidence
g.Filtering
c.Evasion
h.Tuning
d.Events
i.Thresholds
e.False negative
-IDPS events that are accurate and noteworthy but do not pose a significant threat to information security.
(Short Answer)
4.7/5 (27)
(27) Intrusion ____ consists of activities that deter an intrusion.
(Multiple Choice)
4.9/5 (28)
(28) The size of a signature base is a good measure of an IDPS's effectiveness.
(True/False)
4.8/5 (26)
(26) Match each item with a statement below.
a.Alert
f.False positive
b.Confidence
g.Filtering
c.Evasion
h.Tuning
d.Events
i.Thresholds
e.False negative
-The process by which an attacker changes the format of the network packets and/or timing of their activities to avoid being detected by the IDPS.
(Short Answer)
4.9/5 (35)
(35) Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.
(Multiple Choice)
4.9/5 (38)
(38) ____________________ are decoy systems designed to lure potential attackers away from critical systems.
(Short Answer)
4.7/5 (32)
(32) In ____ verification, the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use.
(Multiple Choice)
4.9/5 (32)
(32) Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.
(True/False)
4.8/5 (28)
(28) Explain the focus of a network-based IDPS and describe the specialized subtypes of network-based IDPSs.
(Essay)
4.8/5 (40)
(40) A ____ is a list of discrete entities that are known to be benign.
(Multiple Choice)
4.8/5 (36)
(36) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)