Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems

A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment - much like tcpdump - looking for indications of ongoing or successful attacks.

Wireless sensors are most effective when their ____ overlap.

____________________ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

According to SP 800-94, ____________________ (SPA) is a process of comparing predetermined profiles of generally accepted definitions of benign activity for each protocol state against observed events to identify deviations.

One tool that provides active intrusion prevention is known as ____.

List five strengths of IDPSs.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -An indication that a system has detected a possible attack.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -A value placed on an IDPS event's ability to correctly detect and identify certain types of attacks.

Describe the response behavior of IDPSs.

Define and describe a fully distributed IDPS control strategy.