Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

All IDPS vendors target users with the same levels of technical and security expertise.

The disadvantages of using the honeypot or padded cell approach include the fact that the technical ​implications of using such devices are not well understood. _________________________

The ____________________ port is also known as a switched port analysis (SPAN) port or mirror port.

Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________

IDPS responses can be classified as active or passive.

A(n) known vulnerability is a published weakness or fault in an information asset or its protective systems that may be exploited and result in loss. _________________________

When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.

With a(n) ____________________ IDPS control strategy, all IDPS control functions are implemented and managed in a central location.

A fully distributed IDPS control strategy is an IDPS implementation approach in which all controlfunctions are applied at the physical location of each IDPS component.

Administrators who are wary of using the same tools that attackers use should remember that a tool that can help close an open or poorly configured firewall will not help the network defender minimize the risk from attack.

A ____________________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

A(n) partially distributed IDPS control strategy combines the best of other IDPS strategies. _________________________

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

__________ are decoy systems designed to lure potential attackers away from critical systems.

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.

The process of entrapment occurs when an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. _________________________

A packet ____________________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

A(n) port is the equivalent of a network channel or connection point in a data communications system. _________________________

Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.

____________________ scanning will allow an Nmap user to bounce a scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.