Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

A(n) __________ port, also known as a monitoring port, is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.

A signature-based IDPS is sometimes called a(n) ____________________-based IDPS.

The ability to detect a target computer's __________ is very valuable to an attacker.

Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.

A(n) ____________________ is a honeypot that has been protected so that it cannot be easily compromised.

__________ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.

A wireless security toolkit should include the ability to sniff wireless traffic, scan wireless hosts, and assess the level of privacy or confidentiality afforded on the wireless network. _________________________

An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message.

__________ is the action of luring an individual into committing a crime to get a conviction.

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.

An HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.

A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________

A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.

IDPSs can help the organization protect its assets when its networks and systems are exposed to ____________________ vulnerabilities or are unable to respond to a rapidly changing threat environment.

Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________

Using __________, the system reviews the log files generated by servers, network devices, and even other IDPSs.

Port explorers are tools used both by attackers and defenders to identify (or fingerprint) the computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information. _________________________

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.