Exam 8: Intrusion Detection and Prevention Systems

An IDPS __________________ server is the central repository for sensor and agent data.

Which of the following is NOT a typical IDPS component?

Which of the following is NOT a network defense function found in intrusion detection and prevention systems?

__________________ procedures are a set of actions that are spelled out in the security policy and followed if the IDPS detects a true positive.

What are the four common entry points to a network where sensors should be placed?

Which IDPS customization option is a list of entities known to be harmless?

What is an inline sensor and how is it used to stop attacks?

In a _______________ based detection system,the IDPS can begin working immediately after installation.

What is an advantage of the anomaly detection method?

MATCHING -an attempt to gain unauthorized access to network resources

MATCHING -the process of maintaining a table of current connections so that abnormal traffic can be identified

An IDPS consists of a single device that you install between your firewall and the Internet.

MATCHING -the entire length of an attack

MATCHING -an IDPS component that monitors traffic on a network segment

Which approach to stateful protocol analysis involves detection of the protocol in use,followed by activation of analyzers that can identify applications not using standard ports?

An NIDPS can tell you whether an attack attempt on the host was successful.

Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic,is resource intensive,and requires extensive tuning and maintenance?

What are the three network defense functions performed by an IDPS?

MATCHING -the ability to track an attempted attack or intrusion back to its source

MATCHING -an NIDPS sensor that examines copies of traffic on the network