Question 1

List four types of information that an NIDPS typically logs.

Accepted Answer

Timestamps
Event or alert types
Protocol

Question 2

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?

Accepted Answer

A)  passive only 
B)  inline only 
C)  active only 
D)  online only 
A)  passive only 
B)  inline only 
C)  active only 
D)  online only

Question 3

Which of the following is NOT a primary detection methodology?

Accepted Answer

A)  signature detection 
B)  baseline detection 
C)  anomaly detection 
D)  stateful protocol analysis 
A)  signature detection 
B)  baseline detection 
C)  anomaly detection 
D)  stateful protocol analysis

Question 4

Which of the following is an advantage of a signature-based detection system?

Accepted Answer

A)  the definition of what constitutes normal traffic changes 
B)  it is based on profiles the administrator creates 
C)  each signature is assigned a number and name 
D)  the IDPS must be trained for weeks 
A)  the definition of what constitutes normal traffic changes 
B)  it is based on profiles the administrator creates 
C)  each signature is assigned a number and name 
D)  the IDPS must be trained for weeks

Question 5

Describe two advantages and two disadvantages of a signature-based system.

Accepted Answer

Advantages:
This approach makes use of s

Question 6

MATCHING
-an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Accepted Answer

A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive 
A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive

Question 7

Which of the following is true about an NIDPS versus an HIDPS?

Accepted Answer

A)  an NIDPS can determine if a host attack was successful 
B)  an HIDPS can detect attacks not caught by an NIDPS 
C)  an HIDPS can detect intrusion attempts on the entire network 
D)  an NIDPS can compare audit log records 
A)  an NIDPS can determine if a host attack was successful 
B)  an HIDPS can detect attacks not caught by an NIDPS 
C)  an HIDPS can detect intrusion attempts on the entire network 
D)  an NIDPS can compare audit log records

Question 8

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

Accepted Answer

The answer of Anomaly detection systems make use of _______________...

Question 9

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

Accepted Answer

The answer of A network ____________ is a type of...

Question 10

MATCHING
-increasing an intrusion response to a higher level

Accepted Answer

A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive 
A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive

Question 11

Where is a host-based IDPS agent typically placed?

Accepted Answer

A)  on a workstation or server 
B)  at Internet gateways 
C)  between remote users and internal network 
D)  between two subnets 
A)  on a workstation or server 
B)  at Internet gateways 
C)  between remote users and internal network 
D)  between two subnets

Question 12

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

Accepted Answer

A)  inline 
B)  host-based 
C)  hybrid 
D)  network-based 
A)  inline 
B)  host-based 
C)  hybrid 
D)  network-based

Question 13

MATCHING
-a genuine attack detected successfully by an IDPS

Accepted Answer

A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive 
A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive

Question 14

MATCHING
-sets of characteristics that describe network services and resources a user or group normally accesses

Accepted Answer

A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive 
A) accountability 
B) escalated 
C) event horizon 
D) inline sensor 
E) intrusion
F)passive sensor
G)profiles
H)sensor
I)stateful protocol analysis
J)true positive

Question 15

List two approaches to stateful protocol analysis.

Accepted Answer

Traffic rate monitoring
Protoc

Question 16

Which of the following is true about an HIDPS?

Accepted Answer

A)  monitors OS and application logs 
B)  sniffs packets as they enter the network 
C)  tracks misuse by external users 
D)  centralized configurations affect host performance 
A)  monitors OS and application logs 
B)  sniffs packets as they enter the network 
C)  tracks misuse by external users 
D)  centralized configurations affect host performance

Question 17

Which of the following is an IDPS security best practice?

Accepted Answer

A)  to prevent false positives, only test the IDPS at initial configuration 
B)  communication between IDPS components should be encrypted 
C)  all sensors should be assigned IP addresses 
D)  log files for HIDPSs should be kept local 
A)  to prevent false positives, only test the IDPS at initial configuration 
B)  communication between IDPS components should be encrypted 
C)  all sensors should be assigned IP addresses 
D)  log files for HIDPSs should be kept local

Question 18

Describe two advantages and two disadvantages of an anomaly-based system.

Accepted Answer

Advantages:
Because an anomaly detection

Question 19

A weakness of a signature-based system is that it must keep state information on a possible attack.

Accepted Answer

A) True 
 B)False

Question 20

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Accepted Answer

A) True 
 B)False

List four types of information that an NIDPS typically logs.

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?

Which of the following is NOT a primary detection methodology?

Which of the following is an advantage of a signature-based detection system?

Describe two advantages and two disadvantages of a signature-based system.

MATCHING -an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Which of the following is true about an NIDPS versus an HIDPS?

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

MATCHING -increasing an intrusion response to a higher level

Where is a host-based IDPS agent typically placed?

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

MATCHING -a genuine attack detected successfully by an IDPS

MATCHING -sets of characteristics that describe network services and resources a user or group normally accesses

List two approaches to stateful protocol analysis.

Which of the following is true about an HIDPS?

Which of the following is an IDPS security best practice?

Describe two advantages and two disadvantages of an anomaly-based system.

A weakness of a signature-based system is that it must keep state information on a possible attack.

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters

Exam 8: Intrusion Detection and Prevention Systems

List four types of information that an NIDPS typically logs.

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?

Which of the following is NOT a primary detection methodology?

Which of the following is an advantage of a signature-based detection system?

Describe two advantages and two disadvantages of a signature-based system.

MATCHING -an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Which of the following is true about an NIDPS versus an HIDPS?

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

MATCHING -increasing an intrusion response to a higher level

Where is a host-based IDPS agent typically placed?

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

MATCHING -a genuine attack detected successfully by an IDPS

MATCHING -sets of characteristics that describe network services and resources a user or group normally accesses

List two approaches to stateful protocol analysis.

Which of the following is true about an HIDPS?

Which of the following is an IDPS security best practice?

Describe two advantages and two disadvantages of an anomaly-based system.

A weakness of a signature-based system is that it must keep state information on a possible attack.

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters