Question 1

Which of the following is considered a problem with a passive,signature-based system?

Accepted Answer

A)  profile updating 
B)  signature training 
C)  custom rules 
D)  false positives 
A)  profile updating 
B)  signature training 
C)  custom rules 
D)  false positives

Question 2

If you see a /16 in the header of a snort rule,what does it mean?

Accepted Answer

A)  a maximum of 16 log entries should be kept 
B)  the size of the log file is 16 MB 
C)  the subnet mask is 255.255.0.0 
D)  the detected signature is 16 bits in length 
A)  a maximum of 16 log entries should be kept 
B)  the size of the log file is 16 MB 
C)  the subnet mask is 255.255.0.0 
D)  the detected signature is 16 bits in length

Question 3

Define stateful protocol analysis.Include in your answer the concept of the event horizon.

Accepted Answer

When an IDPS receives a packet,informati

Question 4

Why might you want to allow extra time for setting up the database in an anomaly-based system?

Accepted Answer

A)  the installation procedure is usually complex and time consuming 
B)  to add your own custom rule base 
C)  it requires special hardware that must be custom built 
D)  to allow a baseline of data to be compiled 
A)  the installation procedure is usually complex and time consuming 
B)  to add your own custom rule base 
C)  it requires special hardware that must be custom built 
D)  to allow a baseline of data to be compiled

Question 5

What are the four typical components of an IDPS?

Accepted Answer

Network sensors or host-based agents tha

Question 6

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?

Accepted Answer

A)  training period 
B)  baseline scanning 
C)  profile monitoring 
D)  traffic normalizing 
A)  training period 
B)  baseline scanning 
C)  profile monitoring 
D)  traffic normalizing

Question 7

A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

Accepted Answer

A) True 
 B)False

Question 8

Which of the following is NOT a method used by passive sensors to monitor traffic?

Accepted Answer

A)  spanning port 
B)  network tap 
C)  packet filter 
D)  load balancer 
A)  spanning port 
B)  network tap 
C)  packet filter 
D)  load balancer

Question 9

Which of the following is true about the steps in setting up and using an IDPS?

Accepted Answer

A)  anomaly-based systems come with a database of attack signatures 
B)  sensors placed on network segments will always capture every packet 
C)  alerts are sent when a packet doesn't match a stored signature 
D)  false positives do not compromise network security 
A)  anomaly-based systems come with a database of attack signatures 
B)  sensors placed on network segments will always capture every packet 
C)  alerts are sent when a packet doesn't match a stored signature 
D)  false positives do not compromise network security

Question 10

Contrast anomaly detection with signature detection.

Accepted Answer

An anomaly detection system makes use of

Which of the following is considered a problem with a passive,signature-based system?

If you see a /16 in the header of a snort rule,what does it mean?

Define stateful protocol analysis.Include in your answer the concept of the event horizon.

Why might you want to allow extra time for setting up the database in an anomaly-based system?

What are the four typical components of an IDPS?

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?

A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

Which of the following is NOT a method used by passive sensors to monitor traffic?

Which of the following is true about the steps in setting up and using an IDPS?

Contrast anomaly detection with signature detection.

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters

Exam 8: Intrusion Detection and Prevention Systems

Which of the following is considered a problem with a passive,signature-based system?

If you see a /16 in the header of a snort rule,what does it mean?

Define stateful protocol analysis.Include in your answer the concept of the event horizon.

Why might you want to allow extra time for setting up the database in an anomaly-based system?

What are the four typical components of an IDPS?

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?

A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

Which of the following is NOT a method used by passive sensors to monitor traffic?

Which of the following is true about the steps in setting up and using an IDPS?

Contrast anomaly detection with signature detection.

Network Security Fundamentals

TCP-IP

Network Traffic Signatures

Routing Fundamentals

Cryptography

Wireless Network Fundamentals

Understanding Wireless Security

Firewalls

Firewall Design and Management

VPN Concepts

Internet and World Wide Web Security

Security Policy Design and Implementation

On-Going Security Management

Filters