Exam 4: Incident Response: Detection and Decision Making

The ____ contains the rules and configuration guidelines governing the implementation and operation of IDSs within the organization.

____________________ is the process of classifying the attack alerts that an IDS detects in order to distinguish or sort false positives from actual attacks more efficiently.

A(n)____________________ monitors traffic on a segment of an organization's network.

Match each statement with an item below. -Examines data traffic in search of patterns that match known signatures - that is,preconfigured,predetermined attack patterns.

The term ____________________ refers to a consolidation of almost identical alarms into a single higher-level alarm.

The smart systems administrator backs up system logs but not system data.

The term ____ refers to a value associated with an IDS' ability to detect and identify an attack correctly.

____ occurs when valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on that network.

____ are tools used to identify which computers are active on a network,as well as which ports and services are active on the computers,what function or role the machines may be fulfilling,and so on.

A(n)____________________ can adapt its reaction activities based on both guidance learned over time from the administrator as well as circumstances present in the local environment.

The task of monitoring file systems for unauthorized change is best performed by using a(n)____.

The only time a HIDS produces a false positive alert is when an authorized change occurs for a monitored file.

A data packet is defined as invalid when its configuration matches what is defined as valid by the various Internet protocols (TCP,UDP,IP).

A(n)____ is an indication that a system has just been attacked or continues to be under attack.

Many types of intrusions,especially DoS and DDoS attacks,rely on the creation of improperly formed packets to take advantage of weaknesses in the protocol stack in certain operating systems or applications.

A(n)____ is a type of attack on information assets in which the instigator attempts to gain unauthorized entry into a system or network or disrupt the normal operations of a system or network.

Match each statement with an item below. -Looks for indications of ongoing or successful attacks and resides on a computer or appliance connected to that network segment.

Match each statement with an item below. -A widely used port scanner.

Match each statement with an item below. -Tool used to identify which computers are active on a network,as well as which ports and services are active on the computers,what function or role the machines may be fulfilling,and so on.

A ____ is a computer server configured to resemble a production system,containing rich information just begging to be hacked.