Question 1

A(n)____ is an event that triggers alarms and causes a false positive when no actual attacks are in progress.

Accepted Answer

A) alert 
B) false negative 
C) false attack stimulus 
D) True Attack Stimulus 
A) alert 
B) false negative 
C) false attack stimulus 
D) True Attack Stimulus

Question 2

A(n)____ is designed to be placed in a network to determine whether or not the network is being used in ways that are out of compliance with the policy of the organization.

Accepted Answer

A) alert 
B) security policy 
C) intrusion detection system 
D) DNS cache 
A) alert 
B) security policy 
C) intrusion detection system 
D) DNS cache

Question 3

What are the advantages and disadvantages of HIDS?

Accepted Answer

Advantages
1.A HIDS can detect local eve

Question 4

According to Pipkin,what are the four types of incident candidates that are probable indicators of actual incidents? Provide a brief description of each incident candidate.

Accepted Answer

1.Activities at unexpected times: If tra

Question 5

Match each statement with an item below.
-Network burglar alarm.

Accepted Answer

A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility 
A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility

Question 6

Match each statement with an item below.
-The action of luring an individual into committing a crime to get a conviction.

Accepted Answer

A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility 
A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility

Question 7

____ are also known as system integrity verifiers.

Accepted Answer

A) Alarm filters 
B) Honeypot Farms 
C) HIDSs 
D) Scanning utilities 
A) Alarm filters 
B) Honeypot Farms 
C) HIDSs 
D) Scanning utilities

Question 8

____ is an ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks.

Accepted Answer

A) Alarm compaction 
B) Cache poisoning 
C) Noise 
D) Alarm Clustering 
A) Alarm compaction 
B) Cache poisoning 
C) Noise 
D) Alarm Clustering

Question 9

The failure of an IDS system to react to an actual attack event is known as a ____.

Accepted Answer

A) false positive 
B) false negative 
C) Confidence Value 
D) site policy 
A) false positive 
B) false negative 
C) Confidence Value 
D) site policy

Question 10

Match each statement with an item below.
-The process of attracting attention to a system by placing tantalizing bits of information in key locations.

Accepted Answer

A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility 
A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility

Question 11

Using a process known as ____,Network IDSs must look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be underway.

Accepted Answer

A) clipping 
B) cache poisoning 
C) scanning 
D) signature matching 
A) clipping 
B) cache poisoning 
C) scanning 
D) signature matching

Question 12

The purpose of a NIDS is to look for patterns within network traffic that indicate an intrusion event is underway or about to begin.

Accepted Answer

A) True 
 B)False

Question 13

Match each statement with an item below.
-Can indicate if a relationship exists between the individual alarm elements when they have specific similar attributes.

Accepted Answer

A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility 
A) Intrusion detection system 
B) HIDS 
C) Signature-based IDS 
D) Enticement 
E) Entrapment
F)Alarm clustering
G)NIDS
H)Nmap
I)Scanning utility

Question 14

A ____ is an alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack.

Accepted Answer

A) false positive 
B) false negative 
C) Confidence Value 
D) site policy 
A) false positive 
B) false negative 
C) Confidence Value 
D) site policy

Question 15

Briefly describe the tasks involved in managing logs.

Accepted Answer

Managing logs involves the following:
1.

Question 16

Discuss two weaknesses of the signature-based IDS technology.

Accepted Answer

The problem with this approach is that a

Question 17

What are the steps involved in monitoring networks for signs of intrusion?

Accepted Answer

One accomplishes this in the following m

Question 18

The term ____ refers to an event that triggers alarms and causes an IDS to react as if a real attack is in progress.

Accepted Answer

A) True Attack Stimulus 
B) false positive 
C) Confidence Value 
D) Alarm Compaction 
A) True Attack Stimulus 
B) false positive 
C) Confidence Value 
D) Alarm Compaction

Question 19

When placed next to a hub,switch,or other key networking device,the NIDS may use that device's monitoring port,also known as a(n)____ port or mirror port.

Accepted Answer

A) SWAN 
B) HID 
C) SPAN 
D) IDS 
A) SWAN 
B) HID 
C) SPAN 
D) IDS

Question 20

List five reasons why you would acquire and use an IDS.

Accepted Answer

The reasons include:
To prevent problem

A(n)____ is an event that triggers alarms and causes a false positive when no actual attacks are in progress.

A(n)____ is designed to be placed in a network to determine whether or not the network is being used in ways that are out of compliance with the policy of the organization.

What are the advantages and disadvantages of HIDS?

According to Pipkin,what are the four types of incident candidates that are probable indicators of actual incidents? Provide a brief description of each incident candidate.

Match each statement with an item below. -Network burglar alarm.

Match each statement with an item below. -The action of luring an individual into committing a crime to get a conviction.

____ are also known as system integrity verifiers.

____ is an ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks.

The failure of an IDS system to react to an actual attack event is known as a ____.

Match each statement with an item below. -The process of attracting attention to a system by placing tantalizing bits of information in key locations.

Using a process known as ____,Network IDSs must look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be underway.

The purpose of a NIDS is to look for patterns within network traffic that indicate an intrusion event is underway or about to begin.

Match each statement with an item below. -Can indicate if a relationship exists between the individual alarm elements when they have specific similar attributes.

A ____ is an alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack.

Briefly describe the tasks involved in managing logs.

Discuss two weaknesses of the signature-based IDS technology.

What are the steps involved in monitoring networks for signs of intrusion?

The term ____ refers to an event that triggers alarms and causes an IDS to react as if a real attack is in progress.

When placed next to a hub,switch,or other key networking device,the NIDS may use that device's monitoring port,also known as a(n)____ port or mirror port.

List five reasons why you would acquire and use an IDS.

Contingency Planning Within Information Security

Planning for Organizational Readiness

Incidence Response: Preparation, Organization, and Prevention

Incidence Response: Reaction, Recovery, and Maintenance

Contingency Strategies for Business Resumption Planning

Disaster Recovery: Preparation and Implementation

Disaster Recovery: Operation and Maintenance

Business Continuity Preparation and Implementation

Business Continuity Operations and Maintenance

Crisis Management and Human Factors

Filters

Exam 4: Incident Response: Detection and Decision Making

A(n)____ is an event that triggers alarms and causes a false positive when no actual attacks are in progress.

A(n)____ is designed to be placed in a network to determine whether or not the network is being used in ways that are out of compliance with the policy of the organization.

What are the advantages and disadvantages of HIDS?

According to Pipkin,what are the four types of incident candidates that are probable indicators of actual incidents? Provide a brief description of each incident candidate.

Match each statement with an item below. -Network burglar alarm.

Match each statement with an item below. -The action of luring an individual into committing a crime to get a conviction.

____ are also known as system integrity verifiers.

____ is an ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks.

The failure of an IDS system to react to an actual attack event is known as a ____.

Match each statement with an item below. -The process of attracting attention to a system by placing tantalizing bits of information in key locations.

Using a process known as ____,Network IDSs must look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be underway.

The purpose of a NIDS is to look for patterns within network traffic that indicate an intrusion event is underway or about to begin.

Match each statement with an item below. -Can indicate if a relationship exists between the individual alarm elements when they have specific similar attributes.

A ____ is an alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack.

Briefly describe the tasks involved in managing logs.

Discuss two weaknesses of the signature-based IDS technology.

What are the steps involved in monitoring networks for signs of intrusion?

The term ____ refers to an event that triggers alarms and causes an IDS to react as if a real attack is in progress.

When placed next to a hub,switch,or other key networking device,the NIDS may use that device's monitoring port,also known as a(n)____ port or mirror port.

List five reasons why you would acquire and use an IDS.

Contingency Planning Within Information Security

Planning for Organizational Readiness

Incidence Response: Preparation, Organization, and Prevention

Incidence Response: Reaction, Recovery, and Maintenance

Contingency Strategies for Business Resumption Planning

Disaster Recovery: Preparation and Implementation

Disaster Recovery: Operation and Maintenance

Business Continuity Preparation and Implementation

Business Continuity Operations and Maintenance

Crisis Management and Human Factors

Filters