Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

To assist in the footprint intelligence collection process,you can use an enhanced Web scanner that,among other things,can scan entire Web sites for valuable pieces of information,such as server names and e-mail addresses.

An IDPS can be configured to dial a phone number and produce an alphanumeric page or a modem noise.

Port fingers are tools used by both attackers and defenders to identify (or fingerprint)the computers that are active on a network,as well as the ports and services active on those computers,the functions and roles the machines are fulfilling,and other useful information._________________________

Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.

A packet ____________________ is a network tool that collects copies of packets from the network and analyzes them.

When a collection of honeypots connects several honeypot systems on a subnet,it may be called a(n)honeynet._________________________

Three methods dominate the IDPSs detection methods: ____________________-based approach,statistical anomaly-based approach or the stateful packet inspection approach.

Nmap uses incrementing Time-To-Live packets to determine the path into a network as well as the default firewall policy.

HIDPSs are also known as system ____________________ verifiers.

A(n)partially distributed IDPS control strategy combines the best of the other two strategies._________________________

To determine whether an attack has occurred or is underway,NIDPSs compare measured activity to known ____ in their knowledge base.

Services using the TCP/IP protocol can run only on port 80.

A(n)____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.

The attack ____________________ is a series of steps or processes used by an attacker,in a logical sequence,to launch an attack against a target system or network.

Preconfigured,predetermined attack patterns are called signatures._________________________

A passive response is a definitive action automatically initiated when certain types of alerts are triggered.

____ sensors are typically intended for network perimeter use,so they would be deployed in close proximity to the perimeter firewalls,often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

Your organization's operational goals,constraints,and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.

The trap is a process by which the organization attempts to identify an entity discovered in unauthorized areas of the network or systems._________________________

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization._________________________