Exam 13: Intrusion Detection Systems and Network Security

What does a host-based IDS monitor?

Deploying,maintaining,and upgrading host-based IDSs in a large network is cheaper than NIDSs.

One of the advantages of HIDS is that

Network-based IDS examines activity on a system such,as a mail server or web server.

According to SANS Internet Storm Center,the average survival time of an unpatched Windows PC on the Internet is

What are content- and context-based signatures?

Only active intrusion detection systems (IDS)can aggressively respond to suspicious activity,whereas passive IDS cannot.

A(n)_______________ server can be used to filter out undesirable traffic and prevent employees from accessing potentially hostile web sites.

Which of the following is NOT an advantage of network-based IDS?

Antivirus products do all of the following EXCEPT:

Hostile activity that does not match an IDS signature and goes undetected is called a false positive.

Simple rule sets that are applied to port number and IP addresses are called

Which of the following is NOT a component of an IDS?

A new breed of IDS that is designed to identify and prevent malicious activity from harming a system.

The NIDS signature database is usually much larger than that of a host-based system.

List three approaches that antispam software uses to filter out junk e-mail.

_______________ detection looks for things that are out of the ordinary,such as a user logging in when he's not supposed to,or unusually high network traffic into and out of a workstation.

_______________ signatures are designed to match large patterns of activity,and examine how certain types of activity fit into the other activities going on around them.

How does stateful packet filtering differ from basic packet filtering?

The model that most modern intrusion detection systems use is largely based upon a model created by Dorothy Denning and Peter Neumann called: