Chat with AIExam 8: Intrusion Detection
Exam 1: Computer Systems Overview45 Questions
Exam 2: Cryptographic Tools45 Questions
Exam 3: User Authentication44 Questions
Exam 4: Access Control45 Questions
Exam 5: Database Security45 Questions
Exam 6: Malicious Software44 Questions
Exam 7: Denial-Of-Service Attacks45 Questions
Exam 8: Intrusion Detection45 Questions
Exam 9: Firewalls and Intrusion Prevention Systems45 Questions
Exam 10: Buffer Overflow45 Questions
Exam 11: Software Security45 Questions
Exam 12: Operating System Security45 Questions
Exam 13: Trusted Computing and Multilevel Security45 Questions
Exam 14: It Security Management and Risk Assessment45 Questions
Exam 15: It Security Controls, plans, and Procedures45 Questions
Exam 16: Physical and Infrastructure Security45 Questions
Exam 17: Human Resources Security45 Questions
Exam 18: Security Auditing45 Questions
Exam 19: Legal and Ethical Aspects45 Questions
Exam 20: Symmetric Encryption and Message Confidentiality45 Questions
Exam 21: Public-Key Cryptography and Message Authentication45 Questions
Exam 22: Internet Security Protocols and Standards45 Questions
Exam 23: Internet Authentication Applications45 Questions
Exam 24: Wireless Network Security45 Questions
Select questions type
A common location for a NIDS sensor is just inside the external
firewall.
(True/False)
4.8/5 
(40)
(40) Those who hack into computers do so for the thrill of it or for status.
(True/False)
4.9/5 (48)
(48) The purpose of the ________ module is to collect data on security related events on the host and transmit these to the central manager.
(Multiple Choice)
4.8/5 (38)
(38) A Snort installation consists of four logical components: packet decoder,detection engine,logger,and ________.
(Short Answer)
4.8/5 (38)
(38) An inline sensor monitors a copy of network traffic; the actual traffic
does not pass through the device.
(True/False)
4.9/5 (40)
(40) The _________ module analyzes LAN traffic and reports the results to the central manager.
(Multiple Choice)
4.7/5 (37)
(37) A ________ IDS monitors traffic at selected points on a network or interconnected set of networks.
(Short Answer)
4.8/5 (40)
(40) Intrusion detection is based on the assumption that the behavior of the
intruder differs from that of a legitimate user in ways that can be quantified.
(True/False)
4.9/5 (37)
(37) _________ are among the most difficult to detect and prevent.
(Multiple Choice)
4.9/5 (33)
(33) The _________ detection approach involves defining thresholds,independent of user,for the frequency of occurrence of various events.
(Short Answer)
4.8/5 (34)
(34) The primary purpose of an IDS is to detect intrusions,log suspicious
events,and send alerts.
(True/False)
4.8/5 (40)
(40) A ________ monitors network traffic for particular network segments or devices and analyzes network,transport,and application protocols to identify suspicious activity.
(Multiple Choice)
4.9/5 (36)
(36) The rule _______ tells Snort what to do when it finds a packet that matches the rule criteria.
(Multiple Choice)
4.9/5 (42)
(42) To be of practical use an IDS should detect a substantial percentage of
intrusions while keeping the false alarm rate at an acceptable level.
(True/False)
4.8/5 (46)
(46) ________ are decoy systems that are designed to lure a potential attacker away from critical systems.
(Short Answer)
4.8/5 (31)
(31) _________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.
(Multiple Choice)
4.8/5 (39)
(39) Signature-based approaches attempt to define normal,or expected,
behavior,whereas anomaly approaches attempt to define proper behavior.
(True/False)
4.8/5 (30)
(30) An IDS comprises three logical components: analyzers,user interface and _____.
(Short Answer)
4.8/5 (33)
(33) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)