Chat with AI
Deck 5: Intrusion-Detection Systems
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/26
Play
Full screen (f)
Deck 5: Intrusion-Detection Systems
1
Following rules and learning from experience as part of the process to identify and notify an administrator about an intrusion are typical when Snort is operating in which mode?
A)Command mode
B)Network intrusion-detection mode
C)Packet logger mode
D)Sniffer mode
A)Command mode
B)Network intrusion-detection mode
C)Packet logger mode
D)Sniffer mode
B
2
An intrusion-detection method that measures and monitors how programs use system resources is called:
A)executable profiling.
B)resource profiling.
C)threshold monitoring.
D)user\group profiling.
A)executable profiling.
B)resource profiling.
C)threshold monitoring.
D)user\group profiling.
A
3
Which intrusion-detection method measures activity levels against known short-term and\or long-term work profiles?
A)Executable profiling
B)Resource profiling
C)Threshold monitoring
D)User\group work profiling
A)Executable profiling
B)Resource profiling
C)Threshold monitoring
D)User\group work profiling
D
4
Implementation of intrusion deflection as a strategy requires the use of:
A)blocking software
B)fake targets
C)innocuous names for sensitive targets
D)warnings to intruders to leave
A)blocking software
B)fake targets
C)innocuous names for sensitive targets
D)warnings to intruders to leave
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
5
Symantec Decoy Server does all of the following EXCEPT:
A)record all traffic related to an intrusion attack
B)simulate incoming mail server functions
C)simulate outgoing mail server functions
D)track attacking packets to their source
A)record all traffic related to an intrusion attack
B)simulate incoming mail server functions
C)simulate outgoing mail server functions
D)track attacking packets to their source
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
6
Attempts by an intruder to determine information about a system prior to the start of an intrusion attack is called:
A)deflecting
B)detecting
C)foot printing
D)infiltration
A)deflecting
B)detecting
C)foot printing
D)infiltration
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
7
Which strategy is used in the implementation of intrusion deterrence?
A)Infiltrating online hacker groups
B)Installing honey pots to pose as important systems
C)Monitoring connection attempts to identify IP addresses of attackers
D)Using fake names to camouflage important systems
A)Infiltrating online hacker groups
B)Installing honey pots to pose as important systems
C)Monitoring connection attempts to identify IP addresses of attackers
D)Using fake names to camouflage important systems
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
8
What might one see in an implementation of intrusion deterrence?
A)Blocking of legitimate users by mistake
B)Fake resources with legitimate-sounding names
C)Profiling of users,resources,groups,or applications
D)Real resources with fake names
A)Blocking of legitimate users by mistake
B)Fake resources with legitimate-sounding names
C)Profiling of users,resources,groups,or applications
D)Real resources with fake names
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
9
In which mode of operation does Snort display a continuous stream of packet contents to the console?
A)Heuristic mode
B)Network intrusion-detection mode
C)Packet logger mode
D)Packet sniffer mode
A)Heuristic mode
B)Network intrusion-detection mode
C)Packet logger mode
D)Packet sniffer mode
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
10
____________ is the process an intruder uses to gain as much information as possible about a target system in the early stages of attack preparation.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
11
Which intrusion detection strategy monitors and compares activity against preset acceptable levels?
A)Application monitoring
B)Infiltration monitoring
C)Resource profiling
D)Threshold monitoring
A)Application monitoring
B)Infiltration monitoring
C)Resource profiling
D)Threshold monitoring
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
12
Which is NOT a function of an intrusion-detection system?
A)Inspect all inbound and outbound port activity
B)Look for patterns in port activity
C)Infiltrate the illicit system to acquire information
D)Notify the system administrator of suspicious activity
A)Inspect all inbound and outbound port activity
B)Look for patterns in port activity
C)Infiltrate the illicit system to acquire information
D)Notify the system administrator of suspicious activity
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
13
Banishment vigilance is another name for ____________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
14
One type of intrusion-detection and avoidance which involves identifying suspect IP addresses and preventing intrusions is called:
A)anomaly detection
B)intrusion deflection
C)intrusion deterrence
D)preemptive blocking
A)anomaly detection
B)intrusion deflection
C)intrusion deterrence
D)preemptive blocking
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
15
Which is NOT one of the basic premises under which a honey pot functions?
A)Any traffic to the honey pot is suspicious
B)Intruders will tend to go for easy targets with valuable data
C)Only legitimate users have a reason to connect to it
D)Security must allow attackers inside
A)Any traffic to the honey pot is suspicious
B)Intruders will tend to go for easy targets with valuable data
C)Only legitimate users have a reason to connect to it
D)Security must allow attackers inside
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
16
An intrusion-detection system detecting a series of ICMP packets sent to each port from the same IP address might indicate:
A)a Distributed Denial of Service attack in progress
B)scanning of the system for vulnerabilities prior to an attack
C)the system has been infiltrated by an outsider
D)Trojan horse\virus infection sending information back home
A)a Distributed Denial of Service attack in progress
B)scanning of the system for vulnerabilities prior to an attack
C)the system has been infiltrated by an outsider
D)Trojan horse\virus infection sending information back home
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
17
Banishment vigilance is another name for:
A)anomaly detection
B)intrusion deflection
C)intrusion deterrence
D)preemptive blocking
A)anomaly detection
B)intrusion deflection
C)intrusion deterrence
D)preemptive blocking
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
18
Which type of intrusion-detection relies on people rather than software or hardware?
A)Anomaly detection
B)Banishment vigilance
C)Infiltration
D)Intrusion deterrence
A)Anomaly detection
B)Banishment vigilance
C)Infiltration
D)Intrusion deterrence
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
19
The system administrator can be alerted by a(n)____________ to attempts to breach a system.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
20
Which method of intrusion-detection develops historic usage levels to measure activity against?
A)Application profiling
B)Infiltration profiling
C)Resource profiling
D)Threshold monitoring
A)Application profiling
B)Infiltration profiling
C)Resource profiling
D)Threshold monitoring
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
21
One of the most well-known free software-based intrusion-detection systems available to monitor incoming traffic is ____________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
22
____________ is a method of providing free software for distribution with the code available for viewing and altering.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
23
Doing one's own detective work such as trying to gather information about potential threats from illicit sources like hacker groups is known as ____________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
24
In ____________ the system uses software and a variety of techniques to identify behaviors that appear inappropriate and compare them with acceptable behaviors.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
25
Machines set up as apparent targets used to allow attackers access into a network so they can be monitored are called ____________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
26
Symantec's Decoy Server is a software IDS solution known as a(n)____________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
