Deck 13: Intrusion Detection Systems and Network Security

A)Misuse models require knowledge of normal activity,whereas anomaly models don't.
B)Anomaly models require knowledge of normal activity,whereas misuse models don't.
C)Anomaly models are based on patterns of suspicious activity.
D)Anomaly model-based systems suffer from many false negatives.

A)Antivirus
B)Firewall
C)Protocol analyzer
D)Internet content filter

A)It takes fewer systems to provide IDS coverage.
B)They can reduce false positive rates.
C)Development,maintenance,and upgrade costs are usually lower.
D)Visibility into all network traffic and can correlate attacks among multiple systems.

A)Traffic collector
B)Signature database
C)Expert knowledge database
D)User interface and reporting

A)The IDS uses local system resources.
B)The IDS can have a high cost of ownership and maintenance.
C)The IDS must have a process on every system you want to watch.
D)The IDS is ineffective when traffic is encrypted.

A)Antivirus
B)Antispam
C)Pop-up blockers
D)Firewalls

A)A firewall
B)A sniffer
C)A passive HIDS
D)An active HIDS

A)A single system
B)Networks
C)Physical intrusions into facilities
D)A system and all its surrounding systems

A)They can reduce false-positive rates
B)Their signatures are broader
C)They can examine data before it has been decrypted
D)They are inexpensive to maintain in the enterprise

A)Firewall
B)Antivirus
C)IDS
D)Honeypot

A)Less than two minutes
B)Less than two hours
C)Less than two days
D)Less than two weeks

A)To identify hackers so they can be tracked down by the FBI
B)To slow hackers down by providing an additional layer of security that they must pass before accessing the actual network
C)To distract hackers away from attacking an organization's live network
D)To help security professionals better understand and protect against threats to the system

A)Blacklisting
B)Malicious code detection
C)Language filtering
D)Trapping

A)Spyware detection and removal
B)Real-time malware protection
C)Spam filtering
D)Examine programs running on your computer

A)Antivirus
B)Antispyware
C)Antispam
D)Personal firewalls

A)Intrusion Detection Interface System (IDIS)
B)Intrusion Response Interdiction system (IRIS)
C)Intrusion Detection Expert System (IDES)
D)Discovery,Haystack,Multics Intrusion Detection and Alerting System (MIDAS)

A)Automated updates
B)Media scanning
C)Block network traffic based on policies
D)Scan e-mail for malicious code and attachments

A)Dynamic IDS
B)Preventive IDS
C)Active IDS
D)HIPS

A)Scans incoming mail to catch spam
B)Scans outgoing mail to catch spam
C)Messages are scan for specific words or phrases
D)Filters out POP traffic

A)Network address translation
B)Stateful packet filtering
C)Access control lists
D)Basic packet filtering

A)Stateful packet filtering looks only at each packet individually.
B)Stateful packet filtering looks at the packets in relation to other packets.
C)Stateful packet filtering looks at the destination address.
D)Stateful packet filtering looks at the source address.

A)Web proxy
B)Reverse proxy
C)Anonymizing proxy
D)Open proxy

A)IPS is passive and IDS is active.
B)IPS uses heuristics and IDS is signature based.
C)IPS will block,reject,or redirect unwanted traffic;an IDS will only alert.
D)IDS will block,reject,or redirect unwanted traffic;an IPS will only alert.

A)Traffic collector
B)Analysis engine
C)Signature database
D)Examination collector