Question 1

Which of the following is an IDPS security best practice?

Accepted Answer

A)   to prevent false positives, only test the IDPS at initial configuration
B)   communication between IDPS components should be encrypted
C)   all sensors should be assigned IP addresses
D)   log files for HIDPSs should be kept local

Question 2

Which of the following is an advantage of a signature-based detection system?

Accepted Answer

A)   the definition of what constitutes normal traffic changes
B)   it is based on profiles the administrator creates
C)   each signature is assigned a number and name
D)   the IDPS must be trained for weeks

Question 3

A weakness of a signature-based system is that it must keep state information on a possible attack.

Accepted Answer

A) True 
 B)False

Question 4

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Accepted Answer

A) True 
 B)False

Question 5

Which of the following is true about an HIDPS?

Accepted Answer

A)   monitors OS and application logs
B)   sniffs packets as they enter the network
C)   tracks misuse by external users
D)   centralized configurations affect host performance

Question 6

MATCHING
-sets of characteristics that describe network services and resources a user or group normally accesses

Accepted Answer

A)  accountability
B)  escalated
C)  event horizon
D)  inline sensor
E)  intrusionF) passive sensorG) profilesH) sensorI) stateful protocol analysisJ) true positive

Question 7

List two approaches to stateful protocol analysis.

Accepted Answer

Traffic rate monitoring
Protoc...

Question 8

Describe two advantages and two disadvantages of a signature-based system.

Accepted Answer

Advantages:
This approach makes use of s...

Question 9

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?

Accepted Answer

A)   passive only
B)   inline only
C)   active only
D)   online only

Question 10

List four types of information that an NIDPS typically logs.

Accepted Answer

Timestamps
Event or alert types
Protocol...

Question 11

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

Accepted Answer

A)   inline
B)   host-based
C)   hybrid
D)   network-based

Question 12

MATCHING
-increasing an intrusion response to a higher level

Accepted Answer

A)  accountability
B)  escalated
C)  event horizon
D)  inline sensor
E)  intrusionF) passive sensorG) profilesH) sensorI) stateful protocol analysisJ) true positive

Question 13

Which of the following is true about an NIDPS versus an HIDPS?

Accepted Answer

A)   an NIDPS can determine if a host attack was successful
B)   an HIDPS can detect attacks not caught by an NIDPS
C)   an HIDPS can detect intrusion attempts on the entire network
D)   an NIDPS can compare audit log records

Question 14

MATCHING
-an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Accepted Answer

A)  accountability
B)  escalated
C)  event horizon
D)  inline sensor
E)  intrusionF) passive sensorG) profilesH) sensorI) stateful protocol analysisJ) true positive

Question 15

Describe two advantages and two disadvantages of an anomaly-based system.

Accepted Answer

Advantages:
Because an anomaly detection...

Question 16

Where is a host-based IDPS agent typically placed?

Accepted Answer

A)   on a workstation or server
B)   at Internet gateways
C)   between remote users and internal network
D)   between two subnets

Question 17

MATCHING
-a genuine attack detected successfully by an IDPS

Accepted Answer

A)  accountability
B)  escalated
C)  event horizon
D)  inline sensor
E)  intrusionF) passive sensorG) profilesH) sensorI) stateful protocol analysisJ) true positive

Question 18

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

Accepted Answer

The answer of Anomaly detection systems make use of _______________...

Question 19

Which of the following is NOT a primary detection methodology?

Accepted Answer

A)   signature detection
B)   baseline detection
C)   anomaly detection
D)   stateful protocol analysis

Question 20

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

Accepted Answer

The answer of A network ____________ is a type of...

Exam 8: Intrusion Detection and Prevention Systems

MATCHING -a genuine attack detected successfully by an IDPS

Correct AnswerverifiedShow Answer

Describe two advantages and two disadvantages of a signature-based system.

Correct AnswerverifiedAdvantages:This approach makes use of s...View AnswerShow Answer

Which of the following is an advantage of a signature-based detection system?

Correct AnswerverifiedShow Answer

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

Correct AnswerverifiedShow Answer

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

Correct AnswerverifiedShow Answer

MATCHING -an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Correct AnswerverifiedShow Answer

A weakness of a signature-based system is that it must keep state information on a possible attack.

Correct AnswerverifiedShow Answer

Which of the following is true about an NIDPS versus an HIDPS?

Correct AnswerverifiedShow Answer

Where is a host-based IDPS agent typically placed?

Correct AnswerverifiedShow Answer

MATCHING -sets of characteristics that describe network services and resources a user or group normally accesses

Correct AnswerverifiedShow Answer

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?

Correct AnswerverifiedShow Answer

List four types of information that an NIDPS typically logs.

Correct AnswerverifiedTimestampsEvent or alert typesProtocol...View AnswerShow Answer

Which of the following is true about an HIDPS?

Correct AnswerverifiedShow Answer

Describe two advantages and two disadvantages of an anomaly-based system.

Correct AnswerverifiedAdvantages:Because an anomaly detection...View AnswerShow Answer

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Correct AnswerverifiedShow Answer

Which of the following is an IDPS security best practice?

Correct AnswerverifiedShow Answer

MATCHING -increasing an intrusion response to a higher level

Correct AnswerverifiedShow Answer

List two approaches to stateful protocol analysis.

Correct AnswerverifiedTraffic rate monitoringProtoc...View AnswerShow Answer

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?

Correct AnswerverifiedShow Answer

Which of the following is NOT a primary detection methodology?

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified
Advantages:
This approach makes use of s...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Timestamps
Event or alert types
Protocol...
View Answer

Correct Answer
verified

Correct Answer
verified
Advantages:
Because an anomaly detection...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Traffic rate monitoring
Protoc...
View Answer

Correct Answer
verified

Correct Answer
verified