True/False
Indicate whether the sentence or statement is true
or false.
|
|
1.
|
Intrusion detection is an important part of a solid network security
strategy.
|
|
2.
|
One
of the most important characteristics about IDS is that they must correctly identify intrusions and
attacks.
|
|
3.
|
False
negatives happen when the IDS mistakenly reports certain benign activity as malicious.
|
|
4.
|
Network-based IDS is by far the most commonly employed form of intrusion detection
systems.
|
|
5.
|
Just
inside the firewall is a common location for IDS.
|
Multiple Choice
Identify the
letter of the choice that best completes the statement or answers the question.
|
|
6.
|
The
software installed on servers and other machines to provide IDS monitoring in a host-based IDS is
called a(n): a. | honeypot | c. | sensor | b. | agent | d. | tap | | | | |
|
|
7.
|
A
fault-tolerant hublike device used inline to provide IDS monitoring in switched network
infrastructures is called a(n): a. | tap | c. | agent | b. | hub | d. | honeypot | | | | |
|
|
8.
|
What
is the state when an IDS sensor or agent incorrectly identifies an attack as benign traffic
called? a. | anomaly | c. | false
negative | b. | checksum | d. | false positive | | | | |
|
|
9.
|
A
secure resource designed with the intent that it will be probed or compromised is called
a(n): a. | anomaly | c. | blocking | b. | honeypot | d. | None of the above | | | | |
|
|
10.
|
What
are files called that are kept by operating systems and applications that list system activities and
events, usually with date and time stamping? a. | sensor files | c. | log files | b. | ping
sweeps | d. | None of the
above | | | | |
|
|
11.
|
What
is the actual IDS device called that monitors network traffic for intrusions? a. | tap | c. | port
signature | b. | sensor | d. | port analyzer | | | | |
|
|
12.
|
What
is a reconnaissance methods called where an attacker pings every host in a subnet? a. | ping
sweep | c. | ping
signature | b. | ping flood | d. | None of the above | | | | |
|
|
13.
|
A TCP
packet that causes the recipient to end the TCP session with the sender is called
a(n): a. | tuning | c. | TCP
reset | b. | shunning | d. | IP reset | | | | |
|
|
14.
|
A
type of simple IDS, that is also thought of as a personal firewall, that protects hosts from attacks
is called: a. | shunning | c. | IP session
logging | b. | tuning | d. | host wrappers | | | | |
|
|
15.
|
A
device for creating LANs that forward every packet received to every host on the LAN is called
a(n): a. | hub | c. | sensor | b. | port | d. | None of the above | | | | |
|
|
16.
|
What
is a method of detecting intrusion in which the IDS analyze the information they gather and compare
it to a database of known attacks? a. | IDS | c. | host wrappers | b. | NIDS | d. | signature
detection | | | | |
|
|
17.
|
What
is a detection system called that monitors activity on a host machine in order to identify attacks
against the operating system and applications? a. | HIDS | c. | anomaly detection | b. | NIDS | d. | All of the
above | | | | |
|
|
18.
|
A
value that results by placing a file through a hash function is called: a. | shunning | c. | file
checksums | b. | blocking | d. | log files | | | | |
|
|
19.
|
What
is a detection system that monitors individual packets on the segment and analyze them to identify
attacks? a. | SIDS | c. | HIDS | b. | NIDS | d. | None of the above | | | | |
|
|
20.
|
An
application or system designed to detect malicious activity in computer systems is called
a(n): a. | IDS | c. | signature | b. | sensor | d. | blocking | | | | |
|
|
21.
|
What
is the team called that is responsible for assigning personnel to assemble the resources required to
handle security incidents? a. | NIDS | c. | SIRT | b. | SPAN | d. | None of the above | | | | |
|
|
22.
|
A
method of detecting intrusions and attacks in which a baseline is defined to describe the normal
state of the network is called a(n): a. | anomaly detection | c. | intrusion detection | b. | signature
detection | d. | None of the
above | | | | |
|
|
23.
|
SPAN
stands for: a. | Sudden Port
Analysis Network | c. | Super Passive
Analyzer Node | b. | Switch Port Analysis Network | d. | Switch Port Analyzer | | | | |
|
|
24.
|
SIRT
stands for: a. | Security
Information Response Team | c. | Security
Incident Response Team | b. | System Information Response
Team | d. | None of the
above | | | | |
|
|
25.
|
HIDS
stands for: a. | Host-based
Information Detection System | b. | Host-based Intrusion Detection System | c. | Home-based
Intrusion Detection System | d. | None of the above | | |
|
|
26.
|
NIDS
stands for a. | Network-based
Intrusion Detection System | b. | Node-based Intrusion Detection System | c. | New Intrusion
Detection System | d. | Network-based Information Detection
System | | |
|
Matching
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | anomaly
detection | e. | signature
detection | b. | honeypot | f. | agent | c. | active
detection | g. | blocking | d. | passive detection | h. | sensor | | | | |
|
|
27.
|
Software installed to deploy host-based IDS.
|
|
28.
|
Looks
for activity that doesn't conform to use model.
|
|
29.
|
Do
not take any action to stop or prevent attacks.
|
|
30.
|
Achieved by creating models of attacks.
|
|
31.
|
Deceive hackers with a virtual host.
|
|
|
Please match the best term from the list below to the most appropriate
concept. a. | tuning | e. | signature | b. | use model | f. | hub | c. | ping sweep | g. | shunning | d. | TCP
reset | h. | sensor | | | | |
|
|
32.
|
Reconnaissance method where the attacker checks every host in a subnet.
|
|
33.
|
Actual device that monitors network traffic for intrusions.
|
|
34.
|
Device for creating LANs that forward every packet received to every host on the
LAN.
|
|
35.
|
Modify the behavior of an IDS sensor to reduce false positives.
|
|
36.
|
Defining normal network use, created as a baseline to identify
anomalies.
|