Name:     ID: 
 
    Email: 

CNG 131 Chapter 12

True/False
Indicate whether the sentence or statement is true or false.
 

 1. 

Intrusion detection is an important part of a solid network security strategy.
 

 2. 

One of the most important characteristics about IDS is that they must correctly identify intrusions and attacks.
 

 3. 

False negatives happen when the IDS mistakenly reports certain benign activity as malicious.
 

 4. 

Network-based IDS is by far the most commonly employed form of intrusion detection systems.
 

 5. 

Just inside the firewall is a common location for IDS.
 

Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
 

 6. 

The software installed on servers and other machines to provide IDS monitoring in a host-based IDS is called a(n):
a.
honeypot
c.
sensor
b.
agent
d.
tap
 

 7. 

A fault-tolerant hublike device used inline to provide IDS monitoring in switched network infrastructures is called a(n):
a.
tap
c.
agent
b.
hub
d.
honeypot
 

 8. 

What is the state when an IDS sensor or agent incorrectly identifies an attack as benign traffic called?
a.
anomaly
c.
false negative
b.
checksum
d.
false positive
 

 9. 

A secure resource designed with the intent that it will be probed or compromised is called a(n):
a.
anomaly
c.
blocking
b.
honeypot
d.
None of the above
 

 10. 

What are files called that are kept by operating systems and applications that list system activities and events, usually with date and time stamping?
a.
sensor files
c.
log files
b.
ping sweeps
d.
None of the above
 

 11. 

What is the actual IDS device called that monitors network traffic for intrusions?
a.
tap
c.
port signature
b.
sensor
d.
port analyzer
 

 12. 

What is a reconnaissance methods called where an attacker pings every host in a subnet?
a.
ping sweep
c.
ping signature
b.
ping flood
d.
None of the above
 

 13. 

A TCP packet that causes the recipient to end the TCP session with the sender is called a(n):
a.
tuning
c.
TCP reset
b.
shunning
d.
IP reset
 

 14. 

A type of simple IDS, that is also thought of as a personal firewall, that protects hosts from attacks is called:
a.
shunning
c.
IP session logging
b.
tuning
d.
host wrappers
 

 15. 

A device for creating LANs that forward every packet received to every host on the LAN is called a(n):
a.
hub
c.
sensor
b.
port
d.
None of the above
 

 16. 

What is a method of detecting intrusion in which the IDS analyze the information they gather and compare it to a database of known attacks?
a.
IDS
c.
host wrappers
b.
NIDS
d.
signature detection
 

 17. 

What is a detection system called that monitors activity on a host machine in order to identify attacks against the operating system and applications?
a.
HIDS
c.
anomaly detection
b.
NIDS
d.
All of the above
 

 18. 

A value that results by placing a file through a hash function is called:
a.
shunning
c.
file checksums
b.
blocking
d.
log files
 

 19. 

What is a detection system that monitors individual packets on the segment and analyze them to identify attacks?
a.
SIDS
c.
HIDS
b.
NIDS
d.
None of the above
 

 20. 

An application or system designed to detect malicious activity in computer systems is called a(n):
a.
IDS
c.
signature
b.
sensor
d.
blocking
 

 21. 

What is the team called that is responsible for assigning personnel to assemble the resources required to handle security incidents?
a.
NIDS
c.
SIRT
b.
SPAN
d.
None of the above
 

 22. 

A method of detecting intrusions and attacks in which a baseline is defined to describe the normal state of the network is called a(n):
a.
anomaly detection
c.
intrusion detection
b.
signature detection
d.
None of the above
 

 23. 

SPAN stands for:
a.
Sudden Port Analysis Network
c.
Super Passive Analyzer Node
b.
Switch Port Analysis Network
d.
Switch Port Analyzer
 

 24. 

SIRT stands for:
a.
Security Information Response Team
c.
Security Incident Response Team
b.
System Information Response Team
d.
None of the above
 

 25. 

HIDS stands for:
a.
Host-based Information Detection System
b.
Host-based Intrusion Detection System
c.
Home-based Intrusion Detection System
d.
None of the above
 

 26. 

NIDS stands for
a.
Network-based Intrusion Detection System
b.
Node-based Intrusion Detection System
c.
New Intrusion Detection System
d.
Network-based Information Detection System
 

Matching
 
 
Please match the best term from the list below to the most appropriate concept.
a.
anomaly detection
e.
signature detection
b.
honeypot
f.
agent
c.
active detection
g.
blocking
d.
passive detection
h.
sensor
 

 27. 

Software installed to deploy host-based IDS.
 

 28. 

Looks for activity that doesn't conform to use model.
 

 29. 

Do not take any action to stop or prevent attacks.
 

 30. 

Achieved by creating models of attacks.
 

 31. 

Deceive hackers with a virtual host.
 
 
Please match the best term from the list below to the most appropriate concept.
a.
tuning
e.
signature
b.
use model
f.
hub
c.
ping sweep
g.
shunning
d.
TCP reset
h.
sensor
 

 32. 

Reconnaissance method where the attacker checks every host in a subnet.
 

 33. 

Actual device that monitors network traffic for intrusions.
 

 34. 

Device for creating LANs that forward every packet received to every host on the LAN.
 

 35. 

Modify the behavior of an IDS sensor to reduce false positives.
 

 36. 

Defining normal network use, created as a baseline to identify anomalies.
 



 
Submit          Reset Help