Answer the following questions based on your reading of the text books, the module key points, and the instructor's presentation this week. 1. [2 points] What are some of the considerations to be taken into account when capturing network traffic? 2. [3 points] Define intrusion detection, intrusion prevention, and incident response. How are the three ideas related to one another? 3. [2 points] How does a network-based IDPS differ from a host-based IDPS? 4. [2 points] How does a signature-based IDPS differ from a behavior-based IDPS? 5. [2 points] What is a monitoring (or SPAN (switched port analyzer]) port? What is it used for? 6. [2 points] What is active intrusion prevention, and how does it differ from passive? 7. [2 points] From a security perspective, which is least desirable, a false positive or a false negative alarm? Why? 8. [10 points] Research the open-source IDPs called "Snort." Write a summary of how Snort fits within the concepts presented this week (e.g. network vs. host, signature vs. behavior, detection vs. prevention, etc.) If a small office wanted to configure Snort for its use, how would you suggest implementing it? Where would it be on the network? How would you configure alerts or responses? I expect several detailed paragraphs and perhaps a diagram for this answer. Cite your sources