Question
Part 1: True or False Questions. (10 questions at 1 point each) T F Anomaly-based intrusion detection systems generate alerts based on deviations from normal
Part 1: True or False Questions. (10 questions at 1 point each)
T F Anomaly-based intrusion detection systems generate alerts based on deviations from normal traffic. Answer: _____
T F A host-based IDS only monitors network traffic that is destined for a single computer or device. Answer: ____
T F When discussing IDS and IPS, a signature is a digital certificate used to identify the author of an exploit. Answer: _____
T F The success of stateful protocol analysis depends on vendors adhering to standard protocol models that specify expected protocol behavior. Answer: _____
T F Signature-based intrusion detection cannot identify previously unknown attacks. Answer: _____
T F The main difference between network-based IDS and IPS is that IPS responds to suspected attacks by blocking network traffic, while IDS provides notification if suspicious traffic is observed but allows the traffic to pass. Answer: _____
T F Snort requires the use of at least one preprocessor to be able to analyze patterns in network traffic spanning multiple packets. Answer: _____
T F Snort generates an alert every time a detection rule is matched. Answer: _____
T F A network-based IDS that scans packet traffic to try to match known attack patterns is called a signature-based NIDS. Answer: _____
T F An in-line IDS must have the processing power to handle traffic at least as fast as the bandwidth of the network it monitors, or it will lose packets and potentially fail to notify on packets matching alert rules. Answer: _____
Part 2: Multiple Choice Questions. Print the correct answer in the blank following the question. (Scored as 2 points for each question; there is exactly one correct choice for each question.) (5 questions at 2 points each)
Which of the following is an advantage of anomaly-based detection?
Rules are easy to define
The data it produces can be easily analyzed
It can detect zero-day or previously unknown attacks
Malicious activity that falls within normal usage patterns is detected
Rules developed at one site can be shared with many other users
Answer(s): ____
Most commercial NIDS tools generate alerts based on signatures at the network layer and what other OSI model layer?
Application layer
Presentation layer
Data-link layer
Transport layer
Session layer
Answer(s): _____
Potential uses for intrusion detection and prevention systems include all of the following EXCEPT?
Initiating incident response procedures
Notifying system administrators when patches need to be applied
Deterring employees from acting in ways that violate security policy
Recording information about the threats faced by an organizations network
Verifying the effectiveness of firewall rules in filtering traffic
Answer(s): _____
Which is/are true for intrusion protection systems (IPSes)?
An IPS detects network attacks and issues alerts
An IPS can respond to network attacks by blocking traffic and resetting connections
An IPS is typically deployed inline to monitor traffic
a and b only
a, b, and c
Answer(s): _____
Which of the following is a limitation of Snort?
Cannot be centrally monitored with sensors running on different OSes
Cannot protect against insider threats
Cannot inspect encrypted traffic for attack signatures
Cannot scale to protect a large network
Cannot detect application-layer attacks
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started