Question 1

A hybrid IDPS combines aspects of NIDPS and HIDPS configurations.

Accepted Answer

A hybrid IDPS combines both network-based and host-based intrusion detection and prevention systems, making it a combination of NIDPS and HIDPS.

Question 2

Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?&#10;A) passive only&#10;B) inline only&#10;C) active only&#10;D) online only

Accepted Answer

Bandwidth throttling and content alteration require an inline sensor as it sits directly in the path of network traffic and can actively manipulate it. Passive sensors only analyze traffic passively and do not have the capability to alter it. Active and online sensors are not specific types of sensors and do not apply to this scenario.

Question 3

An NIDPS can tell you whether an attack attempt on the host was successful.

Accepted Answer

An NIDPS (Network Intrusion Detection and Prevention System) primarily monitors network traffic to detect and potentially prevent unauthorized access, misuse, or attacks. However, it does not directly determine if an attack on a specific host was successful; that would require analysis of the host's state or logs.

Question 4

A weakness of a signature-based system is that it must keep state information on a possible attack.

Accepted Answer

A signature-based system relies on pre-defined signatures or patterns of known attacks to detect and prevent future attacks. It must keep track of these signatures and constantly update them to stay effective against new threats. This requires the system to keep state information on all possible attack signatures.

Question 5

Which of the following is NOT a method used by passive sensors to monitor traffic?&#10;A) spanning port&#10;B) network tap&#10;C) packet filter&#10;D) load balancer

Accepted Answer

The answer of Which of the following is NOT a...

Question 6

Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic,is resource intensive,and requires extensive tuning and maintenance?&#10;A) brute force&#10;B) heuristic&#10;C) signature&#10;D) anomaly

Accepted Answer

The answer of Which method for detecting certain types of...

Question 7

Which of the following is true about an HIDPS?&#10;A) monitors OS and application logs&#10;B) sniffs packets as they enter the network&#10;C) tracks misuse by external users&#10;D) centralized configurations affect host performance

Accepted Answer

An HIDPS (Host Intrusion Detection and Prevention System) is designed to monitor the logs generated by the operating system and applications running on a host, looking for signs of intrusion or compromise. They do not typically sniff packets on the network or track misuse by external users. While it is possible that centralized configurations could affect host performance, this is not a defining characteristic of an HIDPS.

Question 8

Which of the following is an advantage of a signature-based detection system?&#10;A) the definition of what constitutes normal traffic changes&#10;B) it is based on profiles the administrator creates&#10;C) each signature is assigned a number and name&#10;D) the IDPS must be trained for weeks

Accepted Answer

Each signature being assigned a number and name helps with identifying which signatures have been triggered and allows for easier tracking and analysis of events.

Question 9

Which of the following is NOT a typical IDPS component?&#10;A) network sensors&#10;B) command console&#10;C) database server&#10;D) Internet gateway

Accepted Answer

Internet gateway is not a typical IDPS component, whereas network sensors, command console, and database server are commonly used in IDPS.

Question 10

Which of the following is considered a problem with a passive,signature-based system?&#10;A) profile updating&#10;B) signature training&#10;C) custom rules&#10;D) false positives

Accepted Answer

A passive, signature-based system relies on pre-existing signatures and does not actively detect new threats. This can lead to false positives, where non-malicious activities are flagged as threats, causing user frustration and wasted resources. Profile updating, signature training, and custom rules are all methods of improving the effectiveness of a passive, signature-based system, but they are not considered problems.

Question 11

Which approach to stateful protocol analysis involves detection of the protocol in use,followed by activation of analyzers that can identify applications not using standard ports?&#10;A) Protocol state tracking&#10;B) IP packet reassembly&#10;C) Traffic rate monitoring&#10;D) Dynamic Application layer protocol analysis

Accepted Answer

The answer of Which approach to stateful protocol analysis involves...

Question 12

No actual traffic passes through a passive sensor; it only monitors copies of the traffic.

Accepted Answer

The answer of No actual traffic passes through a passive...

Question 13

Which of the following is NOT a network defense function found in intrusion detection and prevention systems?&#10;A) prevention&#10;B) response&#10;C) identification&#10;D) detection

Accepted Answer

The answer of Which of the following is NOT a...

Question 14

Where is a host-based IDPS agent typically placed?&#10;A) on a workstation or server&#10;B) at Internet gateways&#10;C) between remote users and internal network&#10;D) between two subnets

Accepted Answer

The answer of Where is a host-based IDPS agent typically...

Question 15

What is an advantage of the anomaly detection method?&#10;A) makes use of signatures of well-known attacks&#10;B) system can detect attacks from inside the network by people with stolen accounts&#10;C) easy to understand and less difficult to configure than a signature-based system&#10;D) after installation, the IDPS is trained for several days or weeks

Accepted Answer

The answer of What is an advantage of the anomaly...

Question 16

Which IDPS customization option is a list of entities known to be harmless?&#10;A) thresholds&#10;B) whitelists&#10;C) blacklists&#10;D) alert settings

Accepted Answer

The answer of Which IDPS customization option is a list...

Question 17

Which of the following is NOT a primary detection methodology?&#10;A) signature detection&#10;B) baseline detection&#10;C) anomaly detection&#10;D) stateful protocol analysis

Accepted Answer

The answer of Which of the following is NOT a...

Question 18

Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?&#10;A) inline&#10;B) host-based&#10;C) hybrid&#10;D) network-based

Accepted Answer

The answer of Which type of IDPS can have the...

Question 19

An IDPS consists of a single device that you install between your firewall and the Internet.

Accepted Answer

The answer of An IDPS consists of a single device...

Question 20

The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?&#10;A) training period&#10;B) baseline scanning&#10;C) profile monitoring&#10;D) traffic normalizing

Accepted Answer

The answer of The period of time during which an...

Question 21

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;an IDPS component that monitors traffic on a network segment

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 22

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;the entire length of an attack

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 23

__________________ procedures are a set of actions that are spelled out in the security policy and followed if the IDPS detects a true positive.

Accepted Answer

The answer of __________________ procedures are a set of actions...

Question 24

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;an NIDPS sensor that examines copies of traffic on the network

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 25

Which of the following is true about an NIDPS versus an HIDPS?&#10;A) an NIDPS can determine if a host attack was successful&#10;B) an HIDPS can detect attacks not caught by an NIDPS&#10;C) an HIDPS can detect intrusion attempts on the entire network&#10;D) an NIDPS can compare audit log records

Accepted Answer

The answer of Which of the following is true about...

Question 26

Anomaly detection systems make use of _______________ that describe the services and resources each authorized user or group normally accesses on the network.

Accepted Answer

The answer of Anomaly detection systems make use of _______________...

Question 27

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;the process of maintaining a table of current connections so that abnormal traffic can be identified

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 28

In a _______________ based detection system,the IDPS can begin working immediately after installation.

Accepted Answer

The answer of In a _______________ based detection system,the IDPS...

Question 29

Which of the following is true about the steps in setting up and using an IDPS?&#10;A) anomaly-based systems come with a database of attack signatures&#10;B) sensors placed on network segments will always capture every packet&#10;C) alerts are sent when a packet doesn't match a stored signature&#10;D) false positives do not compromise network security

Accepted Answer

The answer of Which of the following is true about...

Question 30

Why might you want to allow extra time for setting up the database in an anomaly-based system?&#10;A) the installation procedure is usually complex and time consuming&#10;B) to add your own custom rule base&#10;C) it requires special hardware that must be custom built&#10;D) to allow a baseline of data to be compiled

Accepted Answer

The answer of Why might you want to allow extra...

Question 31

A network ____________ is a type of passive sensor that consists of a direct connection between a sensor and the physical network medium.

Accepted Answer

The answer of A network ____________ is a type of...

Question 32

Which of the following is an IDPS security best practice?&#10;A) to prevent false positives, only test the IDPS at initial configuration&#10;B) communication between IDPS components should be encrypted&#10;C) all sensors should be assigned IP addresses&#10;D) log files for HIDPSs should be kept local

Accepted Answer

The answer of Which of the following is an IDPS...

Question 33

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;the ability to track an attempted attack or intrusion back to its source

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 34

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;sets of characteristics that describe network services and resources a user or group normally accesses

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 35

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;an NIDPS sensor positioned so that all traffic on the network segment is examined as it passes through

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 36

An IDPS __________________ server is the central repository for sensor and agent data.

Accepted Answer

The answer of An IDPS __________________ server is the central...

Question 37

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;a genuine attack detected successfully by an IDPS

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 38

If you see a /16 in the header of a snort rule,what does it mean?&#10;A) a maximum of 16 log entries should be kept&#10;B) the size of the log file is 16 MB&#10;C) the subnet mask is 255.255.0.0&#10;D) the detected signature is 16 bits in length

Accepted Answer

The answer of If you see a /16 in the...

Question 39

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;an attempt to gain unauthorized access to network resources

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 40

MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon h.sensor&#10;d.inline sensor i.stateful protocol analysis&#10;e.intrusion j.true positive&#10;increasing an intrusion response to a higher level

Accepted Answer

The answer of MATCHING&#10;a.accountability&#10;b.escalated&#10;c.event horizon&#10;d.inline sensor&#10;e.intrusion&#10;a.accountability f.passive sensor&#10;b.escalated g.profiles&#10;c.event horizon...

Question 41

Describe two advantages and two disadvantages of a signature-based system.

Accepted Answer

The answer of Describe two advantages and two disadvantages of...

Question 42

List two approaches to stateful protocol analysis.

Accepted Answer

The answer of List two approaches to stateful protocol analysis....

Question 43

What are the four typical components of an IDPS?

Accepted Answer

The answer of What are the four typical components of...

Question 44

Define stateful protocol analysis.Include in your answer the concept of the event horizon.

Accepted Answer

The answer of Define stateful protocol analysis.Include in your answer...

Question 45

Contrast anomaly detection with signature detection.

Accepted Answer

The answer of Contrast anomaly detection with signature detection....

Question 46

What is an inline sensor and how is it used to stop attacks?

Accepted Answer

The answer of What is an inline sensor and how...

Question 47

Describe two advantages and two disadvantages of an anomaly-based system.

Accepted Answer

The answer of Describe two advantages and two disadvantages of...

Question 48

What are the four common entry points to a network where sensors should be placed?

Accepted Answer

The answer of What are the four common entry points...

Question 49

What are the three network defense functions performed by an IDPS?

Accepted Answer

The answer of What are the three network defense functions...

Question 50

List four types of information that an NIDPS typically logs.

Accepted Answer

The answer of List four types of information that an...

Deck 8: Intrusion Detection and Prevention Systems