CTC 452 Quiz 6
Unlock all answers in this set
Unlock answersquestion
Where is a host-based IDPS agent typically placed?
answer
On a workstation or server
question
Which of the following is true about an NIDPS versus an HIDPS?
answer
An HIDPS can detect attacks not caught by an NIDPS
question
A weakness of a signature-based system is that it must keep state information on a possible attack.
answer
True
question
Which of the following is NOT a typical IDPS component?
answer
Internet Gateway
question
Which of the following is NOT a primary detection methodology?
answer
Baseline Detection
question
Which of the following is true about an HIDPS?
answer
Monitors OS and application logs
question
An IDPS consists of a single device that you install between your firewall and the Internet.
answer
False
question
Which of the following is an IDPS security best practice?
answer
Communication between IDPS components should be encrypted
question
What is an advantage of the anomaly detection method?
answer
System can detect attacks from inside the network by people with stolen accounts
question
Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?
answer
Inline Only
question
Which of the following is true about the steps in setting up and using an IDPS?
answer
False positives do not compromise network security
question
Which of the following is NOT a method used by passive sensors to monitor traffic?
answer
Packet Filter
question
Which of the following is NOT a network defense function found in intrusion detection and prevention systems?
answer
Identification
question
Which of the following is an advantage of a signature-based detection system?
answer
Each signature is assigned a number and name
question
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
answer
Hybrid
question
A hybrid IDPS combines aspects of NIDPS and HIDPS configuration
answer
True
question
Why might you want to allow extra time for setting up the database in an anomaly-based system?
answer
to allow a baseline of data to be compiled
question
Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance?
answer
heuristic
question
If you see a /16 in the header of a snort rule, what does it mean?
answer
the subnet mask is 255.255.0.0