Chapter 7 Quiz

8 September 2022
4.7 (114 reviews)
49 test answers

Unlock all answers in this set

Unlock answers (45)
question
A false positive is the failure of an IDPS system to react to an actual attack event.
answer
False
question
Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.
answer
False
question
The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.
answer
False
question
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.
answer
True
question
NIDPSs can reliably ascertain whether an attack was successful.
answer
False
question
HIDPSs are also known as system integrity verifiers.
answer
True
question
An HIDPS can monitor system logs for predefined events.
answer
True
question
An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.
answer
True
question
An HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.
answer
False
question
The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal.
answer
True
question
IDPS responses can be classified as active or passive.
answer
True
question
A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered.
answer
False
question
The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
answer
True
question
An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message.
answer
True
question
In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms.
answer
True
question
Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.
answer
False
question
All IDPS vendors target users with the same levels of technical and security expertise.
answer
False
question
Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors.
answer
True
question
Intrusion detection and prevention systems can deal effectively with switched networks.
answer
False
question
A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.
answer
True
question
Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems.
answer
True
question
To assist in footprint intelligence collection, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
answer
True
question
Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.
answer
False
question
Administrators who are wary of using the same tools that attackers use should remember that a tool that can help close an open or poorly configured firewall will not help the network defender minimize the risk from attack.
answer
False
question
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.
answer
True
question
A passive vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
answer
False
question
Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.
answer
False
question
To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive.
answer
False
question
A(n) event is an indication that a system has just been attacked or is under attack. _________________________
answer
False
question
Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________
answer
True
question
The process of entrapment occurs when an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. _________________________
answer
False
question
A(n) server-based IDPS protects the server or host's information assets. _________________________
answer
False
question
In the process of protocol application verification, the NIDPSs look for invalid data packets. _________________________
answer
False
question
A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________
answer
False
question
A(n) log file monitor is similar to an NIDPS. _________________________
answer
True
question
The primary advantages of a centralized IDPS control strategy are cost and ease of use. _________________________
answer
False
question
When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________
answer
True
question
The disadvantages of using the honeypot or padded cell approach include the fact that the technical ?implications of using such devices are not well understood. _________________________
answer
False
question
A padded cell is a hardened honeynet. _________________________
answer
False
question
When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________
answer
False
question
Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________
answer
False
question
Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.
answer
fingerprinting
question
A(n) __________ IDPS is focused on protecting network information assets.
answer
network-based
question
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
answer
signatures
question
Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
answer
inline
question
__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
answer
HIDPSs
question
Which of the following ports is commonly used for the HTTP protocol?
answer
80
question
Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.
answer
destructive
question
A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.
answer
packet sniffer