If you see a /16 in the header of a snort rule, what does it mean?
Select one:
a. the size of the log file is 16 MB
b. the subnet mask is 255.255.0.0
c. a maximum of 16 log entries should be kept
d. the detected signature is 16 bits in length
answer
b. the subnet mask is 255.255.0.0
question
The period of time during which an IDPS monitors network traffic to observe what constitutes normal network behavior is referred to as which of the following?
Select one:
a. traffic normalizing
b. profile monitoring
c. training period
d. baseline scanning
answer
c. training period
question
What is an advantage of the anomaly detection method?
Select one:
a. makes use of signatures of well-known attacks
b. system can detect attacks from inside the network by people with stolen accounts
c. easy to understand and less difficult to configure than a signature-based system
d. after installation, the IDPS is trained for several days or weeks
answer
b. system can detect attacks from inside the network by people with stolen accounts
question
Where is a host-based IDPS agent typically placed?
Select one:
a. on a workstation or server
b. between two subnets
c. at Internet gateways
d. between remote users and internal network
answer
d. between remote users and internal network
question
Which approach to stateful protocol analysis involves detection of the protocol in use, followed by activation of analyzers that can identify applications not using standard ports?
Select one:
a. Protocol state tracking
b. Dynamic Application layer protocol analysis
c. IP packet reassembly
d. Traffic rate monitoring
answer
b. Dynamic Application layer protocol analysis
question
Which IDPS customization option is a list of entities known to be harmless?
Select one:
a. thresholds
b. whitelists
c. blacklists
d. alert settings
answer
b. whitelists
question
Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance?
Select one:
a. brute force
b. heuristic
c. anomaly
d. signature
answer
b. heuristic
question
Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?
Select one:
a. active only
b. online only
c. passive only
d. inline only
answer
d. inline only
question
Which of the following is an advantage of a signature-based detection system?
Select one:
a. each signature is assigned a number and name
b. it is based on profiles the administrator creates
c. the definition of what constitutes normal traffic changes
d. the IDPS must be trained for weeks
answer
a. each signature is assigned a number and name
question
Which of the following is an IDPS security best practice?
Select one:
a. communication between IDPS components should be encrypted
b. log files for HIDPSs should be kept local
c. all sensors should be assigned IP addresses
d. to prevent false positives, only test the IDPS at initial configuration
answer
a. communication between IDPS components should be encrypted
question
Which of the following is considered a problem with a passive, signature-based system?
Select one:
a. profile updating
b. false positives
c. custom rules
d. signature training
answer
b. false positives
question
Which of the following is NOT a method used by passive sensors to monitor traffic?
Select one:
a. packet filter
b. load balancer
c. spanning port
d. network tap
answer
a. packet filter
question
Which of the following is NOT a network defense function found in intrusion detection and prevention systems?
Select one:
a. detection
b. response
c. prevention
d. identification
answer
d. identification
question
Which of the following is NOT a primary detection methodology?
Select one:
a. baseline detection
b. signature detection
c. stateful protocol analysis
d. anomaly detection
answer
a. baseline detection
question
Which of the following is NOT a typical IDPS component?
Select one:
a. database server
b. Internet gateway
c. command console
d. network sensors
answer
b. Internet gateway
question
Which of the following is true about an HIDPS?
Select one:
a. tracks misuse by external users
b. monitors OS and application logs
c. sniffs packets as they enter the network
d. centralized configurations affect host performance
answer
b. monitors OS and application logs
question
Which of the following is true about an NIDPS versus an HIDPS?
Select one:
a. an NIDPS can compare audit log records
b. an HIDPS can detect attacks not caught by an NIDPS
c. an NIDPS can determine if a host attack was successful
d. an HIDPS can detect intrusion attempts on the entire network
answer
b. an HIDPS can detect attacks not caught by an NIDPS
question
Which of the following is true about the steps in setting up and using an IDPS?
Select one:
a. alerts are sent when a packet doesn't match a stored signature
b. anomaly-based systems come with a database of attack signatures
c. false positives do not compromise network security
d. sensors placed on network segments will always capture every packet
answer
c. false positives do not compromise network security
question
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
Select one:
a. host-based
b. hybrid
c. network-based
d. inline
answer
b. hybrid
question
Why might you want to allow extra time for setting up the database in an anomaly-based system?
Select one:
a. to add your own custom rule base
b. it requires special hardware that must be custom built
c. the installation procedure is usually complex and time consuming
d. to allow a baseline of data to be compiled
answer
d. to allow a baseline of data to be compiled
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
