As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices.
You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
Which solution should you implement?
answer
VPN concentrator
Protocol analyzer
Host-based IDS
A host-based IDS is installed on a single host and monitors all traffic coming in to the host. A host-based IDS can analyze encrypted traffic because the host operating system decrypts that traffic as it is received.
question
What do host-based intrusion detection systems often rely upon to perform detection activities?
answer
Network traffic
External sensors
Host system auditing capabilities
A host-based IDS often relies upon the host system's auditing capabilities to perform detection activities. The host-based IDS uses the logs of the local system to search for attack or intrusion activities.
question
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)
answer
An alert is generated and delivered via email, the console, or an SNMP trap.
The IDS logs all pertinent data about the intrusion.
The IDS configuration is changed dynamically, and the source IP address is banned.
question
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
answer
Application implementation flaws
Buffer overflow exploitation of software
Bandwidth-based denial of service
Network-based intrusion detection systems are best suited to detect and prevent bandwidth-based denial of service attacks. This type of attack manipulates network traffic in such a way that network-based IDS can easily detect it.
question
Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Choose two.)
answer
Listening to network traffic
Monitoring the audit trails on a server
Transmitting FIN or RES packets to an external host
Disconnecting a port being used by a zombie
Passive IDS is a form of IDS that takes no noticeable action on the network. Passive IDS systems are undetectable by intruders. Passive IDS systems can monitor audit trails or listen to network traffic in real time.
question
Which of the following devices can monitor a network and detect potential security attacks?
answer
Proxy
DNS server
IDS
An intrusion detection system (IDS) is a special network device that can detect attacks and suspicious activity.
question
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? (Select two.)
answer
ACL
VPN
IDS
IPS
question
You have configured an NIDS to monitor network traffic. Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?
answer
False positive
Positive
False negative
question
Which of the following describes a false positive when using an IPS device?
answer
The source address identifying a non-existent host
Legitimate traffic being flagged as malicious
Malicious traffic not being identified
question
Which of the following devices is capable of detecting and responding to security threats?
answer
IDS
IPS
Multi-layer switch
intrusion prevention system (IPS) can detect and respond to security events. An IPS differs from an IDS because it can respond to security threats, not just detect them.
question
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible.
Which tool should you use?
answer
Packet sniffer
IDS
IPS
question
Network-based intrusion detection is most suited to detect and prevent which types of attacks?
answer
Buffer overflow exploitation of software
Bandwidth-based denial of service
Application implementation flaw
question
A honeypot is used for which purpose?
answer
To delay intruders in order to gather auditing data
To entrap intruders
To prevent sensitive data from being accessed
A honeypot is used to delay intruders in order to gather auditing data. A honeypot is a fake network or system that hosts false information but responds as a real system should. Honeypots usually entice intruders to spend considerable time on the system and allows extensive logging of the intruder's activities.
question
Your organization uses a web server to host an e-commerce site.
Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.
What should you do?
answer
Implement a stateful firewall in front of the web server
Implement an application-aware IPS in front of the web server
Implement an application-aware IDS in front of the web server
Install an anti-malware scanner on the web server
question
Which of the following describes the worst possible action by an IDS?
answer
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The system correctly deemed harmless traffic as inoffensive and let it pass.
The system detected a valid attack and the appropriate alarms and notifications were generated.
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy