SRA221 Chapter7

Card Set Information

Author:
guntoro
ID:
269770
Filename:
SRA221 Chapter7
Updated:
2014-04-09 09:59:06
Tags:
SRA221 Chapter7
Folders:

Description:
SRA221 Chapter7
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user guntoro on FreezingBlue Flashcards. What would you like to do?


  1. Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected. (T/F)
    True
  2. A false positive is the failure of an IDPS system to react to an actual attack event. (T/F)
    False, False negative is
  3. The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus. (T/F)
    False, known as Evasion
  4. A HIDPS can monitor systems logs for predefined events. (T/F)
    True
  5. A passive response is a definitive action automatically initiated when certain types of alerts are triggered. (T/F)
    False, active response is
  6. The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively. (T/F)
    True
  7. An IDPS can be configured to dial a phone number and produce an alphanumeric page or a modem noise. (T/F)
    True
  8. In order to determine which IDPS best meets an organization’s needs, first consider the organizational environment in technical, physical, and political terms. (T/F)
    True
  9. Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. (T/F)
    False, culture will affect
  10. All IDPS vendors target users with the same levels of technical and security expertise. (T/F)
    False, Different IDPS vendors target users with the different levels of technical and security expertise.
  11. Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors. (T/F)
    True
  12. Intrusion detection and prevention systems can deal effectively with switched networks.
    True
  13. A fully distributed IDPS control strategy is the opposite of the centralized strategy. (T/F)
    True
  14. A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers. (T/F)
    True
  15. Services using the TCP/IP protocol can run only on port 80. (T/F)
    False, any port ussually 1-1023
  16. Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. (T/F)
    True
  17. A starting scanner is one that initiates traffic on the network in order to determine security holes. (T/F)
    False, active scanner is
  18. A sniffer cannot be used to eavesdrop on network traffic. (T/F)
    False, a sniffer can be used
  19. Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing. (T/F)
    False, do not require vulnerability
  20. Most of the technologies that scan human characteristics convert these images to some form of minutiae. (T/F)
    True
  21. A(n) ____ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
    A. IDS
    B. ITS
    C. SIS
    D. IIS
    A. IDS
    (this multiple choice question has been scrambled)
  22. Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
    A. prevention
    B. reaction
    C. detection
    D. correction
    D. correction
    (this multiple choice question has been scrambled)
  23. ____ is an event that triggers an alarm when no actual attack is in progress.
    A. Noise
    B. False Negative
    C. False Positive
    D. False Attack Stimulus
    D. False Attack Stimulus
    (this multiple choice question has been scrambled)
  24. ____ is the process of classifying IDPS alerts so that they can be more effectively managed.
    A. Alarm filtering
    B. Alarm clustering
    C. Alarm compaction
    D. Alarm attenuation
    A. Alarm filtering
    (this multiple choice question has been scrambled)
  25. Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as ____.
    A. footprinting
    B. filtering
    C. doorknob rattling
    D. fingerprinting
    D. fingerprinting
    (this multiple choice question has been scrambled)
  26. A(n) ____ IDPS is focused on protecting network information assets.
    A. host-based
    B. server-based
    C. network-based
    D. application-based
    C. network-based
    (this multiple choice question has been scrambled)
  27. ____ is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
    A. DPS
    B. NIDPS
    C. SPAN
    D. IDSE
    C. SPAN
    (this multiple choice question has been scrambled)
  28. To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.
    A. footprints
    B. signatures
    C. fingernails
    D. fingerprints
    B. signatures
    (this multiple choice question has been scrambled)
  29. ____ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
    A. HIDPSs
    B. NIDPSs
    C. SIDPSs
    D. AppIDPSs
    B. NIDPSs
    (this multiple choice question has been scrambled)
  30. ____ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
    A. Inline
    B. Passive
    C. Offline
    D. Bypass
    A. Inline
    (this multiple choice question has been scrambled)
  31. ____ are decoy systems designed to lure potential attackers away from critical systems.
    A. Padded nets
    B. Honeycells
    C. Honeypots
    D. Padded cells
    C. Honeypots
    (this multiple choice question has been scrambled)
  32. IDPS researchers have used padded cell and honeypot systems since the late ____.
    A. 1970s
    B. 1960s
    C. 1980s
    D. 1990s
    C. 1980s
    (this multiple choice question has been scrambled)
  33. ____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
    A. Trace and treat
    B. Treat and trap
    C. Trap and trace
    D. Trace and clip
    C. Trap and trace
    (this multiple choice question has been scrambled)
  34. ____ is the action of luring an individual into committing a crime to get a conviction.
    A. Padding
    B. Intrusion
    C. Entrapment
    D. Enticement
    C. Entrapment
    (this multiple choice question has been scrambled)
  35. In TCP/IP networking, port ____ is not used.
    A. 1023
    B. 1
    C. 13
    D. 0
    D. 0
    (this multiple choice question has been scrambled)
  36. Which of the following ports is commonly used for the HTTP protocol?
    A. 80
    B. 25
    C. 53
    D. 20
    A. 80
    (this multiple choice question has been scrambled)
  37. ____ testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
    A. Spike
    B. Black
    C. Buzz
    D. Fuzz
    D. Fuzz
    (this multiple choice question has been scrambled)
  38. A(n) ____ is a network tool that collects copies of packets from the network and analyzes them.
    A. honey pot
    B. honey packet
    C. packet sniffer
    D. packet scanner
    C. packet sniffer
    (this multiple choice question has been scrambled)
  39. Among all possible biometrics, ____ is(are) considered truly unique.
    a. retina of the eye
    b. fingerprints
    c. iris of the eye
    d. All of the above
    d. All of the above
  40. ____ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
    A. Physical access control
    B. System access control
    C. Software access control
    D. Biometric access control
    D. Biometric access control
    (this multiple choice question has been scrambled)
  41. A(n) ____ is a proposed systems user.
    A. supplicant
    B. activator
    C. authenticator
    D. challenger
    A. supplicant
    (this multiple choice question has been scrambled)
  42. The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.
    A. REC
    B. IIS
    C. CER
    D. BIOM
    C. CER Crossover Error Rate
    (this multiple choice question has been scrambled)
  43. A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.
    intrusion
  44. The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________.
    noise
  45. A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
    smart
  46. Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.
    clustering
  47. In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
    application
  48. Three methods dominate the IDPSs detection methods: ____________________-based approach, statistical anomaly-based approach or the stateful packet inspection approach.
    signature
  49. When the measured activity is outside the baseline parameters, it is said to exceed the ____________________ level.
    clipping
  50. With a(n) ____________________ IDPS control strategy all IDPS control functions are implemented and managed in a central location.
    centralized
  51. When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________.
    honeynet
  52. A(n) ____________________ is a honey pot that has been protected so that it cannot be easily compromised.
    padded cell
  53. Under the guise of justice, some less scrupulous administrators may be tempted to ____________________, or hack into a hacker’s system to find out as much as possible about the hacker.
    back hack
  54. ____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.
    enticement

What would you like to do?

Home > Flashcards > Print Preview