5010 Midterm Quiz Midterm

True or False: Intrusion detection is the process of monitoring and analysing events occurring in a computer system or network.

Select a sign that is NOT an event

Select the option which is NOT an incident

True or False: Incidents are always malicious

IDS automates the proccess of ___________ incidents

True or False: IPS automate the process of detecting incidents and attempt to stop the incident form occurring.

True or False: IDPS can identify miconfigs of security appliances

True or False: IDPS can NOT identify policy problems

Select the method on how NOT to record event information

Select 4 ways admins can be notified of important alerts

IPS technologies differ from IDS by one characteristic: IPS can respond to a detected threat and attempt to ______________ an incident.

True or False: IDPS solutions provides 100% accurate detection and is aware of zero-day threats

An attacker sent out an attachment in an email but it was detected. What detection method was used

True or False: Signature-based detection is effective for known threats and bad for unknown threats

What detection method reuqires the creation of profiles

Where would Network-Based IDPS be deployed at? (Select 3)

True or False: Wireless IDPS systems do not look for suspicious activity from the upper OSI layers

Which of the following is NOT a threath detected by Network Behavior Analysis (NBA)

____________ monitors a signle host for signs of suspicious activity

One reason a network intruder may target an IDPS system is to access the information it contains about the network

Wireless IDPS is used to identify which of the following threats

Identify the benefits of using a seperate management network for a network-based IDPS solution

Which of the following capabiltities of network-based IDPS require turning to improve accuracy?

A ____ is the term used for the device that captures traffic in network-based IDPS.

An ______ is software installed on a machine for host-based IDPS.

A dedicated VLAN can be used to seperate IDPS compnents but they are not protected against: (Choose 1)

It is best practice to store data both ____ and _____

True or False: Accurate time is NOT important for log correlation

_________ are used to reduce false-positives from benign activity from trusted hosts.

Select 2 questions an admin may ask before deloying the archietecture of IDPS:

True or False: If available, organizations should deploy the IDPS solution in a testing environment before deploying them to a production network.

True or False: Right when IDPS is deployed, there will be a lot of detections so no tuning would be required

What are two ways to harden the security on IDPS components? (Select the best 2 answers)

What are the two types of updates an admin needs to consider?

True or False: Programming skills is a skill and admin should have to maintain an IDPS solution

______ is used to improve the detection accuracy of the IDPS

______ is the primary protocol suite used on networks today

Which of the following is NOT a layer on the TCP/IP model?

What network protocol is used when reliable delivery is not necessary

What mode must an interface be put on when trying to monitor network traffic

True or False: Appliance and Software are the two formats sensors are available in

What are two ways to protect yourself when trying to manage your sensor

_________ is deployed so that network traffic that is being monitored must pass through the sensor

What sensor placement method creates copies of the network

What method of copying network traffic is NOT ideal for high traffic throughput

Which method of copying network traffic allows for a copy of network traffic to be taken from any port, anywhere in the organization.

What system is used to direct traffic to a sensor

True or False: Splitting traffic to multiple sensors could cause a reduction in detection accuracy.

True or False: Information gathering consists of TCP/UDP ports and header information being used to detemine a OS running on a host

Passive Fingerprinting is:

Select one data type that is NOT used to log IDPS

True or False: Network-based IDPS can not perform packet captures of the onnection that caused an alert to occur

Select three detection methods network-based IDPS uses commonly

What layer would you see: Banner grabbing, buffer overflows, format string attacks, password guessing, malware transmission

What layer would you see: Port scanning, unusual packet fragmentation, SYN floods

What layer would you see: spoofed IP addresses, illegal IP header values

True or False: Network-based IDPS can rate an attack on how likely it is to succeed.

Which of 1 of the following is NOT a limation of network-based IDPS

What is stealth mode?

Which sensor has the ability to be configured when there is high-laod

________ is a technique attackers can use on an IDPS that attempts to disguise malicious traffic by generating a large number of alerts at the same time

True or False: WEP is a wireless security that is well-known and should be used over 802.11i

True or False: WPA3 is the current standard

What is an example of a Station (STA) in WLAN

What are the two architectures modes of 802.11?

Which 802.11 architecture mode allows STA's communicate directly with no APs

True or False: Wireless attacks require an attacker to be close to the wireless network

Which wireless sensor s completely passive and monitors radio frequency waves to sniff traffic?

Which wireless deployment type is to be used while in motion to find rogue APs

Added IDPS functionality in a wireless architecture is done in what form

True or False: Wireless sensors need to be deployed in locations that allow them to monitor the RF range of the organization's WLAN

Most IDPS sensors create and maintain an inventory of observed devices including: Select 3

What detection method can detect unusual WLAN usage

True or False: Wireless IDPS is generally more accurate than other types of IDPS