FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 31

True/False

Review LaterAdd Note

Review Later

A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________

Correct Answer

verified

Show Answer

Question 32

Multiple Choice

Review LaterAdd Note

Review Later

__________ applications use a combination of techniques to detect an intrusion and then trace it back to its source.

A) Honeynet
B) Trap-and-trace
C) HIDPS
D) Packet sniffer

Correct Answer

verified

Show Answer

Question 33

True/False

Review LaterAdd Note

An HIDPS can monitor system logs for predefined events.

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.

A(n) ____________________ occurs when an attacker attempts to gain entry or disrupt the normal operations of an information system, almost always with the intent to do harm.

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.

The ability to detect a target computer's __________ is very valuable to an attacker.

A(n) partially distributed IDPS control strategy combines the best of other IDPS strategies. _________________________

A(n) log file monitor is similar to an NIDPS. _________________________

IDPSs can help the organization protect its assets when its networks and systems are exposed to ____________________ vulnerabilities or are unable to respond to a rapidly changing threat environment.

A packet ____________________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

A(n) __________ works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.

To detect attacks and other security violations that are not prevented by other security measures

The ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks is called ____________________.

A(n) ____________________-based IDPS resides on a particular computer or server and monitors activity only on that system.

A signature-based IDPS is sometimes called a(n) ____________________-based IDPS.

__________ is the process of classifying IDPS alerts so that they can be more effectively managed.

Most network behavior analysis system sensors can be deployed in __________ mode only, using the same connection methods as network-based IDPSs.

Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.