FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 41

True/False

Review LaterAdd Note

Review Later

A(n) monitoring vulnerability scanner is one that listens in on the network and determines vulnerable versions of both server and client software. _________________________

Correct Answer

verified

Show Answer

Question 42

True/False

Review LaterAdd Note

Review Later

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

Correct Answer

verified

Show Answer

Question 43

Essay

Review LaterAdd Note

List and describe the three advantages of NIDPSs.

Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

NIDPSs can reliably ascertain whether an attack was successful.

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) ____________________.

Intrusion __________ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.

A(n) __________ IDPS is focused on protecting network information assets.

Fingerprinting is the organized research of the Internet addresses owned or controlled by a target organization. _________________________

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.

A false positive is the failure of an IDPS system to react to an actual attack event.

The primary advantages of a centralized IDPS control strategy are cost and ease of use. _________________________

Preconfigured, predetermined attack patterns are called signatures. _________________________

For Linux or BSD systems, a tool called "Snow White" allows a remote individual to "mirror" entire Web sites. _________________________

____________________ is the process of attracting attention to a system by placing tantalizing bits of information in key locations.

HIDPSs are also known as system ____________________ verifiers.

When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________

The integrity value, which is based upon fuzzy logic, helps an administrator determine how likely it is that an IDPS alert or alarm indicates an actual attack in progress. _________________________

A(n) ____________________ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.

In TCP/IP networking, port __________ is not used.