FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Incident Response: Detection and Decision Making

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Multiple Choice

Review LaterAdd Note

Review Later

When placed next to a hub,switch,or other key networking device,the NIDS may use that device's monitoring port,also known as a(n) ____ port or mirror port.

A) SWAN
B) HID
C) SPAN
D) IDS

Correct Answer

verified

Show Answer

Question 22

Essay

Review LaterAdd Note

Review Later

Briefly describe the tasks involved in managing logs.

Correct Answer

verified

Managing logs involves the following:
1....

View Answer

Show Answer

Question 23

Multiple Choice

Review LaterAdd Note

____ are also known as system integrity verifiers.

A(n) ____ is designed to be placed in a network to determine whether or not the network is being used in ways that are out of compliance with the policy of the organization.

List five reasons why you would acquire and use an IDS.

Discuss two weaknesses of the signature-based IDS technology.

Using a process known as ____,Network IDSs must look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be underway.

Match each statement with an item below. -The process of attracting attention to a system by placing tantalizing bits of information in key locations.

The failure of an IDS system to react to an actual attack event is known as a ____.

A ____ is an alarm or alert that indicates that an attack is in progress or that an attack has successfully occurred when in fact there was no such attack.

A(n) ____ is an event that triggers alarms and causes a false positive when no actual attacks are in progress.

Match each statement with an item below. -Can indicate if a relationship exists between the individual alarm elements when they have specific similar attributes.

____ is an ongoing activity from alarm events that are accurate and noteworthy but not necessarily significant as potentially successful attacks.

What are the advantages and disadvantages of HIDS?

The term ____ refers to an event that triggers alarms and causes an IDS to react as if a real attack is in progress.

The purpose of a NIDS is to look for patterns within network traffic that indicate an intrusion event is underway or about to begin.

Match each statement with an item below. -The action of luring an individual into committing a crime to get a conviction.

What are the steps involved in monitoring networks for signs of intrusion?

Match each statement with an item below. -Network burglar alarm.

According to Pipkin,what are the four types of incident candidates that are probable indicators of actual incidents? Provide a brief description of each incident candidate.