Objective 3.4: Intrusion Detection
IDS may be configured to report attack occurrences. You just received a notification that an attack occurred, but after checking, you find that it really wasn't an attack at all. What is the term for this type of alarm?
You are looking for a security tool to exam or audit system configurations and find areas that pose security risks in conjunction with your Intrusion Detection plan. What tool should you use?
Which of the following terms relates to sending an ICMP request to each IP address on a subnet and waiting for replies?
Which of the following terms relates to sending an initial SYN packet, receiving an ACK packet, and then immediately sending an RST packet?
TCP full scanning
TCP half scanning
Which of the following is most useful when detecting network intrusions?
Access control policies
Objective 3.4.1: Network Based
Which of the following describes how a network-based IDS acquires data?
Which of the following apply to network-based IDS? (Select all that apply.)
Provides reliable, real-time intrusion data
Remains passive and transparent on the network
Uses many network or host resources
Becomes active when identifying intrusions
Which of the following intrusion detection systems functions in current or real time to monitor network traffic?
Objective 3.4.2: Host Based
What tool would you use to monitor for intrusions by reviewing computer system and event logs on a client computer?
Objective 18.104.22.168: Active Detection
What does active detection refer to when using an intrusion detection system (IDS)? (Select all that apply.)
An IDS that is constantly running 24 hours a day
An IDS that responds to the suspicious activity by logging off a user
An IDS that reprograms the firewall to block the suspected source
An IDS that shuts down the Internet after a suspected attack
Objective 22.214.171.124: Passive Detection
What does Passive Detection refer to when using an IDS? (Select all that apply.)
A host-based IDS that responds to a potential security breach
A network-based IDS that logs a security breach and raises an alert
Any IDS that simply detects the potential security breach
An IDS that is turned to passive mode
Objective 3.4.3: Honey Pots
Which type of network device is characterized by the following description: Used to fool crackers, allowing them to continue an attack on a sacrificial computer that contains fictitious information?
Objective 3.4.4: Incident Response
Your network administrator has installed a network-based IDS and a honey pot on the network. What is the written plan called that indicates who will monitor these tools and how users should react once a malicious attack has occurred?
Monitoring and response
Security alert and response