Home > Articles

  • Print
  • + Share This
This chapter is from the book

Objective 3.4: Intrusion Detection

  1. IDS may be configured to report attack occurrences. You just received a notification that an attack occurred, but after checking, you find that it really wasn't an attack at all. What is the term for this type of alarm?

    1. True positive

    2. False positive

    3. True negative

    4. False negative

  2. You are looking for a security tool to exam or audit system configurations and find areas that pose security risks in conjunction with your Intrusion Detection plan. What tool should you use?

    1. DES

    2. KSA

    3. RSA

    4. NAT

  3. Which of the following terms relates to sending an ICMP request to each IP address on a subnet and waiting for replies?

    1. Port scanning

    2. Echo scanning

    3. Ping scanning

    4. Node scanning

  4. Which of the following terms relates to sending an initial SYN packet, receiving an ACK packet, and then immediately sending an RST packet?

    1. Port scanning

    2. TCP full scanning

    3. Ping scanning

    4. TCP half scanning

  5. Which of the following is most useful when detecting network intrusions?

    1. Audit policies

    2. Audit trails

    3. Access control policies

    4. Audit practices

Objective 3.4.1: Network Based

  1. Which of the following describes how a network-based IDS acquires data?

    1. Passive

    2. Active

    3. Very quiet

    4. Very noisy

  2. Which of the following apply to network-based IDS? (Select all that apply.)

    1. Provides reliable, real-time intrusion data

    2. Remains passive and transparent on the network

    3. Uses many network or host resources

    4. Becomes active when identifying intrusions

  3. Which of the following intrusion detection systems functions in current or real time to monitor network traffic?

    1. Network based

    2. Host based

    3. Gateway based

    4. Router based

Objective 3.4.2: Host Based

  1. What tool would you use to monitor for intrusions by reviewing computer system and event logs on a client computer?

    1. Honey pot

    2. Client IDS

    3. Network-based IDS

    4. Host-based IDS

Objective Active Detection

  1. What does active detection refer to when using an intrusion detection system (IDS)? (Select all that apply.)

    1. An IDS that is constantly running 24 hours a day

    2. An IDS that responds to the suspicious activity by logging off a user

    3. An IDS that reprograms the firewall to block the suspected source

    4. An IDS that shuts down the Internet after a suspected attack

Objective Passive Detection

  1. What does Passive Detection refer to when using an IDS? (Select all that apply.)

    1. A host-based IDS that responds to a potential security breach

    2. A network-based IDS that logs a security breach and raises an alert

    3. Any IDS that simply detects the potential security breach

    4. An IDS that is turned to passive mode

Objective 3.4.3: Honey Pots

  1. Which type of network device is characterized by the following description: Used to fool crackers, allowing them to continue an attack on a sacrificial computer that contains fictitious information?

    1. Fake firewall

    2. Rogue router

    3. IDS

    4. Honey pot

Objective 3.4.4: Incident Response

  1. Your network administrator has installed a network-based IDS and a honey pot on the network. What is the written plan called that indicates who will monitor these tools and how users should react once a malicious attack has occurred?

    1. Active response

    2. Incident response

    3. Monitoring and response

    4. Security alert and response

  • + Share This
  • 🔖 Save To Your Account