11.3.6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?

Anomaly-based IDS

What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?

Antivirus software

What does an IDS that uses signature recognition use to identify attacks?

Comparisons to known attack patterns

As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?

Host-based IDS

You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?

IPS

Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?

Implement an application-aware IPS in front of the web server

Which of the following describes a false positive when using an IPS device?

Legitimate traffic being flagged as malicious

Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?

Signature-based IDS

Which of the following describes the worst possible action by an IDS?

The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.

An active IDS system often performs which of the following actions? (Select two.)

Updates filters to block suspect traffic. Performs reverse lookups to identify an intruder.


Ensembles d'études connexes

Prep U/ Qs - Chapter 9: Antibiotics

View Set

7th grade Vocabulary Workshop Unit 6 definitions

View Set

Foundation for Living | T / F 🌀

View Set

Chapter 16: Personal Selling and Sales Promotion

View Set

Google Ads Certificate Questions

View Set

Module 3 Introduction to Computer Software

View Set