Network Security 1.0 Modules 11-12

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is PulledPort?

A rule management application that can be used to automatically download Snort rule updates

What is contained in an OVA file?

An installable version of a virtual machine

What is an advantage of HIPS that is not provided by IDS?

HIPS protects critical system resources and monitors operating system processes.

What is an advantage of using an IPS?

It can stop trigger packets

Which statement describes the function of the SPAN tool used in a Cisco switch?

It copes the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.

What is a characteristic of the Community Rule set type of snort term-based subscriptions?

It is available for free

What is a characteristics of an IDS?

It often requires assistance from other network devices to respond to an attack

What is a characteristic of the connectivity policy setting when configuring Snort threat protection?

It provides the lowest level of protection

What are two characteristics of an IPS operating in promiscuous mode? (Choose two)

It requires the assistance of another network device to respond to an attack It does not impact the flow of packets in forwarded traffic.

What is a minimum system requirement to activate Snort IPS functionality on a Cisco router?

K9 license

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?

Snort

Which snort IPS feature enables a router to download rule sets direcetly from cisco.com or snort.org.

Snort rule set pull

What information must an IPS track in order to detect attacks matching a composite signature?

The state of packets related to the attack

What is a network trap?

a passive device that forwards all traffic and physical layer errors to an analysis device.

What is provided by the fail open and close functionality of Snort IPS?

blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure

What are two characteristics of both IPS and IDS sensors? (Choose two)

both use signatures to detect patterns both can detect atomic patterns

What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two)

drop or prevent the activity allow the activity

A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?

false positive

Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?

honey pot-based detection

What situation will generate a true negative IPS alarm type?

normal traffic that is correctly being ignored and forwarded


Ensembles d'études connexes

Article 430 - Motors, Motor Circuits, and Controllers (QUARTER 2)

View Set

Chapter 8 ACC Learnsmart: Receivables, Bad Debt, and Interest Revenue

View Set

Chapter 4: Evolutionary Origin of Cells and Their General Features

View Set

Chapter 19: NCLEX practice questions

View Set

Para describir ubicación - (to describe location)

View Set

SCH1143 Reproductive System - Multiple Choice

View Set

Study.com Historical Methods Ch 9

View Set