11.3.6
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Anomaly-based IDS
What is the most common form of host-based IDS that employs signature or pattern-matching detection methods?
Antivirus software
What does an IDS that uses signature recognition use to identify attacks?
Comparisons to known attack patterns
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement an application-aware IPS in front of the web server
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
An active IDS system often performs which of the following actions? (Select two.)
Updates filters to block suspect traffic. Performs reverse lookups to identify an intruder.