6.4 Intrusion Detection and Prevention
Which of the following is true about an intrusion detection system?
An intrusion detection system monitors data packets for malicious or unauthorized traffic.
Which IDS method defines a baseline of normal network traffic and then looks for anything that falls outside of that baseline?
Anomaly-based
Which IDS traffic assessment indicates that the system identified harmless traffic as offensive and generated an alarm or stopped the traffic?
False positive
As a security precaution, you've implemented IPsec to work between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Host-based IDS
You're concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
Which of the following is true about an NIDS?
It detects malicious or unusual incoming and outgoing traffic in real time.
Which IDS type can alert you to trespassers?
PIDS
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Signature-based IDS
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
You've just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis?
Update the signature files.
