6.8.7.
Which actions can a typical passive intrusion detection system (IDS) take when it detects an attack? (Select two.)
An alert is generated and delivered via email, the console, or an SNMP trap. The IDS logs all pertinent data about the intrusion.
Network-based intrusion debtection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
letwork-based intrusion detection is most suited to detect and prevent which types of attacks?
Bandwidth-based denial of service
You have configured an NIDS to monitor network traffic, Which of the following describes harmless traffic that has been identified as a potential attack by the NIDS device?
False positive
Which of the following devices can monitor a network and detect potential security attacks?
IDS
Which of the following are security devices that perform stateful inspection of packet data and look for patterns that indicate malicious code? (Select two.)
IDS IPS
Which of the following devices is capable of detecting and responding to security threats?
IPS
You are concemed about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
IPS
Your organization uses a web server to host an e-commerce site. that it could become a prime target for Because this web server handles financial transactions, you are concerned exploits. You want to implement a network security control that will analyze the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them.
Implement an application-aware IPS in front of the web server
Which of the following describes a false positive when using an IPS device?
Legitimate traffic being flagged as malicious
Which of the following activities are considered passive in regards to the function of an intrusion detection system? (Choose two.)
Listening to network traffic Monitoring the audit trails on a server
What do host-based intrusion detection systems often rely upon to perform detection activities?
O Host system auditing capabilities External sensors
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks.
O Host-based IDS
Which of the following describes the worst possible action by an IDS?
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
A honeypot is used for which purpose?
To delay intruders in order to gather auditing
