CS356 Chapter 8 Quiz

A(n) ________ event is an alert that is generated when the gossip traffic enables a platform to conclude that an attack is under way.

DDI

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device

False

Anomaly detection is effective against misfeasors.

False

Signature-based approaches attempt to define normal, or expected behavior, whereas anomaly approaches attempt to define proper behavior

False

Snort can perform intrusion prevention but not intrusion detection

False

The IDS component responsible for collecting data is the user interface.

False

Those who hack into computers do so for the thrill of it or for status.

False

________ are amount the most difficult to detect and prevent.

Insider attacks

The _________ module analyzes LAN traffic and reports the results to the central manager.

LAN monitor agent

A ________ model is used to establish transition probabilities amount various states

Markov process

_________ is a document that describes the application level protocol for exchanging data between intrusion detection entities.

RFC4767

________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder

Signature detection

A common location for a NIDS sensor is just inside the external firewall.

True

An intruder can also be referred to as a hacker or a cracker

True

Network based intrusion detection makes use of signature detection and anomaly detection

True

Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion

True

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

True

The ________ is responsible for determining if an intrusion has occurred.

analyzer

The ________ is the ID component that analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator

analyzer

A(n) ________ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

inline sensor

A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity

network-based IDS

A ________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.

security intrusion

Intrusion detection is based on the assumption that __________.

the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.