chp 17

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Any activity that should not be but is occurring on an information system is called:

an intrusion

A host-based intrusion detection system (HIDS) monitors activity on a network.

false

A packet filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients.

false

After a firewall is designed and implemented, a firewall policy should be developed.

false

An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components.

false

An intrusion detection system (IDS) prevents attacks from occurring.

false

An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it.

false

By definition, misuse is always malicious in nature.

false

Firewalls perform well against misuse.

false

Honeypots and honeynets are, by definition, illegal.

false

Intrusion detection is the ability to detect misuse of resources or privileges.

false

Misuse detection is the technique of uncovering successful or attempted unauthorized access to an information system.

false

Role based access control (RBAC) depends on the owner or author of data to manage security.

false

A group of computers or a network configured to attract attackers is called a(n):

honeynet.

A single computer that is configured to attract attackers to it and act as a decoy is called a(n):

honeypot

The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called:

least privilege

The improper use of privileges or resources within an organization is called:

misuse

The primary components of a host-based intrusion detection system (HIDS) are:

the command console and the monitoring agent software.

The primary components of a network-based intrusion detection system (NIDS) are:

the command console and the network sensor.

The two main types of intrusion detection systems (IDSs) are:

the network-based intrusion detection system (NIDS) and the host-based intrusion detection system (HIDS).

A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces.

true

A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering.

true

An intrusion detection system (IDS) essentially extends the traffic-capturing capability of a packet sniffer in that the IDS compares the intercepted traffic to known good or bad behavior.

true

Barriers, guards, cameras, and locks are examples of physical controls.

true

Firewalls separate networks and organizations into different zones of trust.

true

Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided.

true

Most intrusion detection systems (IDSs) are based on signature analysis.

true

Network connectivity arguably has the biggest impact on the effectiveness of the firewall.

true

Which of the following options for firewall implementation has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces?

Multi-homed device

Which of the following is NOT one of the three basic modes firewalls can operate in?

SYN proxying

Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database?

Signature analysis

Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?

Signature recognition

Which of the following is a firewall best able to control?

Traffic

Which of the following statements is NOT true about firewall policy?

A policy is not necessary if the firewall is configured in the way the administrator wants.

Which of the following controls fit in the area of policy and procedure?

Administrative

Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control?

An intrusion prevention system

Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?

Anomaly detection

Which of the following options for firewall implementation has a region of the network or zone that is sandwiched between two firewalls?

Demilitarized zone (DMZ)

Which of the following statements is NOT true about firewalls?

Firewalls have not changed much over the years.

Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?

Intrusion detection system (IDS)


Set pelajaran terkait

Chapter 27: Safety, Security, and Emergency Preparedness

View Set

Define Computer Science , Algorithms and Information Technology

View Set

Pénzügyi jog 1 - Adóeljárás

View Set

Business Final 2022 (Quiz 1-7) (Objective Exam 1-3)

View Set

CHAPTER 13: THE SPINAL CORD AND SPINAL NERVES

View Set