chp 17
Any activity that should not be but is occurring on an information system is called:
an intrusion
A host-based intrusion detection system (HIDS) monitors activity on a network.
false
A packet filtering firewall is a type of firewall that functions as a gateway for requests arriving from clients.
false
After a firewall is designed and implemented, a firewall policy should be developed.
false
An intrusion detection system (IDS) is a single piece of software, as opposed to a series of components.
false
An intrusion detection system (IDS) prevents attacks from occurring.
false
An intrusion detection system (IDS) provides a way of both detecting an attack and dealing with it.
false
By definition, misuse is always malicious in nature.
false
Firewalls perform well against misuse.
false
Honeypots and honeynets are, by definition, illegal.
false
Intrusion detection is the ability to detect misuse of resources or privileges.
false
Misuse detection is the technique of uncovering successful or attempted unauthorized access to an information system.
false
Role based access control (RBAC) depends on the owner or author of data to manage security.
false
A group of computers or a network configured to attract attackers is called a(n):
honeynet.
A single computer that is configured to attract attackers to it and act as a decoy is called a(n):
honeypot
The principle that individuals will be given only the level of access that is appropriate for their specific job role or function is called:
least privilege
The improper use of privileges or resources within an organization is called:
misuse
The primary components of a host-based intrusion detection system (HIDS) are:
the command console and the monitoring agent software.
The primary components of a network-based intrusion detection system (NIDS) are:
the command console and the network sensor.
The two main types of intrusion detection systems (IDSs) are:
the network-based intrusion detection system (NIDS) and the host-based intrusion detection system (HIDS).
A multi-homed device has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces.
true
A screened host is a setup where the network is protected by a device that combines the features of proxy servers with packet filtering.
true
An intrusion detection system (IDS) essentially extends the traffic-capturing capability of a packet sniffer in that the IDS compares the intercepted traffic to known good or bad behavior.
true
Barriers, guards, cameras, and locks are examples of physical controls.
true
Firewalls separate networks and organizations into different zones of trust.
true
Intrusion detection is the process of detecting potential misuse or attacks and the ability to respond based on the alert that is provided.
true
Most intrusion detection systems (IDSs) are based on signature analysis.
true
Network connectivity arguably has the biggest impact on the effectiveness of the firewall.
true
Which of the following options for firewall implementation has multiple network interfaces that use rules to determine how packets will be forwarded between interfaces?
Multi-homed device
Which of the following is NOT one of the three basic modes firewalls can operate in?
SYN proxying
Which of the following refers to an intrusion detection system (IDS) that is programmed to identify known attacks occurring in an information system or network by comparing sniffed traffic or other activity with that stored in a database?
Signature analysis
Which of the following is commonly known as misuse detection because it attempts to detect activities that may be indicative of misuse or intrusions?
Signature recognition
Which of the following is a firewall best able to control?
Traffic
Which of the following statements is NOT true about firewall policy?
A policy is not necessary if the firewall is configured in the way the administrator wants.
Which of the following controls fit in the area of policy and procedure?
Administrative
Which of the following is an intrusion detection system with additional abilities that make it possible to protect systems from attack by using different methods of access control?
An intrusion prevention system
Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?
Anomaly detection
Which of the following options for firewall implementation has a region of the network or zone that is sandwiched between two firewalls?
Demilitarized zone (DMZ)
Which of the following statements is NOT true about firewalls?
Firewalls have not changed much over the years.
Which of the following provides the ability to monitor a network, host, or application, and report back when suspicious activity is detected?
Intrusion detection system (IDS)