CSS 1005: Ch 13

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of the following questions should you take into account when securing log files? (Select the two best answers.)

- Encrypted in a Kerberos System - Stored in multiple locations

Behavior-based monitoring establishes a performance baseline based on a set of normal network traffic evaluations.

False

A broadcast storm is when the TCP/IP handshake has been compromised.

False —A broadcast storm is when there is an accumulation of protest animal key cast packet traffic on the LAN.

SNMP and IMAP use various ports. Match the ports to the protocol.

SNMP - Port 161 IMAP - Port 143 CNMP - Port 162

Baselining is the process of measuring changes in networking.

True - Creating a baseline consists of selecting something to measure and measuring it consistently for a period of time; baselining is the process of measuring changes.

In a signature-based monitoring environment, network traffic is analyzed for predetermined attack patterns.

True —Signature-based monitoring analyzes network traffic for predetermined attack patterns known as signatures stored in a database.

When conducting an audit, what should be done after risk has been scanned for, analyzed, and calculated?

Develop a plan to mitigate risk -After risk has been scanned for, analyzed, and calculated, a plan should be developed to mitigate those risks.

Anomaly-based monitoring uses predetermined attack patterns.

False —Anomaly-based monitoring establishes a performance baseline based on a set of normal network traffic evaluations. Signature-based monitoring uses predetermined attack patterns.

Which of the following is the most basic form of IDS?

Signature-based -Signature-based IDS is the most basic form of intrusion detection systems or IDS. This monitors packets on the network and compares them against a database of signatures. Anomaly-based, behavior-based, and statistical-based are all more complex forms of IDS. Anomaly and statistical are often considered to be the same type of monitoring methodology.

Security monitoring can be augmented by using a SIEM solution.

TRUE - Security monitoring can be augmented by using a security information and event management (SIEM) solution. SIEM products combine security event management and security information management.


Set pelajaran terkait

Milady Advanced Esthetics Chapter 3: Histology of the Cell & Skin

View Set

Immunology Lecture 8 Activation of the Immune System

View Set

Cellular Adaption, Injury and death

View Set

week 2; #1 Hemodynamic Monitoring

View Set

EMT Chapter 8 - Lifting and Moving

View Set