Chapter 7 Quiz

Ace your homework & exams now with Quizwiz!

A false positive is the failure of an IDPS system to react to an actual attack event.

False

A padded cell is a hardened honeynet. _________________________

False

A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered.

False

A passive vulnerability scanner is one that initiates traffic on the network in order to determine security holes.

False

A(n) NIDPS functions on the host system, where encrypted traffic will have been decrypted and is available for processing. _________________________

False

A(n) event is an indication that a system has just been attacked or is under attack. _________________________

False

A(n) server-based IDPS protects the server or host's information assets. _________________________

False

Administrators who are wary of using the same tools that attackers use should remember that a tool that can help close an open or poorly configured firewall will not help the network defender minimize the risk from attack.

False

All IDPS vendors target users with the same levels of technical and security expertise.

False

An HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host network devices, such as routers or switches.

False

Enticement is the action of luring an individual into committing a crime to get a conviction. _________________________

False

In the process of protocol application verification, the NIDPSs look for invalid data packets. _________________________

False

Intrusion detection and prevention systems can deal effectively with switched networks.

False

Intrusion detection consists of procedures and systems that identify system intrusions and take action when an intrusion is detected.

False

NIDPSs can reliably ascertain whether an attack was successful.

False

Passive scanners are advantageous in that they require vulnerability analysts to get approval prior to testing.

False

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.

False

The disadvantages of using the honeypot or padded cell approach include the fact that the technical ​implications of using such devices are not well understood. _________________________

False

The primary advantages of a centralized IDPS control strategy are cost and ease of use. _________________________

False

The process by which attackers change the format and/or timing of their activities to avoid being detected by the IDPS is known as a false attack stimulus.

False

The process of entrapment occurs when an attacker changes the format and/or timing of activities to avoid being detected by an IDPS. _________________________

False

To use a packet sniffer legally, an administrator only needs permission of the organization's top computing executive.

False

When using trap-and-trace, the trace usually consists of a honeypot or padded cell and an alarm. _________________________

False

Your organization's operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems.

False

Activities that scan network locales for active systems and then identify the network services offered by the host systems are known as __________.

fingerprinting

HIDPSs are also known as system integrity verifiers.

True

IDPS responses can be classified as active or passive.

True

In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.

True

In order to determine which IDPS best meets an organization's needs, first consider the organizational environment in technical, physical, and political terms.

True

Intrusion detection and prevention systems perform monitoring and analysis of system events and user behaviors.

True

Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.

True

Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems.

True

The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

True

The anomaly-based IDPS collects statistical summaries by observing traffic that is known to be normal.

True

To assist in footprint intelligence collection, attackers may use an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.

True

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a(n) honeynet. _________________________

True

Which of the following ports is commonly used for the HTTP protocol?

80

A(n) __________ IDPS is focused on protecting network information assets.

network-based

To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.

signatures

In TCP/IP networking, port __________ is not used.

0

__________ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.

HIDPSs

A fully distributed IDPS control strategy is an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component.

True

A(n) log file monitor is similar to an NIDPS. _________________________

True

Alarm events that are accurate and noteworthy but do not pose significant threats to information security are called noise. _________________________

True

An HIDPS can detect local events on host systems and detect attacks that may elude a network-based IDPS.

True

An HIDPS can monitor system logs for predefined events.

True

An IDPS can be configured to dial a phone number and produce an alphanumeric page or other type of signal or message.

True

Some vulnerability scanners feature a class of attacks called _________, that are so dangerous they should only be used in a lab environment.

destructive

Network behavior analysis system __________ sensors are typically intended for network perimeter use, so they are deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.

inline

A(n) __________ is a software program or hardware appliance that can intercept, copy, and interpret network traffic.

packet sniffer


Related study sets

PrepU Chapter 36: Immunodeficiency

View Set

Life, Health, and Variable Annuities

View Set

Chapter 7: Founding a Nation, 1783—1791

View Set

Superlist 50 - Descriptions 821-840

View Set