FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.

A) baseline
B) clipping level
C) radius
D) sensor range

E) A) and B)
F) None of the above

Correct Answer

verified

Show Answer

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

Blacklists and whitelists are most commonly used in ____ detection and stateful protocol analysis.

A) blacklist
B) signature-based
C) statistical anomaly-based
D) behavior-based

E) A) and D)
F) B) and C)

Correct Answer

verified

Show Answer

Question 3

Essay

Review LaterAdd Note

Define enticement and entrapment and compare the two.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The process of reducing IDPS events in order to receive a better confidence in the alerts received.

____ applications use a combination of techniques to detect an intrusion and trace it back to its source.

What does the tcpdump host 192.168.1.100 command do?

List four problems a wireless IDPS can help detect.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The failure of an IDPS to react to an actual attack event.

The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.

List three disadvantages of using a honeypot approach.

When a collection of honeypots connects several honeypot systems on a subnet, it may be called a ____.

The first hurdle a potential IDPS must clear is functioning in your systems environment.

A sniffer can decipher encrypted traffic.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing both false positives and false negatives.

Under the guise of justice, some less scrupulous administrators may even be tempted to ____, or hack into a hacker's system to find out as much as possible about the hacker.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -A value that sets the limit between normal and abnormal behavior.

List three advantages of operational NIDPSs.

By default, tcpdump will just print ____ information.

Match each item with a statement below. a.Alert f.False positive b.Confidence g.Filtering c.Evasion h.Tuning d.Events i.Thresholds e.False negative -An alert or alarm that occurs in the absence of an actual attack.

Which tcpdump option specifies the number of packets to capture?