Intrusion Detection and Intro to Crytography (ch8, 2) Flashcards
Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.
True
To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.
True
An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.
False
A common location for a NIDS sensor is just inside the external firewall.
True
Network-based intrusion detection makes use of signature detection and anomaly detection.
True
Symmetric encryption is used primarily to provide confidentiality.
True
Two of the most important applications of public-key encryption are digital signatures and key management.
True
The secret key is one of the inputs to a symmetric-key encryption algorithm.
True
The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.
True
Public-key algorithms are based on simple operations on bit patterns.
False
A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
A. host-based IDS
B. security intrusion
C. network-based IDS
D. intrusion detection
A
_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
A. Profile based detection
B. Signature detection
C. Threshold detection
D. Anomaly detection
B
_______ involves the collection of data relating to the behavior of legitimate users over a period of time.
A. Profile based detection
B. Signature detection
C. Threshold detection
D. Anomaly detection
D
A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.
A. passive sensor
B. analysis sensor
C. LAN sensor
D. inline sensor
D
The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.
A. data source
B. sensor
C. operator
D. analyzer
D
On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.
A. one-fourth
B. half
C. two-thirds
D. three-fourths
B
If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .
A. use longer keys
B. use shorter keys
C. use more keys
D. use less keys
A
________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.
A. Cryptanalysis
B. Decryption
C. Message authentication
D. Collision resistance
C
The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.
A. secret key
B. digital signature
C. keystream
D. hash function
D
A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.
A. digital signature
B. keystream
C. one-way hash function
D. secret key
A
An intruder can also be referred to as a hacker or cracker.
True
Activists are either individuals or members of an organized crime group with a goal of financial reward.
False
Running a packer sniffer on a workstation to capture usernames and passwords is an example of intrusion.
True
Those who hack into computers do so for the thrill of it or for status.
False
Intruders typically use steps from a common attack methodology.
True
The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.
True
Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior.
False
An network IDS sensor monitors a copy of network traffic; the actual traffic does not pass through the device.
True
A Honeypot can be a workstation that a user uses for work.
False
There is no benefit of deploying a BIDS or Honeypot outside of the external firewall.
False
Cryptanalalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.
False
