Intrusion Detection and Intro to Crytography (ch8, 2)

Question 1

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

Answer 1

True

Question 2

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

Answer 2

True

Question 3

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

Answer 3

False

Question 4

A common location for a NIDS sensor is just inside the external firewall.

Answer 4

True

Question 5

Network-based intrusion detection makes use of signature detection and anomaly detection.

Answer 5

True

Question 6

Symmetric encryption is used primarily to provide confidentiality.

Answer 6

True

Question 7

Two of the most important applications of public-key encryption are digital signatures and key management.

Answer 7

True

Question 8

The secret key is one of the inputs to a symmetric-key encryption algorithm.

Answer 8

True

Question 9

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

Answer 9

True

Question 10

Public-key algorithms are based on simple operations on bit patterns.

Answer 10

False

Question 11

A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

A. host-based IDS

B. security intrusion

C. network-based IDS

D. intrusion detection

Answer 11

A

Question 12

_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

A. Profile based detection

B. Signature detection

C. Threshold detection

D. Anomaly detection

Answer 12

B

Question 13

_______ involves the collection of data relating to the behavior of legitimate users over a period of time.

A. Profile based detection

B. Signature detection

C. Threshold detection

D. Anomaly detection

Answer 13

D

Question 14

A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

A. passive sensor

B. analysis sensor

C. LAN sensor

D. inline sensor

Answer 14

D

Question 15

The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

A. data source

B. sensor

C. operator

D. analyzer

Answer 15

D

Question 16

On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.

A. one-fourth

B. half

C. two-thirds

D. three-fourths

Answer 16

B

Question 17

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .

A. use longer keys

B. use shorter keys

C. use more keys

D. use less keys

Answer 17

A

Question 18

________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

A. Cryptanalysis

B. Decryption

C. Message authentication

D. Collision resistance

Answer 18

C

Question 19

The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.

A. secret key

B. digital signature

C. keystream

D. hash function

Answer 19

D

Question 20

A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

A. digital signature

B. keystream

C. one-way hash function

D. secret key

Answer 20

A

Question 21

An intruder can also be referred to as a hacker or cracker.

Answer 21

True

Question 22

Activists are either individuals or members of an organized crime group with a goal of financial reward.

Answer 22

False

Question 23

Running a packer sniffer on a workstation to capture usernames and passwords is an example of intrusion.

Answer 23

True

Question 24

Those who hack into computers do so for the thrill of it or for status.

Answer 24

False

Question 25

Intruders typically use steps from a common attack methodology.

Answer 25

True

Question 26

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

Answer 26

True

Question 27

Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior.

Answer 27

False

Question 28

An network IDS sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

Answer 28

True

Question 29

A Honeypot can be a workstation that a user uses for work.

Answer 29

False

Question 30

There is no benefit of deploying a BIDS or Honeypot outside of the external firewall.

Answer 30

False

Question 31

Cryptanalalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

Answer 31

False