Intrusion Detection and Intro to Crytography (ch8, 2) Flashcards

1
Q

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A common location for a NIDS sensor is just inside the external firewall.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Network-based intrusion detection makes use of signature detection and anomaly detection.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Symmetric encryption is used primarily to provide confidentiality.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Two of the most important applications of public-key encryption are digital signatures and key management.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The secret key is one of the inputs to a symmetric-key encryption algorithm.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The strength of a hash function against brute-force attacks depends on the length of the hash code produced by the algorithm.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Public-key algorithms are based on simple operations on bit patterns.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.

A. host-based IDS

B. security intrusion

C. network-based IDS

D. intrusion detection

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

A. Profile based detection

B. Signature detection

C. Threshold detection

D. Anomaly detection

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

_______ involves the collection of data relating to the behavior of legitimate users over a period of time.

A. Profile based detection

B. Signature detection

C. Threshold detection

D. Anomaly detection

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

A. passive sensor

B. analysis sensor

C. LAN sensor

D. inline sensor

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.

A. data source

B. sensor

C. operator

D. analyzer

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

On average, ________ of all possible keys must be tried in order to achieve success with a brute-force attack.

A. one-fourth

B. half

C. two-thirds

D. three-fourths

A

B

17
Q

If the only form of attack that could be made on an encryption algorithm is brute-force, then the way to counter such attacks would be to ________ .

A. use longer keys

B. use shorter keys

C. use more keys

D. use less keys

A

A

18
Q

________ is a procedure that allows communicating parties to verify that received or stored messages are authentic.

A. Cryptanalysis

B. Decryption

C. Message authentication

D. Collision resistance

A

C

19
Q

The purpose of a ________ is to produce a ?fingerprint? of a file, message, or other block of data.

A. secret key

B. digital signature

C. keystream

D. hash function

A

D

20
Q

A _________ is created by using a secure hash function to generate a hash value for a message and then encrypting the hash code with a private key.

A. digital signature

B. keystream

C. one-way hash function

D. secret key

A

A

21
Q

An intruder can also be referred to as a hacker or cracker.

A

True

22
Q

Activists are either individuals or members of an organized crime group with a goal of financial reward.

A

False

23
Q

Running a packer sniffer on a workstation to capture usernames and passwords is an example of intrusion.

A

True

24
Q

Those who hack into computers do so for the thrill of it or for status.

A

False

25
Q

Intruders typically use steps from a common attack methodology.

A

True

26
Q

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

A

True

27
Q

Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior.

A

False

28
Q

An network IDS sensor monitors a copy of network traffic; the actual traffic does not pass through the device.

A

True

29
Q

A Honeypot can be a workstation that a user uses for work.

A

False

30
Q

There is no benefit of deploying a BIDS or Honeypot outside of the external firewall.

A

False

31
Q

Cryptanalalytic attacks try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained.

A

False