Intrusion Detection & Prevention Systems Flashcards

1
Q

Misuse-detection IDS looks for what?

A

Fingerprints of suspicious activity from an existing database of signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does Anomaly-detection IDS work? What is it also known as?

A

Compares the defined baseline of activity with the current state
AKA Heuristic/Behavioral

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Under what circumstances is an IDS unable to detect attacks?

A

If the attacks are carried out within encrypted traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An IDS is made up of what 3 components?

A

1) Sensores to detect
2) Console to control and configure sensors
3) Database that records events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IDS’s attached inside and outside the firewall give you the best security. TRUE or FALSE?

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An Active IDS is more commonly known as what?

A

Intrusion Prevention Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List the 3 passive IDS responses.

A

1) Logging
2) Notification - sends an alert
3) Shunning - ignoring the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

1) Changing Network Configuration - like closing ports
2) Terminating Sessions
3) Deception - using honeypot/honeynet

Are responses carried out by what device?

A

Intrusion Prevention Device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Where are host-based IDSs typically installed and why?

A

On Servers. Because they’re difficult to manage across several clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Host Based IDSs work by monitoring network traffic. TRUE or FALSE

A

FALSE. They monitor applications, system and event logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What other device apart from a firewall performs multiple security functions within the same appliance?

A

Unified Threat Management device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VPN concentrators can handle security for remote working users - true or false?

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly