IS4560 T&D CH 15

Question 1

• A detection method based on detecting activity that deviates from established normal behavior.

Answer 1

Anomaly detection

Question 2

• A collection of multiple honeypots in a network for the purposes of luring and trapping hackers.

Answer 2

Honeynet

Question 3

• A closely monitored system that usually contains a large number of files that appears to be valuable or sensitive, and serves as a trap for hackers. This distracts hackers from real targets, detects new exploitations, and learns the identities of hackers.

Answer 3

Honeypot

Question 4

• A software application that is designed to detect unusual activity on an individual system and report or log this activity as appropriate.

Answer 4

Host-based intrusion detection system (HIDS)

Question 5

• The unauthorized use or access of a system by an individual, party, or service. Simply put, this is any activity that should not occur on an information system, but is.

Answer 5

Intrusion

Question 6

• The technique of uncovering successful or attempted unauthorized access to an information system.

Answer 6

Intrusion detection

Question 7

• The improper use of privileges or resources within an organization; not necessarily malicious in nature, but misuse all the same.

Answer 7

Misuse

Question 8

• The ability to detect activity that matches known misuse of resources or privileges.

Answer 8

Misuse detection

Question 9

• A software application designed to detect and report suspicious or unusual activity on a network segment.

Answer 9

Network-based intrusion detection system (NIDS)

Question 10

• A technique that compares sniffed traffic or other activity with that stored in a database for comparison.

Answer 10

Signature Analysis