Lecture 10 Pt. 1

Question 1

What does IPS stand for?

Answer 1

Intrusion Prevention System

Question 2

What is the main function of an IDS is to _________ and _______ anomalous or malicious activity

Answer 2

To monitor and detect anomalous or malicious activity

Question 3

What is the main function of an Intrusion Prevention System (IPS)?

Answer 3

To detect and prevent malicious traffic

Question 4

Fill in the blank: An IDS is primarily a d______ solution.

Answer 4

diagnostic

Question 5

What are the two types of detection used by IDS and IPS?

Answer 5

• Signature-based detection
• Anomaly-based detection

Question 6

True or False: An IDS can block malicious traffic.

Answer 6

False

Question 7

What is the difference between a Network Intrusion Detection System (NIDS) and a Host Intrusion Detection System (HIDS)?

Answer 7

• NIDS monitors traffic across multiple sensor points
• HIDS is placed directly on devices to monitor traffic

Question 8

What action does an IPS take when it detects malicious traffic?

Answer 8

It can block and log the malicious traffic

Question 9

What does ‘Defense-in-Depth’ refer to in network security?

Answer 9

A strategy that uses multiple layers of security controls

Question 10

What are the actions that can be taken in Snort IDS mode?

Answer 10

• Alert
• Log
• Pass

Question 11

What additional action does an IPS take compared to IDS?

Answer 11

Block malicious traffic

Question 12

Fill in the blank: Anomaly-based IDS solutions detect threats based on _______ patterns.

Answer 12

suspicious behavior

Question 13

What is the purpose of Application Protocol-based Intrusion Detection Systems (APIDS)?

Answer 13

To monitor traffic across specific application layer protocols

Question 14

What does a Wireless Intrusion Prevention System (WIPS) monitor?

Answer 14

Wireless networks owned by an organization

Question 15

How does an IPS differ from an IDS in terms of response to threats?

Answer 15

IPS can autonomously stop threats before they cause damage

Question 16

True or False: IDS can operate without human intervention.

Answer 16

False

Question 17

What is the role of a Network Behavioral Analysis (NBA) system?

Answer 17

To detect anomalous behavior within network patterns

Question 18

‘signature-based detection’ uses ___-_______ signatures to identify known threats

Answer 18

It uses pre-existing signatures to identify known threats

Question 19

An ‘alert’ is triggered in IDS when potentially _ _ _ _ _ _ _ _ _ or _ _ _ _ _ _ _ _ _ _ _ activty is detected on the network or host

Answer 19

An alert is a message or notification triggered by the IDS when it detects potentially malicious or unauthorized activity on the network or host.

Question 20

Fill in the blank: An IPS typically operates in the same network location as a _______.

Answer 20

firewall

Question 21

What are some examples of IDS technologies mentioned?

Answer 21

• SNORT
• Cisco NGIDS/IPS
• Security Onion

Question 22

What does the term ‘malicious traffic’ refer to?

Answer 22

Traffic that is harmful or intended to compromise network security

Question 23

What is the purpose of a Web Application Firewall (WAF)?

Answer 23

To address specific web application attacks

Question 24

What kind of detection does a Protocol-based Intrusion Detection System (PIDS) perform?

Answer 24

A analyzes protocol-specific traffic for signs of misuse or anomaly.