M7Q32: IDS & IPS Flashcards
An IDS is a device that is placed on the edge of the network.
A. True
B. False
B. False
Explanation: Firewalls run on the edge of a network whereas IDS and IPS devices run from inside the network to identify and prevent unauthorized traffic that makes it through the firewall.
A ______________ actively defends a network by both detecting and preventing attacks.
A. Host-based IDS
B. Network-based IDS
C. Host-based IPS
D. Network-based IPS
D. Network-based IPS
Explanation: Switches learn the MAC address of connected hosts and keep them stored in the MAC address table.
The main difference between an IDS and an IPS is that an IDS only performs intrusion detection and alerting, while an IPS performs detection, alerting, and prevention.
A. True
B. False
A. True
Explanation: An IDS (Intrusion Detection System) only does detection and alerting while an IPS (Intrusion Prevention System) performs detection, alerting, and also stops attacks.
An IPS is only security device needed to actively protect a network.
A. True
B. False
B. False
Explanation: While an IPS is a strong addition to the security of a network it cannot be used alone. IDS and IPS must be integrated into an overall network security solution that also includes things like firewalls, anti-malware, secure authentication mechanisms, router and switch security, secure networking protocols, network access control, and physical security.