Module 11

Question 1

What are zero-day attacks?

Answer 1

A cyberattack that tries to exploit software vulnerabilities that are unknown or undisclosed by the software vendor

Question 2

What can help to identify whether an exploit has occurred, the diagnostic features of the exploit, and the extent of the damage within the enterprise?

Answer 2

Logfiles generated by the devices at each layer

Question 3

How can the information gathered by log files help?

Answer 3

They help to inform measures taken in response to the exploit. Ex. Containment and mitigation

Question 4

Why was Intrusion Detection System (IDS) implemented?

Answer 4

To passively monitor the traffic on a network

Question 5

What does an IDS enabled device do?

Answer 5

It copies the traffic stream and analyzes the copied traffic rather than the actual forwarded packet

Question 6

When IDS works offline, what does it do?

Answer 6

It compares the captured traffic stream with known malicious signatures (similar to software that checks for viruses)

Question 7

Why is an IDS device physically positioned in the network?

Answer 7

The traffic needs to be mirrored in order to reach it

Question 8

Why might network traffic not pass through an IDS?

Answer 8

The traffic is not mirrored

Question 9

Is a lot or very little latency added to network traffic flow?

Answer 9

Very little

Question 10

What happens after traffic is monitored, logged, and maybe reported to the IDS with something malicious?

Answer 10

Nothing. The IDS does not take action