Network Based Security PEs

Question 1

Fill in the blank: The IPS typically sits __________ and provides a layer of analysis that negatively selects for dangerous content.

Answer 1

behind the firewall

Question 2

Positioning an IDS inside the firewall will typically cover exploits that originate from inside your network targeting your hosts.

Answer 2

False they cover exploits from outside

Question 3

What are the two main types in Intrusion Detection Systems? (Use format: xxx and xxx)

Answer 3

signature based and heuristic

Question 4

Jim is a senior network administrator at a large company. Recently the company had suffered a breach costing nearly half a million dollars. Following the attack Jim’s company hired a cybersecurity firm to perform penetration tests on their network and the pentesters from the cybersecurity firm found several vulnerabilities to their network, and also noted the need for an IDS. After receiving the report from the cybersecurity firm, Jim implemented an independent IDS that identifies intrusions by examining network traffic and monitors multiple hosts. Which IDS category has Jim implemented in his network?

Answer 4

Network Intrusion Detection System

Question 5

Because traffic flows through an Intrusion Prevention System, very rarely does an IPS cause degradation in network performance.

Answer 5

False

Question 6

Jim is a senior network administrator at a large company. Recently the company had suffered a breach costing nearly half a million dollars. Following the attack Jim’s company hired a cybersecurity firm to perform penetration tests on their network and the pentesters from the cybersecurity firm found several vulnerabilities to their network and provided a report detailing ways to help fix these issues. One of the pentesters was able to modify several access control lists, and obtain password files without setting off any alarms. To make sure that this does not happen again, what category of IDS would help detect these actions in the future?

Answer 6

Host Intrusion Detection System

Question 7

Which type of Intrusion Detection System builds a model of acceptable behavior and flag exceptions to the model?

Answer 7

Heuristic

Question 8

Match the IPS functions with the appropriate definition: This approach requires administrators to configure security policies according to organizational security policies and the network infrastructure.

Answer 8

Policy Based

Question 9

Match the category of intrusion detection system with its definition: An agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, access control lists and so on).

Question 10

Match the IPS functions with the appropriate definition: Based on patterns that are known to be malicious. It also adds to the record every time something new that is a threat comes across.

Answer 10

Signature-Based Detection

Question 11

Match the category of intrusion detection system with its definition: VMIDS detects intrusions using virtual machine monitoring. By using this, we can deploy the intrusion detection system with virtual machine monitoring.

Answer 11

VM based Intrusion Detection System

Question 12

Match the category of intrusion detection system with its definition: Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures.

Answer 12

Perimeter-based Intrusion Detection System

Question 13

Fill in the blank: ________ is a device, typically another separate computer, that monitors activity to identify malicious or suspicious events.

Answer 13

Intrusion Detection System

Question 14

Match the IPS functions with the appropriate definition: This takes samples of network traffic at random and compares them to a pre-calculated baseline performance level.

Answer 14

Anomaly Detection

Question 15

Which type of Intrusion Detection System performs simple pattern-matching and report situations that match a pattern corresponding to a known attack type?

Answer 15

Signature Based

Question 16

True or False: The IPS actively analyzes and takes automated actions on all traffic flows that enter the network.

Answer 16

True

Question 17

What are the two categories of Signature-Based detection? (Use format xxx and xxx)

Answer 17

Vulnerability-facing, Exploit-facing signatures

Question 18

Jim is a senior network administrator at a large company. Recently Jim has implemented several Intrusion Prevention Systems within his network. Once the IPS’ were implemented Jim began noticing a severe degradation to the network. What is likely the reason why the network is in such a degraded state?

Answer 18

The IPS was not configured properly

Question 19

True or False: Most often an IDS is deployed behind the firewall on the edge of your network.

Answer 19

True

Question 20

Jim is a senior network administrator at a large company. Recently the company had suffered a breach costing nearly half a million dollars. Following the attack Jim’s company hired a cybersecurity firm to perform penetration tests on their network and the pentesters from the cybersecurity firm found several vulnerabilities to their network. After receiving the report on the penetration tests that took place, Jim decided to implement a device that would both monitor the network and detect when any adverse actions took place, but also wanted the device to stop dangerous actions from happening as well. Based on this use case, what should Jim implement that would meet this criteria?

Answer 20

Intrusion Prevention System

Question 21

Fill in the blank: _________ is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.

Question 22

Fill in the blank: _________ is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.

Answer 22

Intrusion Prevention System