Section 04: Security Applications and Devices Flashcards
Device or software application that monitors a system or network and analyzes the data passing through it in order to identify an incident or attack.
Intrusion Detection System
Name the two varieties of IDS.
- Host based intrusion detection system
- Network based intrusion detection system
Name the detection methods for IDS.
- Signature based
- Policy based
- Anomaly-based
What is signature based detection.
The system is looking for a specific string of bytes that will trigger the alert.
What is policy based detection.
Relies on specific declaration of the security policy.
Example: No telnet.
What is anomaly-based detection.
Analyzes the current traffic against an established baseline and triggers an alert if outside the statistical average.
Malicious activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
a. True positive
Legitimate activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
d. True Negative
Legitimate activity is identified as an attack.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
b. False Positive
Malicious activity is identified as legitimate traffic.
a. True Positive
b. False Positive
c. False Negative
d. True Negative
c. False Negative
IDS can only _____ and ____ on suspicious activity.
Alert and log
HIDS logs are used to _______________ after an attack has occurred.
recreate the events
Blocking of external files containing javascript, images, or web pages from loading in a web browser.
Content Filters
What is the best way to protect against threat actors who may use malicious ads.
Update the browser and extensions regularly.
Monitors the data of a system while in use, in transit, or at rest to detect attempts to steal the data.
Data Loss Prevention (DLP)