Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

comptia security + (sy0-701) > Section 16.149 IDS and IPS > Flashcards

Section 16.149 IDS and IPS Flashcards

Objective 3.2 Given a scenario, you must be able to apply security principles to secure enterprise architecture. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security

1
Q

Key difference iDS V IPS

Intrusion Detection Systems (IDS)

A

Logs and alerts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Key Difference IDS V IPS

Intrusion prevention systems (IPS)

A

Logs, alerts, and takes action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Network Intrusion Detection Systems (NIDS)

A

Responsible for detecting unauthorised network access or attacks

These Systems are designed to either verify, itemise, categorise and report ona threat.

Only detects and reports doesn’t prevent attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3 Types of Intrusion Detection Systems (IDS)

Network-based IDS (NIDS)

A

Monitors the traffic coming in and out of a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 Types of Intrusion Detection Systems (IDS)

Host-based IDS (HIDS)

A

Looks at suspicious network traffic going to or from a single or endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 Types of Intrusion Detection Systems (IDS)

Wireless IDS (WIDS)

A

Detects attempts to cause a denial of a service on a wireless network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Signature-based IDS

Intrusion detection systems operate either using signature-based or anomaly-based detection algorithms

A

Analyses traffic based on defined signatures and can only recognise attacks based on previously identified attacks in its database

Pattern-matching:
● Specific pattern of steps recognised during an attack
● NIDS, WIDS

Stateful-matching:
● Known system baseline
● HIDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Anomaly-based IDS

Intrusion detection systems operate either using signature-based or anomaly-based detection algorithms

A

Analyses traffic and compares it to a normal baseline of traffic to determine whether a threat is occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IPS and IDS placement

A

For a network IPS, we want to have the device placed right near the border of the network, right behind your firewall. That way, we have all the traffic funneling right through it so it can stop and block things as needed.

A NIDS, on the other hand,
should be attached through a mirrored port off the backbone switch. This way, it can analyze all the traffic in a passive manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

comptia security + (sy0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions