CTC 452 Quiz 6

On a workstation or server
Where is a host-based IDPS agent typically placed?
An HIDPS can detect attacks not caught by an NIDPS
Which of the following is true about an NIDPS versus an HIDPS?
True
A weakness of a signature-based system is that it must keep state information on a possible attack.
Internet Gateway
Which of the following is NOT a typical IDPS component?
Baseline Detection
Which of the following is NOT a primary detection methodology?
Monitors OS and application logs
Which of the following is true about an HIDPS?
False
An IDPS consists of a single device that you install between your firewall and the Internet.
Communication between IDPS components should be encrypted
Which of the following is an IDPS security best practice?
System can detect attacks from inside the network by people with stolen accounts
What is an advantage of the anomaly detection method?
Inline Only
Which of the following is a sensor type that uses bandwidth throttling and alters malicious content?
False positives do not compromise network security
Which of the following is true about the steps in setting up and using an IDPS?
Packet Filter
Which of the following is NOT a method used by passive sensors to monitor traffic?
Identification
Which of the following is NOT a network defense function found in intrusion detection and prevention systems?
Each signature is assigned a number and name
Which of the following is an advantage of a signature-based detection system?
Hybrid
Which type of IDPS can have the problem of getting disparate systems to work in a coordinated fashion?
True
A hybrid IDPS combines aspects of NIDPS and HIDPS configuration
to allow a baseline of data to be compiled
Why might you want to allow extra time for setting up the database in an anomaly-based system?
heuristic
Which method for detecting certain types of attacks uses an algorithm to detect suspicious traffic, is resource intensive, and requires extensive tuning and maintenance?
the subnet mask is 255.255.0.0
If you see a /16 in the header of a snort rule, what does it mean?