Network Based Security Flashcards

1
Q

The IPS typically sits __________ and provides a layer of analysis that negatively selects for dangerous content.

A

directly behind firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network
Host-based

VM-based

Perimeter-based

These are all categories of what?

Intrusion Protection System
Snort
Intrusion Detection System
Social Engineering

A

Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False: Positioning an IDS inside the firewall will typically cover exploits that originate from inside your network targeting your hosts.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Jim is a senior network administrator at a large company. Recently the company had suffered a breach costing nearly half a million dollars. Following the attack Jim’s company hired a cybersecurity firm to perform penetration tests on their network and the pentesters from the cybersecurity firm found several vulnerabilities to their network, and also noted the need for an IDS. After receiving the report from the cybersecurity firm, Jim implemented an independent IDS that identifies intrusions by examining network traffic and monitors multiple hosts. Which IDS category has Jim implemented in his network?

A

Network Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True or False: Because traffic flows through an Intrusion Prevention System, very rarely does an IPS cause degradation in network performance.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Jim is a senior network administrator at a large company. Recently the company had suffered a breach costing nearly half a million dollars. Following the attack Jim’s company hired a cybersecurity firm to perform penetration tests on their network and the pentesters from the cybersecurity firm found several vulnerabilities to their network and provided a report detailing ways to help fix these issues. One of the pentesters was able to modify several access control lists, and obtain password files without setting off any alarms. To make sure that this does not happen again, what category of IDS would help detect these actions in the future?

A

Host-Based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of Intrusion Detection System builds a model of acceptable behavior and flag exceptions to the model?

A

Hueristic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Match the IPS functions with the appropriate definition: This approach requires administrators to configure security policies according to organizational security policies and the network infrastructure.

Anomaly Detection
Signature-Based Detection
Perimeter-Based Detection
Policy-Based

A

Policy-Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Match the category of intrusion detection system with its definition: An agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability databases, access control lists and so on) and other host activities and state.

Perimeter-based Intrusion Detection System
Network Intrusion Detection System
Host-based Intrusion Detection System
VM based Intrusion Detection System

A

Host-based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Match the IPS functions with the appropriate definition: Based on patterns that are known to be malicious. It also adds to the record every time something new that is a threat comes across.

Perimeter-Based Detection
Signature-Based Detection
Policy-Based
Anomaly Detection

A

Signature-Based Detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Match the category of intrusion detection system with its definition: VMIDS detects intrusions using virtual machine monitoring. By using this, we can deploy the intrusion detection system with virtual machine monitoring.

Host-based Intrusion Detection System
VM based Intrusion Detection System
Perimeter-based Intrusion Detection System
Network Intrusion Detection System

A

VM based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False: Much like an IDS, firewalls can also detect and alert when an attack takes place.

True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True or False: When first implementing a IPS on a network it is best to have it set up on the strictest settings allowed until healthy behavior is identified.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Match the category of intrusion detection system with its definition: Detects and pinpoints the location of intrusion attempts on perimeter fences of critical infrastructures.

Perimeter-based Intrusion Detection System
Host-based Intrusion Detection System
Network Intrusion Detection System
VM based Intrusion Detection System

A

Perimeter-based Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Fill in the blank: ________ is a device, typically another separate computer, that monitors activity to identify malicious or suspicious events.

A

Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Match the IPS functions with the appropriate definition: This takes samples of network traffic at random and compares them to a pre-calculated baseline performance level.

Anomaly Detection
Perimeter-Based Detection
Signature-Based Detection
Policy-Based

A

Anomaly Detection

17
Q

Which type of Intrusion Detection System performs simple pattern-matching and report situations that match a pattern corresponding to a known attack type?

A

Signature based

18
Q

True or False: The IPS actively analyzes and takes automated actions on all traffic flows that enter the network.

True
False

A

True

19
Q

What are the two categories of Signature-Based detection? (Use format xxx xxx and xxx xxx)

A

Exploit facing and Vulnerability facing

20
Q

Jim is a senior network administrator at a large company. Recently Jim has implemented several Intrusion Prevention Systems within his network. Once the IPS’ were implemented Jim began noticing a severe degradation to the network. What is likely the reason why the network is in such a degraded state?

The IPS was not configured properly
Too Many Users
Firewalls are interfering with the IPS
Tiny ogres are destroying the system

A

The IPS was not configured properly

21
Q

True or False: Most often an IDS is deployed behind the firewall on the edge of your network.

True
False

A

True

22
Q

After receiving the report on the penetration tests that took place, Jim decided to implement a device that would both monitor the network and detect when any adverse actions took place, but also wanted the device to stop dangerous actions from happening as well. Based on this use case, what should Jim implement that would meet this criteria?

A

IPS

23
Q

_________ is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.

A

IPS

24
Q

True or False: When an IDS detects malicious software or suspicious actions it immediately reacts by stopping the actions or malware from executing in order to protect the network.

True
False

A

False: IPS takes active action

25
Q

Which is NOT one of the three categories that heuristic intrusion detection activity can be categorized as?

Good/Benign
Suspicious
Unknown
Dangerous

A

Dangerous

26
Q

Which is NOT one of the four main components of an IDS:

Database (Knowledge)
Database (Configuration)
Database (Sensor)
Detection Engine (Sensor)

A

Database (Sensor)

27
Q

True or False: Placing the IPS behind the firewall reduces the number of alerts and allows for better data about potential security violations.

True
False

A

True