CHAPTER 8 Flashcards
(30 cards)
An intruder can also be referred to as a hacker or cracker.
T
Activists are either individuals or members of an organized crime
group with a goal of financial reward
F
Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion
T
Those who hack into computers do so for the thrill of it or for status
T
Intruders typically use steps from a common attack methodology
T
The IDS component responsible for collecting data is the user interface.
F
Intrusion detection is based on the assumption that the behavior of the
intruder differs from that of a legitimate user in ways that can be quantified.
T
The primary purpose of an IDS is to detect intrusions, log suspicious
events, and send alerts.
T
Signature-based approaches attempt to define normal, or expected,
behavior, whereas anomaly approaches attempt to define proper behavior
F
Anomaly detection is effective against misfeasors
F
To be of practical use an IDS should detect a substantial percentage of
intrusions while keeping the false alarm rate at an acceptable level.
T
An inline sensor monitors a copy of network traffic; the actual traffic
does not pass through the device
F
A common location for a NIDS sensor is just inside the external
firewall.
T
Network-based intrusion detection makes use of signature detection
and anomaly detection
T
Snort can perform intrusion prevention but not intrusion detection.
F
- _________ are either individuals or members of a larger group of outsider attackers who are motivated by social or political causes.
A. State-sponsored organizations B. Activists
C. Cyber criminals D. Others
Activists
A _________ is a security event that constitutes a security incident in which an intruder gains access to a system without having authorization to do so.
A. intrusion detection B. IDS
C. criminal enterprise D. security intrusion
security intrusion
A _________ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.
A. host-based IDS B. security intrusion
C. network-based IDS D. intrusion detection
host-based IDS
A ________ monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity.
A. host-based IDS B. security intrusion
C. network-based IDS D. intrusion detection
network-based IDS
The ________ is responsible for determining if an intrusion has occurred.
A. analyzer B. host
C. user interface D. sensor
analyzer
__________ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.
A. Profile based detection B. Signature detection
C. Threshold detection D. Anomaly detection
Signature detection
_________ involves the collection of data relating to the behavior of legitimate users over a period of time.
A. Profile based detection B. Signature detection
C. Threshold detection D. Anomaly detection
Anomaly detection
A (n) __________ is a hacker with minimal technical skill who primarily uses existing attack toolkits.
A. Master B. Apprentice
C. Journeyman D. Activist
Apprentice
The _________ module analyzes LAN traffic and reports the results to the central manager.
A. LAN monitor agent B. host agent
C. central manager agent D. architecture agent
LAN monitor agent
