Intrusion Detection

Question 1

_______ tries to stop intrusion from happening(Firewall or IDS)

Answer 1

firewallP2 L4

Question 2

_______ tries to evaluate an intrusion after it has happened(Firewall or IDS)

Answer 2

IDSP2 L4

Question 3

_______ watches for intrusions that start within the system(Firewall or IDS)

Answer 3

IDSP2 L4

Question 4

_______ limits access between networks to prevent intrusion

Answer 4

FirewallP2 L4

Question 5

An intruder can also be referred to as a hacker or cracker

Answer 5

trueP2 L4

Question 6

Activists are either individuals or members of an organized crime group with a goal of financial reward

Answer 6

falseP2 L4

Question 7

Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion

Answer 7

trueP2 L4

Question 8

Those who hack into computer do so for the thrill of it or for status

Answer 8

falseP2 L4

Question 9

Intruders typically use steps from a common attack methodology

Answer 9

trueP2 L4

Question 10

This backdoor is hard to detect because it modifies machine code

Answer 10

Object code backdoorsP2 L4

Question 11

This backdoor can only be used by the person who created it, even if it is discovered by others

Answer 11

Asymmetric backdoorsP2 L4

Question 12

This backdoor inserts backdoors into other programs during compilation

Answer 12

Compiler backdoorsP2 L4

Question 13

The longer an anomaly detection system is in use, the more it learns about network activity

Answer 13

trueP2 L4

Question 14

If malicious activity looks like normal traffic to the anomaly detection system, it will not detect an attack

Answer 14

trueP2 L4

Question 15

False positives from an anomaly detection system can become a problem, normal usage can be mistaken for an attack

Answer 15

trueP2 L4

Question 16

With signature based detection, new threats can be detected immediately

Answer 16

falseP2 L4

Question 17

With signature based detection, when a new virus is identified, it must be added to the signature databases

Answer 17

trueP2 L4

Question 18

Signature-based detection systems can only detect an intrusion attempt if it matches a pattern that is in the database

Answer 18

trueP2 L4

Question 19

Which of the following could be considered an anomaly to a typical networkA) An IP addressB) A port addressC) Packet lengthD) Flag setting

Answer 19

All of themP2 L4

Question 20

with _________, any action that does not fit the normal behavior profile is considered an attack

Answer 20

statistical intrusion detectionP2 L4

Question 21

with _________, any action that is not classified as normal is considered to be an attack

Answer 21

knowledge based intrusion detectionP2 L4

Question 22

_______ anomaly detection detects attacks similar to past attacks

Answer 22

machine learning intrusion detectionP2 L4

Question 23

One of the weaknesses of anomalous intruder detection is that a system must learn what is normal behavior. WHile it is learning this, the network is vulnerable to attack. What can be done to mitigate this weakness?

Answer 23

use a firewall.P2 L4

Question 24

In the thriving 0-day attack marketplace hackers sell information on software vulnerabilities. Can you guess some of the buyers?A) AppleB) Google C) Microsoft,D) U.S. Government

Answer 24

allP2 L4

Question 25

with a(n) _______ attack, an attacker sends various kinds of packets to probe a system or network for vulnerability that can be exploited

Answer 25

scanning attackP2 L4

Question 26

with a(n) _______ attack, the attack attempts to slow down or completely shut down a target so as to disrupt the service for legitimate users

Answer 26

DOSP2 L4

Question 27

with a(n) _______ attack, an attacker gains unauthorized control of a system

Answer 27

penetrationP2 L4

Question 28

Can you think of a way to reduce the impact of excessive reporting on a system's administrator?

Answer 28

Prioritize the alertsP2 L4

Question 29

Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified

Answer 29

trueP2 L4

Question 30

The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts.

Answer 30

trueP2 L4

Question 31

Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior

Answer 31

falseP2 L4

Question 32

A network IDS sensor monitors a copy of network traffic, the actual traffic does not pass through the devices

Answer 32

trueP2 L4

Question 33

Network-based intrusion detection can make use of signature detection and anomaly detection

Answer 33

trueP2 L4

Question 34

When using sensors, which of the following is considered good practice?A) Set the IDS level to the highest sensitivity to detect every attackB) Monitor both outbound and inbound trafficC) Use a shared network resource to gather NIDS dataD) NIDS sensors are not turnkey solutions, system administrators must interpret alerts

Answer 34

B) monitor both outbound and inbound trafficD) NIDS sensors are not turnkey solutions, system administrators must interpret alertsP2 L4

Question 35

A common location for a NIDS sensor is just inside the external firewall

Answer 35

trueP2 L4

Question 36

A honeypot can be a workstation that a user uses for work

Answer 36

falseP2 L4

Question 37

There is no benefit of deploying a NIDS or honeypot outside of the firewall

Answer 37

falseP2 L4

Question 38

To improve detection performance, an IDS should reduce false alarm rate while detecting as many intrusions as possible

Answer 38

trueP2 L4

Question 39

to improve detection performance, an IDS should apply detection models at all unfiltered packet data directly.

Answer 39

falseP2 L4

Question 40

to improve detection performance, an IDS should apply detection models at processed event data that has higher base rate

Answer 40

trueP2 L4

Question 41

To defeat an IDS, attackers can send a huge amount of traffic

Answer 41

trueP2 L4

Question 42

To defeat an IDS, attackers can embed attack in packets which cause non-uniform processing by different operating systems, e.g. bad checksum, overlapping fragments

Answer 42

trueP2 L4

Question 43

To defeat an IDS, attackers can send traffic that purposely matches detection rules

Answer 43

trueP2 L4

Question 44

To defeat an IDS, attackers can send a packet that would trigger a buffer-overload in the IDS code

Answer 44

true P2 L4