Which of the following activities are considered passive in regards to the functioning of anintrusion detection system? (Select two.) |
Monitoring the audit trails on a server Listening to network traffic |
An active IDS system often performs which of the following actions? select two |
Update filters to block suspect traffic Perform reverse lookups to identify an intruder |
What does an IDS that uses signature recognition use for identifying attacks? |
Comparison to a database of know attacks |
Which of the following are security devices that perform stageful inspections of packet data, looking for patterns that indicate malicious code? select two |
IPS IDS |
Properly configured passive IDS and system audit logs are an integral part of a comprehensive security plan. What step must be taken to ensure that the information is useful in maintaining a secure environment? |
Periodic reviews must be conducted to detect malicious activity or policy violations. |
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet? |
IDS |
You are connected about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action when poosible to stop or prevent the attacks. |
IPS |
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. |
Host based IDS |
You are concerned about protecting your network from network-based attacks from the internet. Specifically, you are concerned about zero day attacks (attacks that have not yet been identified or that do not have prescribed protections.) |
Anomaly based IDS |
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network? |
Disconnect the intruder |
You have worked as a network Admin for a company for seven months. One day all picture files on the server become corrupted. |
Install a network virus detection software solution. |
Which of the following actions should you take to reduce the attack surface of a server? |
Disable unused services |
You want to make sure that a set of servers will only accept traffic for specific network services. You have verified that the servers are only running the necessary services, but you also want to make sure that the servers will not accept packets sent to those services. |
Port scanner |
Which of the following intrusion detection and prevention systems use fake resources to entice intruders by displaying a vulnerability, configuration flaw, or valuable data? |
honeypot |
What does a tarpit specifically do to detect and prevent intrusion into your network? |
Answer connection requests in such a way that the attacking computer is stuck for a period of time |
14.1.9 Practice exam
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price