What actions can a typical passive Intrusion Detection System Take when it detects an attacks? (select two) |
1. An alert is generated and delivered via e-mail, the console, or SNMP trap. 2. The IDS logs all pertinent data about the intrusion. |
A honey pot is used for what purpose? |
To delay intruders in order to gather auditing data |
An active IDS system often performs which of the following actions? (Select two) |
1. Perform reverse lookups to identify an intruder 2. Update filters to block suspect traffic |
You have just installed a new network-based IDS system that uses signature recognition. What should you do on a regular basis? |
Update the signature files |
What do host based intrusion detection system often rely upon to perform their detection activities? |
Host system auditing capabilities |
You want to create a collection of computers on your network that appear to have valuable data, but are really computers configured with fake data that could entice a potential intruder. Once the intruder connects, you want to be able to observe and gather information about the methods of attack that are being deployed. What should you implement? |
Honeynet |
What security mechanism can be used to detect attacks originating on the internet or from within an internal trusted subnet? |
IDS |
Which of the following activities are considered passive in regards to the functioning of an intrusion detections system?(Choose two) |
1. Monitoring the audit trails on a server 2. Listening to network traffic |
You are concerned about protection your network from network-based attacks from the Internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use? |
Anomaly based IDS |
Which of the following devices is capable of detecting and responding to security threats? |
IPS |
Which IDS method searches for intrusion or attack attempt by recognizing patterns or identities listed in a database? |
Signature based |
Which of the following describes a false positive when using an IPS device? |
Legitimate traffic being flagged as malicious |
What is the most common form of host based IDS that employs signature or pattern matching detection methods? |
Anti-virus software |
You have configured a NIDS to monitor network traffic. Which of the following describes an attack that is NOT detected by the NIDS device? |
False Negative |
IF maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network? |
Disconnect the intruder |