FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 7: Security Technology: Intrusion Detection and Prevention Systems, and Other Security Tools

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 51

True/False

Review LaterAdd Note

Review Later

Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.

Correct Answer

verified

Show Answer

Question 52

True/False

Review LaterAdd Note

Review Later

A(n) event is an indication that a system has just been attacked or is under attack. _________________________

Correct Answer

verified

Show Answer

Question 53

Short Answer

Review LaterAdd Note

Three methods dominate IDPS detection methods: the ____________________-based approach, the statistical anomaly-based approach, and the stateful packet inspection approach.

HIDPSs are also known as system integrity verifiers.

Which of the following ports is commonly used for the HTTP protocol  

Alarm ____________________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm.

A(n) __________ is an event that triggers an alarm when no actual attack is in progress.

List and describe the four advantages of HIDPSs.

Which of the following is NOT a described IDPS control strategy  

Services using the TCP/IP protocol can run only on their commonly used port number as specified in their original Internet standard.

Intrusion detection and prevention systems can deal effectively with switched networks.

The activities that gather public information about the organization and its network activities and assets is called fingerprinting. _________________________

In ____________________ protocol verification, the higher-order protocols are examined for unexpected packet behavior or improper use.

Alarm filtering may be based on combinations of frequency, similarity in attack signature, similarity in attack target, or other criteria that are defined by the system administrators. _________________________

Security tools that go beyond routine intrusion detection include honeypots, honeynets, and padded cell systems.

In the process of protocol application verification, the NIDPSs look for invalid data packets. _________________________

A(n) server-based IDPS protects the server or host's information assets. _________________________

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of both server and client software.

A(n) log file monitor is similar to an NIDPS. _________________________

__________ is the process of classifying IDPS alerts so that they can be more effectively managed.