CSCI 5200 FINAL PT- 1 CH13-CH17 || All Questions Answered Correctly.
3 views 0 purchase
Course
CSCI 5200
Institution
CSCI 5200
1. (p. 426) Network-based IDS (NIDS) examines activity on a system, such as a mail server or web server. (T/F) correct answers F
2. (p. 429) Context-based signatures match a pattern of activity based on the other activity around it, such as a port (T/F) correct answers T
3. (p. 430) Hostile a...
CSCI 5200 FINAL PT- 1 CH13-CH17 || All Questions
Answered Correctly.
1. (p. 426) Network-based IDS (NIDS) examines activity on a system, such as a mail server or
web server. (T/F) correct answers F
2. (p. 429) Context-based signatures match a pattern of activity based on the other activity
around it, such as a port (T/F) correct answers T
3. (p. 430) Hostile activity that does not match an IDS signature and goes undetected is called a
false positive. (T/F) correct answers F
4. (p. 442) Traffic that is encrypted will typically pass by an intrusion prevention system
untouched. (T/F) correct answers T
5. (p. 448) Performing cloud-based data loss prevention (DLP) is as simple as moving the
enterprise edge methodology to the cloud. (T/F) correct answers F
6. (p. 426) What does a host-based IDS monitor?
•A. Activity on an individual system
•B. Activity on the network itself
•C. A honeynet
•D. A digital sandbox correct answers •A. Activity on an individual system
•7. (p. 426) Which component of an IDS examines the collected network traffic and compares it
to known patterns of suspicious or malicious activity stored in the signature database?
•A. Traffic collector
•B. Analysis engine
•C. Signature database
•D. Examination collector correct answers •B. Analysis engine
•8. (p. 434) What is an advantage of a network-based IDS?he difference between misuse and
anomaly IDS models is
•A. An IDS can examine data after it has been decrypted.
•B. An IDS coverage requires fewer systems.
•C. An IDS can be very application specific.
•D. An IDS can determine whether or not an alarm may impact that specific system. correct
answers •B. An IDS coverage requires fewer systems.
•9. (p. 435) Which tool has been the de facto standard IDS engine since its creation in 1998?
•A. Squid
•B. Snort
•C. Bro
D. Suricata correct answers •B. Snort
, 10. (p. 439) What is an advantage of a host-based IDS?
•A. It can reduce false-positive rates.
•B. Its signatures are broader.
•C. It can examine data before it is decrypted.
•D. It is inexpensive to maintain in the enterprise. correct answers •A. It can reduce false-positive
rates.
•11. (p. 442) How does an IPS differ from an IDS?
•A. An IPS is passive and an IDS is active.
•B. An IPS uses heuristics and an IDS is signature-based.
•C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an alert.
•D. An IDS will block, reject, or redirect unwanted traffic; an IPS will only send an alert. correct
answers •C. An IPS will block, reject, or redirect unwanted traffic; an IDS will only send an
alert.
•12. (p. 444) A honeypot is sometimes called a(n) __________.
•A. antivirus packet
•B. SPAN
•C. digital sandbox
•D. firewall correct answers •C. digital sandbox
•13. (p. 446) __________ systems are a combination of hardware and software designed to
classify and analyze security data from numerous sources.
•A. Port scanning
•B. Honeypot
•C. Network security monitoring (NSM)
•D. Security information and event management (SIEM) correct answers •C. Network security
monitoring (NSM)
•14. (p. 450) Which of the following is a popular, open source protocol analyzer?
•A. Snort
•B. Suricata
•C. Bit Defender
•D. Wireshark correct answers •D. Wireshark
•15. (p. 451) Which tool is designed to probe a system for open ports?
•A. Web proxy
•B. Reverse scanner
•C. Port scanner
D. Open proxy correct answers •C. Port scanner
16. (p. 456) Which advanced malware tool assists security engineers in hunting down malware
infections based on artifacts that the malware leaves behind in memory?
•A. Snort
•B. Suricata
•C. Yara
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller FullyFocus. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.29. You're not tied to anything after your purchase.