40 Questions
What is a consequence of an unattended workstation being used by an intruder?
Consumption of resources and slowed performance
What is the primary motivation of hackers?
Thrisk of access and/or status
What is the goal of a Denial of Service (DOS) attack?
To prevent legitimate users of a service from using that service
What is an intrusion defined as?
Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource
What is a Masquerader?
An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account
What is an example of a malicious user using a fake IP address?
Address spoofing
What is a Clandestine user?
An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
What is the purpose of an Intrusion Prevention System (IPS)?
To detect intrusions
What is a Misfeasor?
A legitimate user who accesses data, programs, or resources for which such access is not authorized
What is an example of a type of malicious software?
Virus
What is a reason why an unsecured modem can be a security risk?
It can be used to access internal networks
What is an Insider attack?
An attack by a person with authorized access to the system
What is a Cracker?
Malicious software that attacks a system
What is the term for organized groups of hackers?
Criminal hackers
What is a type of Insider attack?
All of the above
What is a common target of criminal hackers on e-commerce servers?
Credit card files
What is a Hacker?
A person who attacks a system via communication links
Why are insider attacks particularly challenging to detect and prevent?
Because employees have access and knowledge of systems
What can be used to detect and prevent insider attacks?
IDS / IPS systems, enforcement of least privilege, monitoring of logs, and strong authentication
What motivates insiders to carry out attacks?
Revenge or entitlement
What should sensitive data be protected with?
Encryption
What is a security incident where an intruder gains unauthorized access to a system?
Security intrusion
What is a common characteristic of criminal hackers?
They act quickly once they penetrate a system
Why are IDS / IPS systems less effective against criminal hackers?
They are less effective against targeted attacks
What is the primary purpose of an Intrusion Detection System?
To detect and provide warnings of unauthorized access attempts
What is the primary function of a Sensor in an IDS?
To collect data from the network and forward it to the analyzer
What is the role of an Analyzer in an IDS?
To determine if an intrusion has occurred
What type of input can a Sensor receive in an IDS?
Any part of a system that could contain evidence of an intrusion
What is the purpose of the Reporting function in an IDS?
To generate conclusions and act on analysis results
What is the primary difference between an IDS and a Firewall?
IDS detects attacks, while Firewalls prevent them
What is the primary benefit of using an IDS in addition to a Firewall?
To add an additional layer of security
What are the three logical components of an IDS?
Sensors, Analyzers, and Reporters
What is the primary purpose of the output of an IDS component?
To indicate that an intrusion has occurred
What is a key characteristic of an IDS's user interface?
It may be equivalent to a manager, director, or console component
Which of the following is NOT a requirement for an IDS?
It must be able to predict future intrusions
What is the primary purpose of an IDS's ability to resist subversion?
To ensure the IDS can monitor itself and detect modifications
What is the consequence of an IDS's ability to provide graceful degradation of service?
If some components of the IDS stop working, the rest will be affected as little as possible
What is a key benefit of an IDS's ability to adapt to changes in system and user behavior over time?
It can better respond to changing security threats
What is a key requirement for an IDS in terms of its operation?
It must be able to run continually with minimal human supervision
What is the primary purpose of an IDS's ability to be configured according to the security policies of the system being monitored?
To ensure the IDS is aligned with the system's security policies
Test your knowledge of intrusion detection systems, including types of IDS, attacks, and behaviors. Learn about the basic components and requirements of IDS, as well as classification and techniques.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free