CYB236 Chapter 7: Intrusion Detection Systems

What is an intrusion defined as?

Any set of actions that attempt to compromise the integrity of a resource
Any set of actions that attempt to compromise the confidentiality of a resource
Any set of actions that attempt to compromise the availability of a resource
Any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource (correct)

What type of intruder accesses data, programs, or resources for which access is not authorized?

Insider
Masquerader
Clandestine user
Misfeasor (correct)

What is a type of malicious software?

Virus
Trojan horse
MalWare
All of the above (correct)

What is a Clandestine user?

An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls (B) Signup and view all the answers

What is an example of an intrusion?

All of the above (D) Signup and view all the answers

What is a Masquerader?

An individual who penetrates a system’s access controls to exploit a legitimate user’s account (C) Signup and view all the answers

What type of intruder is referred to as a hacker or cracker?

An individual who attacks via communication links (B) Signup and view all the answers

What is a type of intruder who accesses resources for which access is authorized, but misuses privileges?

Misfeasor (A) Signup and view all the answers

What is an example of an intruder's behavior?

Running a packet sniffer (C) Signup and view all the answers

What is the primary motivation of hackers?

Thrill of access and/or status (B) Signup and view all the answers

What is the purpose of a Denial of Service (DOS) attack?

To prevent legitimate users from accessing a service (A) Signup and view all the answers

What is an example of a type of attack that can be countered with an intrusion detection system?

All of the above (D) Signup and view all the answers

What is an example of a type of malicious activity?

Distributing pirated software (C) Signup and view all the answers

What is the term for a malicious user who uses a fake IP address to send malicious packets?

Address spoofer (C) Signup and view all the answers

What is a consequence of benign intruders' actions?

Slow performance for legitimate users (B) Signup and view all the answers

What is a type of technology that can help counter hacker threats?

Virtual private network (VPN) technology (C) Signup and view all the answers

What is the primary function of Intrusion Detection Systems?

To provide real-time warning of unauthorized access attempts (B) Signup and view all the answers

Where are firewalls typically placed?

On the network perimeter (A) Signup and view all the answers

What is the purpose of Sensors in IDS?

To collect data from the network (B) Signup and view all the answers

What is the function of the Analyzer in IDS?

To determine if an intrusion has occurred (D) Signup and view all the answers

What is the input for a sensor in IDS?

Any part of a system that could contain evidence of an intrusion (A) Signup and view all the answers

What is the purpose of Reporting in IDS?

To generate conclusions and act on analysis results (D) Signup and view all the answers

What do Firewalls allow in IDS?

Only traffic to legitimate hosts and services (B) Signup and view all the answers

What is the typical placement of Intrusion Detection Systems?

Network perimeter (D) Signup and view all the answers

What is the purpose of the output of an IDS component?

To indicate that an intrusion has occurred (D) Signup and view all the answers

What is a key function of the user interface in an IDS?

To enable users to view output and control the system (C) Signup and view all the answers

What is a requirement for an IDS to operate?

Minimal human supervision (C) Signup and view all the answers

What should an IDS be able to do in case of system crashes?

Recover and re-initialize (D) Signup and view all the answers

What is a key security requirement for an IDS?

Resist subversion (C) Signup and view all the answers

What is a performance requirement for an IDS?

Impose a minimal overhead on the system (C) Signup and view all the answers

What should an IDS be able to do in terms of configuration?

Be configured according to the security policies of the system (B) Signup and view all the answers

What should an IDS be able to do in terms of scalability?

Scale to monitor a large number of hosts (D) Signup and view all the answers

What is a key feature of modern Intrusion Detection Systems?

Dynamic reconfiguration (B) Signup and view all the answers

What is the primary goal of an active response in IDS?

To drop connections and reconfigure network devices (A) Signup and view all the answers

What is a benefit of passive response in IDS?

Lower potential damage costs (A) Signup and view all the answers

What is the primary purpose of an analysis module in IDS?

To refine intrusion detection parameters and algorithms (A) Signup and view all the answers

What is an advantage of using signature detection in IDS?

It can detect unexpected application services (C) Signup and view all the answers

What is a common issue with multiple alarm types in IDS?

Deciding which alarm to investigate (D) Signup and view all the answers

What is the purpose of an Intrusion Detection System?

To detect potential intrusions and respond accordingly (B) Signup and view all the answers

What is an advantage of using anomaly detection in IDS?

It can detect denial of service attacks (B) Signup and view all the answers