25 Questions
What is the primary function of a host-based IDPS?
Monitoring the characteristics of a single host and the events occurring within that host for suspicious activity
What type of IDPS is designed to monitor a specific application service only?
Application-based IDPS
What is the primary role of an Agent in a host-based IDPS?
To monitor activity on a single host and perform prevention actions
Where are Agents typically deployed in a host-based IDPS?
On existing hosts on the organization's networks
What type of host-based IDPS is designed to monitor users' hosts?
Client-based IDPS
What is monitored by a server-based IDPS?
The operating system (OS) and common applications
How do components communicate in a host-based IDPS?
Over the same networks as the hosts they are monitoring
What is the primary advantage of a host-based IDPS?
Enhanced protection of individual hosts
What is the primary purpose of a shim in host-based IDPS?
To intercept and analyze system calls
What type of information is typically NOT logged by host-based IDPSs?
System resource usage
Which of the following is NOT a type of event detected by host-based IDPSs?
System Rebooting
What is a limitation of host-based IDPSs?
Conflict with existing security controls
What is the primary function of Code Analysis in host-based IDPSs?
To prevent code from being executed
Which of the following is a security capability of host-based IDPSs?
Network configuration monitoring
What is a benefit of using shims in host-based IDPSs?
Ability to alter internal architecture of hosts
What is a type of event that can be detected by host-based IDPSs?
Code execution
What is the primary purpose of network traffic filtering?
To prevent unauthorized access and acceptable use policy violations
What is the purpose of Filesystem Monitoring?
To prevent files from being accessed, modified, replaced, or deleted
What is the purpose of Removable Media Restriction?
To prevent malware from being transferred or copied to or from the host
What is the purpose of Audiovisual Device Monitoring?
To indicate if the host has been compromised
What is the purpose of Host Hardening?
To detect the disability of security functions and enable it again
What is the purpose of Process Status Monitoring?
To monitor the status of processes or services and the status of security programs
What is the purpose of Network Traffic Sanitization?
To sanitize network traffic and prevent sensitive information display
What is unique about updating agents in host-based IDPSs?
It is related to the type of operating system on which it is deployed
What do most host-based IDPSs offer in terms of management capabilities?
Similar management capabilities
Test your knowledge of host-based intrusion detection systems and prevention, including their components, architecture, and management. Learn about the capabilities and taxonomy of anomaly detection IDS and exchange systems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free