CYB236 Chapter 8: Host-based Intrusion Detection Systems
25 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary function of a host-based IDPS?

  • Analyzing system logs
  • Monitoring network traffic
  • Monitoring the characteristics of a single host and the events occurring within that host for suspicious activity (correct)
  • Scanning for viruses and malware
  • What type of IDPS is designed to monitor a specific application service only?

  • Application-based IDPS (correct)
  • Server-based IDPS
  • Network-based IDPS
  • Client-based IDPS
  • What is the primary role of an Agent in a host-based IDPS?

  • To monitor activity on a single host and perform prevention actions (correct)
  • To perform prevention actions
  • To analyze system logs
  • To monitor network traffic
  • Where are Agents typically deployed in a host-based IDPS?

    <p>On existing hosts on the organization's networks</p> Signup and view all the answers

    What type of host-based IDPS is designed to monitor users' hosts?

    <p>Client-based IDPS</p> Signup and view all the answers

    What is monitored by a server-based IDPS?

    <p>The operating system (OS) and common applications</p> Signup and view all the answers

    How do components communicate in a host-based IDPS?

    <p>Over the same networks as the hosts they are monitoring</p> Signup and view all the answers

    What is the primary advantage of a host-based IDPS?

    <p>Enhanced protection of individual hosts</p> Signup and view all the answers

    What is the primary purpose of a shim in host-based IDPS?

    <p>To intercept and analyze system calls</p> Signup and view all the answers

    What type of information is typically NOT logged by host-based IDPSs?

    <p>System resource usage</p> Signup and view all the answers

    Which of the following is NOT a type of event detected by host-based IDPSs?

    <p>System Rebooting</p> Signup and view all the answers

    What is a limitation of host-based IDPSs?

    <p>Conflict with existing security controls</p> Signup and view all the answers

    What is the primary function of Code Analysis in host-based IDPSs?

    <p>To prevent code from being executed</p> Signup and view all the answers

    Which of the following is a security capability of host-based IDPSs?

    <p>Network configuration monitoring</p> Signup and view all the answers

    What is a benefit of using shims in host-based IDPSs?

    <p>Ability to alter internal architecture of hosts</p> Signup and view all the answers

    What is a type of event that can be detected by host-based IDPSs?

    <p>Code execution</p> Signup and view all the answers

    What is the primary purpose of network traffic filtering?

    <p>To prevent unauthorized access and acceptable use policy violations</p> Signup and view all the answers

    What is the purpose of Filesystem Monitoring?

    <p>To prevent files from being accessed, modified, replaced, or deleted</p> Signup and view all the answers

    What is the purpose of Removable Media Restriction?

    <p>To prevent malware from being transferred or copied to or from the host</p> Signup and view all the answers

    What is the purpose of Audiovisual Device Monitoring?

    <p>To indicate if the host has been compromised</p> Signup and view all the answers

    What is the purpose of Host Hardening?

    <p>To detect the disability of security functions and enable it again</p> Signup and view all the answers

    What is the purpose of Process Status Monitoring?

    <p>To monitor the status of processes or services and the status of security programs</p> Signup and view all the answers

    What is the purpose of Network Traffic Sanitization?

    <p>To sanitize network traffic and prevent sensitive information display</p> Signup and view all the answers

    What is unique about updating agents in host-based IDPSs?

    <p>It is related to the type of operating system on which it is deployed</p> Signup and view all the answers

    What do most host-based IDPSs offer in terms of management capabilities?

    <p>Similar management capabilities</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser