CYB236 Chapter 8: Host-based Intrusion Detection Systems

Questions and Answers

What is the primary function of a host-based IDPS?

• Analyzing system logs
• Monitoring network traffic
• Monitoring the characteristics of a single host and the events occurring within that host for suspicious activity (correct)
• Scanning for viruses and malware

What type of IDPS is designed to monitor a specific application service only?

• Application-based IDPS (correct)
• Server-based IDPS
• Network-based IDPS
• Client-based IDPS

What is the primary role of an Agent in a host-based IDPS?

• To monitor activity on a single host and perform prevention actions (correct)
• To perform prevention actions
• To analyze system logs
• To monitor network traffic

Where are Agents typically deployed in a host-based IDPS?

On existing hosts on the organization's networks (C)

What type of host-based IDPS is designed to monitor users' hosts?

Client-based IDPS (B)

What is monitored by a server-based IDPS?

The operating system (OS) and common applications (B)

How do components communicate in a host-based IDPS?

Over the same networks as the hosts they are monitoring (A)

What is the primary advantage of a host-based IDPS?

Enhanced protection of individual hosts (A)

What is the primary purpose of a shim in host-based IDPS?

To intercept and analyze system calls (D)

What type of information is typically NOT logged by host-based IDPSs?

System resource usage (B)

Which of the following is NOT a type of event detected by host-based IDPSs?

System Rebooting (D)

What is a limitation of host-based IDPSs?

Conflict with existing security controls (D)

What is the primary function of Code Analysis in host-based IDPSs?

To prevent code from being executed (D)

Which of the following is a security capability of host-based IDPSs?

Network configuration monitoring (B)

What is a benefit of using shims in host-based IDPSs?

Ability to alter internal architecture of hosts (A)

What is a type of event that can be detected by host-based IDPSs?

Code execution (C)

What is the primary purpose of network traffic filtering?

To prevent unauthorized access and acceptable use policy violations (B)

What is the purpose of Filesystem Monitoring?

To prevent files from being accessed, modified, replaced, or deleted (A)

What is the purpose of Removable Media Restriction?

To prevent malware from being transferred or copied to or from the host (B)

What is the purpose of Audiovisual Device Monitoring?

To indicate if the host has been compromised (C)

What is the purpose of Host Hardening?

To detect the disability of security functions and enable it again (A)

What is the purpose of Process Status Monitoring?

To monitor the status of processes or services and the status of security programs (D)

What is the purpose of Network Traffic Sanitization?

To sanitize network traffic and prevent sensitive information display (D)

What is unique about updating agents in host-based IDPSs?

It is related to the type of operating system on which it is deployed (A)

What do most host-based IDPSs offer in terms of management capabilities?

Similar management capabilities (A)