Cybersecurity: Intrusion Detection Systems (IDS)

Questions and Answers

Which action is primarily associated with Network-Based Intrusion Detection System (NIDS)?

• Comparing software hashes against a database of known malware.
• Isolating infected virtual machines to prevent lateral movement.
• Monitoring network traffic patterns for suspicious activity. (correct)
• Analyzing individual device logs for malicious activity.

What is the primary function of an Intrusion Detection System (IDS)?

• To replace outdated firewall systems.
• To encrypt network traffic to prevent eavesdropping.
• To perform regular system backups.
• To monitor network traffic for malicious activity. (correct)

What is a key difference between an Intrusion Detection System (IDS) and a firewall?

• An IDS actively blocks malicious traffic, while a firewall passively monitors traffic.
• A firewall provides detailed logs, while an IDS offers real-time traffic analysis.
• IDS operates at the network layer, while firewalls operate at the application layer.
• A firewall actively blocks malicious traffic, while an IDS passively monitors traffic. (correct)

Which of the following BEST describes 'pattern evasion' in the context of cybersecurity intrusions?

Hackers modify their attack techniques to avoid detection by IDS. (B)

How does a 'coordinated attack' complicate the detection efforts of an Intrusion Detection System (IDS)?

By distributing the attack across multiple hosts, making it difficult to trace the source. (B)

What is the purpose of Signature-Based Intrusion Detection Systems (SIDS)?

To identify patterns that match known intrusion signatures. (A)

Anomaly-Based Intrusion Detection System (AIDS) relies on what technique to identify potential threats?

Analyzing network traffic to identify deviations from a learned baseline of normal behavior. (B)

Which statement accurately describes a key advantage of Anomaly-Based Intrusion Detection System (AIDS) over Signature-Based Intrusion Detection System (SIDS)?

AIDS can detect new and evolving threats that SIDS might miss. (B)

What is the role of a Perimeter Intrusion Detection System (PIDS) in cybersecurity?

Detecting intrusion attempts taking place on the perimeter of critical infrastructures. (A)

What capability does a Virtual Machine-Based Intrusion Detection System (VMIDS) primarily offer?

Detecting intrusions by monitoring virtual machines. (B)

How does a Stack-Based Intrusion Detection System (SBIDS) function within a network?

By watching packets as they move through the organization’s network and pulling malicious packets before applications can process them. (A)

Within which protocol stack is a Stack-Based Intrusion Detection System (SBIDS) typically integrated?

TCP/IP (Transmission Control Protocol/Internet Protocol) (B)

Why is 'understanding risk' considered a benefit of implementing an Intrusion Detection System (IDS)?

IDS provides insights into potential security threats and vulnerabilities. (D)

How does an Intrusion Detection System (IDS) assist in 'shaping security strategy' for an organization?

By providing real-time threat intelligence to adjust security policies. (A)

Which challenge is represented by 'false positives' in Intrusion Detection Systems (IDS)?

Identifying legitimate traffic as malicious. (B)

What is the primary risk associated with 'false negatives' in Intrusion Detection Systems (IDS)?

Actual security threats being missed. (A)

What is the typical role of security operations centers (SOCs) in relation to Intrusion Detection Systems (IDS)?

Analyzing notifications from IDS to address potential events. (B)

What action does a firewall perform when it 'analyzes the metadata contained in network packets'?

It checks the source and destination IP addresses and ports. (D)

Why is it important for Intrusion Detection System (IDS) solutions to quickly adapt to detecting new threats and signs of malicious behavior?

To stay ahead of evolving attacker tactics and prevent false negatives. (C)

Flashcards

Intrusion Detection System (IDS)

An application that monitors network traffic for known threats and suspicious activity, sending alerts to IT.

Intrusion (Cybersecurity)

Gaining unauthorized access to a device, network, or system.

Address Spoofing

Hiding attack source using manipulated or unsecured proxy servers.

Fragmentation (Attack)

Breaking packets into smaller pieces to evade intrusion detection.

Pattern Evasion

Adjusting attack methods to avoid detection patterns used by IDS.

Coordinated Attack

Coordinating attacks across multiple hosts or ports to overwhelm IDS.

Network Intrusion Detection System (NIDS)

Monitors network traffic for incoming/outgoing data, detecting malicious activity.

Host Intrusion Detection System (HIDS)

Installed on individual devices to detect threats from inside the network.

Signature-Based Intrusion Detection System (SIDS)

Compares network packets against a database of known attack signatures.

Anomaly-Based Intrusion Detection System (AIDS)

Monitors network traffic and compares it to a predefined 'normal' baseline.

Perimeter Intrusion Detection System (PIDS)

Placed on a network to detect intrusion attempts on the perimeter.

Virtual Machine-Based Intrusion Detection System (VMIDS)

Detects intrusions by monitoring virtual machines.

Stack-Based Intrusion Detection System (SBIDS)

Integrated into TCP/IP to watch packets and remove malicious ones.

False Alarms (IDS)

Incorrectly identifying safe traffic as malicious; also known as false positives.

False Negatives (IDS)

Failing to identify malicious traffic; dangerous oversight.

Firewalls

Cybersecurity tools that safeguard a network; block unauthorized traffic.

Intrusion Detection Systems (IDS)

Actively monitors network traffic to identify potential incidents.

Firewall Actions

Analyzes the metadata of network packets, blocks or allows traffic.