41 Questions
What is the primary goal of intrusion detection and prevention systems?
To detect and prevent hostile or unwanted trespass
What is the key characteristic of a rule-based anomaly detection system?
It uses a set of predefined rules to identify anomalies
What is the main difference between anomaly-based detection and signature-based detection?
Anomaly-based detection identifies anomalies based on statistically predictable patterns
What is the primary characteristic of a system that is not under attack?
User actions conform to statistically predictable patterns
What is the definition of intrusion?
Hostile or unwanted trespass by users or software
What is the formula for Detection Rate (DR) in Intrusion Detection Systems?
TP/(TP+FN)
Which of the following IDS/IPS products is suitable for small and medium businesses and is free?
Suricata
What is the primary objective of IDS/IPS systems?
Detecting intrusions
What is the name of the chapter in the Stallings book that covers Email Security and Social Engineering Attacks?
Chapter 8
What is the primary approach of an IDS/IPS system that uses known attack patterns to identify intrusions?
Signature-based
What is the term for a type of attack that tricks users into divulging sensitive information?
Phishing attack
What is the main purpose of a peer-to-peer gossip protocol in an intrusion detection system?
To inform central system of attacks
What is the primary function of a Policy Enforcement Point (PEP) in a Distributed or Hybrid Network Intrusion Detection System?
To correlate distributed information and make local decisions
What is the purpose of the IETF Intrusion Detection Working Group?
To define data formats and exchange procedures for sharing information
What is the primary function of a Honeypot in an intrusion detection system?
To lure potential attackers away from critical systems
What is the main difference between a Low Interaction Honeypot and a High Interaction Honeypot?
The level of realism provided to the attacker
What is the primary function of Snort in an intrusion detection system?
To use a combination of rules and preprocessors to detect intrusions
What is the primary function of an Intrusion Prevention System (IPS)?
To detect and prevent malicious traffic
What is a major advantage of using an Intrusion Detection System (IDS) in a network?
Has no impact on network performance
What is a major challenge in detecting and preventing insider attacks?
Employees have access to systems and knowledge
What is a key component of an overall security strategy to prevent insider attacks?
Enforcing least privilege and monitoring logs
What is the primary goal of an Intrusion Detection System?
To detect a wide variety of intrusions, including unknown attacks
What is the approach used by a rootkit to conceal information?
Manipulating system calls and programs
According to Denning's Model, what is a characteristic of exploiting vulnerabilities?
Using normal commands in an abnormal way
What is the primary advantage of Anomaly Detection over other models of Intrusion Detection?
It can detect unknown attacks
What is the purpose of benchmark data sets in Anomaly Detection?
To train the system with usual behavior
What is the goal of Misuse Detection in Intrusion Detection?
To detect known attacks
What is the primary challenge of analyzing commands in Intrusion Detection?
Impact on response time of the system
What is the purpose of a threshold metric in Anomaly Detection?
To count the number of events that occur within a certain range
What is the primary benefit of a simple and easy-to-understand user interface in Intrusion Detection Systems?
It is critical for monitoring many systems
What is the fundamental principle of Specification-based detection in Intrusion Detection?
What is good is known, and what is not good is bad
What is the primary purpose of PGP in email security?
To provide all of the above
Which of the following is NOT a symmetric key crypto algorithm supported by OpenPGP?
RSA
What is the purpose of the session key in PGP encryption?
To encrypt the plaintext with an encryption algorithm
What is the benefit of compressing plaintext in PGP?
It strengthens cryptographic security
What is the purpose of the sender's private key in PGP?
To sign the message
What is the primary difference between PGP and S/MIME?
PGP uses public key crypto, while S/MIME uses symmetric key crypto
What is the purpose of the receiver's public key in PGP?
To encrypt the session key
What is the benefit of using PGP in email security?
It strengthens cryptographic security
What is the purpose of the hash function in PGP?
To provide authentication and integrity
What is the primary advantage of using a hybrid cryptosystem like PGP?
It combines the benefits of symmetric and public key crypto
Test your knowledge of intrusion detection and prevention methods, including rule-based anomaly detection, anomaly-based detection, and signature-based detection. Learn how to identify and prevent threats in computer systems.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free