40 Questions
What is the primary definition of an intrusion?
An attempt to compromise the integrity, confidentiality, or availability of a resource
What is the term for an individual who is not authorized to use the computer and penetrates a system's access controls?
Masquerader
What is the term for a legitimate user who accesses data or programs for which they are not authorized?
Misfeasor
What is the term for an individual who seizes supervisory control of a system to evade auditing and access controls?
Clandestine user
What is the term for an individual who attacks a system via communication links, such as the Internet?
Hacker
What is the term for malicious software that attacks a system, such as a Trojan horse or Virus?
MalWare
What is an example of an intrusion attack?
All of the above
What type of intruder is an individual who has authorized access to a system but misuses their privileges?
Misfeasor
What is an example of a hacker's behavior motivated by thrill of access and/or status?
Accessing a system to gain prestige in the hacking community
What is the primary goal of a Denial of Service (DOS) attack?
To prevent legitimate users of a service from using that service
What is an example of an intruder's behavior?
Using an unsecured modem to access an internal network
What is the purpose of an intrusion detection system (IDS)?
To detect and alert on potential security threats
What is address spoofing?
A malicious user using a fake IP address to send malicious packets to a target
What is an example of a buffer-overflow attack?
The 2000 Outlook Express vulnerability
What is a major problem resulting from intruder activities?
Slowing down system performance for legitimate users
What is a threat to computer systems today?
Organized groups of hackers
What is the primary purpose of an Intrusion Detection System?
To monitor and analyze system events for potential security threats
What is the role of a sensor in an Intrusion Detection System?
To collect and forward data to the analyzer
What is the primary function of an analyzer in an Intrusion Detection System?
To determine if an intrusion has occurred
What is the purpose of reporting in an Intrusion Detection System?
To generate conclusions and act on analysis results
Why are firewalls not sufficient to detect all attacks?
Because they only protect against external attacks
What is the main difference between a firewall and an Intrusion Detection System?
A firewall blocks traffic, while an IDS detects attacks
What type of data can be input to a sensor in an Intrusion Detection System?
Any part of a system that could contain evidence of an intrusion
What is the main goal of an Intrusion Detection System?
To detect and alert on potential security threats in real-time
What is the primary function of the output of an Intrusion Detection System (IDS)?
To indicate that an intrusion has occurred
What is the purpose of the user interface in an IDS?
To view output from the system or control its behavior
What is a requirement for an IDS to be able to do?
Run continually with minimal human supervision
What is meant by an IDS being 'fault tolerant'?
It can recover from system crashes and re-initializations
What is a requirement for an IDS to resist?
Subversion
Why must an IDS impose a minimal overhead on the system it is running on?
To prevent degradation of system performance
What is meant by an IDS providing 'graceful degradation of service'?
If some components stop working, the rest are affected as little as possible
What is a requirement for an IDS to be able to do in terms of configuration?
Be able to be configured according to the security policies of the system being monitored
What is a key benefit of dynamic reconfiguration in Intrusion Detection Systems?
Faster response to threats without restart
What is a limitation of traditional IDS response?
Inability to respond automatically
What is the advantage of active response in IDS?
Automatic response to detected threats
What is a challenge in investigating multiple alarm types?
Prioritizing which alarm to investigate
What is a characteristic of signature detection in IDS?
Examining application, transport, and network layers
What is the purpose of the analysis module in IDS?
To refine intrusion detection parameters and algorithms
What is a benefit of anomaly detection in IDS?
Detection of Denial of Service attacks and worms
What is the role of security administration in IDS?
Designing prevention techniques
Test your knowledge of Intrusion Detection Systems (IDS) including their classifications, traditional and active responses, and capabilities. Learn about the importance of dynamic reconfiguration and secondary investigation.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free