Module 9: Intrusion Detection & Prevention Systems PDF

Summary

This document contains practice questions and answers on intrusion detection and prevention systems (IDPS). It covers topics such as identifying system intrusions, IDPS configurations, and false positives. The questions are designed to help students understand intrusion detection and prevention system principles and terminology.

Full Transcript

1. A(n) \_\_\_\_\_ works like a burglar alarm in that it detects a
violation and activates an alarm.

2. What is a major advantage of a Heuristic-based IDS?

3. What is the primary characteristic of a signature-based IDS?

4. What is the primary function of a SIEM system?

**True / False**

+-----------------------------------------------------------------------+
| 1. Intrusion detection consists of procedures and systems that |
| identify system intrusions and take steps to limit the intrusion and |
| return operations to a normal state when an intrusion is detected. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| p. 339 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:30 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 2. An IDPS can be configured to call a phone number or perform |
| another type of signal or message. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 339\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:31 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 3. A false positive is the failure of an IDPS system to react to an |
| actual attack event. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology\ |
| p. 340 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 4. The process by which attackers change the format and/or timing of |
| their activities to avoid being detected by the IDPS is known as a |
| false attack stimulus. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 340\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 5. In DNS cache poisoning, valid packets exploit poorly configured |
| DNS servers to inject false information and corrupt the servers' |
| answers to routine DNS queries from other systems on the network. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 345\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:25 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 6. NIDPSs can reliably ascertain whether an attack was successful. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 345\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:25 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 7. HIDPSs are also known as system integrity verifiers. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 348\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 8. An HIDPS can monitor system logs for predefined events. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 348\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:25 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 9. An HIDPS can detect local events on host systems and detect |
| attacks that may elude a network-based IDPS. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 348\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:26 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 10. An HIDPS is optimized to detect multihost scanning, and it is |
| able to detect the scanning of non-host network devices, such as |
| routers or switches. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 348\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Types of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:26 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 11. The anomaly-based IDPS collects statistical summaries by |
| observing traffic that is known to be normal. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Detection Methods\ |
| p. 350 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 12. IDPS responses can be classified as active or passive. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 354\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Response Behavior |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 13. A passive IDPS response is a definitive action automatically |
| initiated when certain types of alerts are triggered. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 354\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Response Behavior |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 14. The Simple Network Management Protocol contains trap functions, |
| which allow a device to send a message to the SNMP management console |
| indicating that a certain threshold has been crossed, either |
| positively or negatively. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 355\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Response Behavior |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 15. In order to determine which IDPS best meets an organization's |
| needs to consider the system environment, security goals and |
| objectives and the existing security policy. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 358\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Selecting IDPS Approaches and Produc |
| ts |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:32 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 16. Your organization's operational goals, constraints, and culture |
| should not affect the selection of the IDPS and other security tools |
| and technologies to protect your systems. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Selecting IDPS Approaches and Produc |
| ts\ |
| p. 357 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 17. Among the considerations in evaluating an IDPS are the product\'s |
| scalability, testing, support provisions, and ability to provide |
| information on the source of attacks. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 359\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Selecting IDPS Approaches and Produc |
| ts |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:32 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 18. Intrusion detection and prevention systems perform monitoring and |
| analysis of system events and user behaviors. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 360\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Strengths and Limitations of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 19. Intrusion detection and prevention systems can deal effectively |
| with newly published attacks or variants of existing attacks. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 360\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Strengths and Limitations of IDPSs |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:32 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 20. A fully distributed IDPS control strategy is an IDPS |
| implementation approach in which all control |
| |
| functions are applied at the physical location of each IDPS |
| component. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 362\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Deployment and Implementation of an |
| IDPS |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.2 - Describe the detecti |
| on approaches employed by modern intrusion detection and prevention s |
| ystems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 2/6/2017 9:26 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 21. Security tools that provide decoy systems designed to lure |
| potential attackers away from critical systems include honeypots, |
| honeynets, and padded cell systems. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| ----------------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| ----------------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Honeypots, Honeynets, And Padded Cel |
| l Systems\ |
| p. 367 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.3 - Define and describe |
| honeypots, honeynets, and padded cell systems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:33 PM |
| ------------------------------------------------------------------- |
| ----------------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 22. An IDS helps to secure networks by identifying where the network |
| needs securing. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Scanning And Analysis Tools\ |
| p. 370 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:36 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 23. To assist in footprint intelligence collection, attackers may use |
| an enhanced Web scanner that, among other things, can scan entire Web |
| sites for valuable pieces of information, such as server names and |
| e-mail addresses. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 371\ |
| H1: Scanning And Analysis Tools |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 3/8/2017 10:28 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 24. TCP/IP services can run only on their commonly used port number |
| as specified in their original Internet standard. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * H1: Scanning And Analysis Tools\ |
| H2: Port Scanners\ |
| p. 372 |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:37 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 25. Administrators should encourage users to experiment with |
| hackerware tools as they assist the organization in detecting |
| potential vulnerabilities in the systems. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 373\ |
| H1: Scanning And Analysis Tools\ |
| H2: Firewall Analysis Tools |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:38 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 26. Once the OS is known, the vulnerabilities to which a system is |
| susceptible can more easily be determined. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 373\ |
| H1: Scanning And Analysis Tools\ |
| H2: Operating System Detection Tools |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:38 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 27. The Metasploit Framework is a collection of exploits coupled with |
| an interface that allows the penetration tester to automate the |
| custom exploitation of vulnerable systems. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 375\ |
| H1: Scanning And Analysis Tools\ |
| H2: Vulnerability Scanners |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 9/14/2016 10:44 AM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 28. A passive vulnerability scanner is one that initiates traffic on |
| the network in order to determine security holes. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * False |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 376\ |
| H1: Scanning And Analysis Tools\ |
| H2: Vulnerability Scanners |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 1/30/2017 6:33 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 29. Passive scanners are advantageous in that they can find |
| client-side vulnerabilities that are typically not found by active |
| scanners. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 376\ |
| H1: Scanning And Analysis Tools\ |
| H2: Vulnerability Scanners |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:40 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 30. To use a packet sniffer legally, the administrator only needs to |
| be on a network that the organization owns, and have authorization of |
| the network's owners. |
| |
|   a.  True |
| --- ----- ------- |
|   b.  False |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 378\ |
| H1: Scanning And Analysis Tools\ |
| H2: Packet Sniffer |
| |
| *QUESTION TYPE:  * True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.4 - List and define the |
| major categories of scanning and analysis tools and describe the spec |
| ific tools used within each category |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:40 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| -------------------------------------- |
+-----------------------------------------------------------------------+

---------------------------
**Modified True / False**
---------------------------

+-----------------------------------------------------------------------+
| 31. Alarm [filtering] and compaction is the process of |
| grouping almost identical alarms that occur nearly at the same time |
| into a single higher-level alarm. \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False - clustering |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 339\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology |
| |
| *QUESTION TYPE:  * Modified True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *STUDENT ENTRY MODE:  * Basic |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:41 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 32. A(n) [event] is an indication that a system has just |
| been attacked or is under attack. \_\_\_\_\_ |
| |
| +--------------------------------+--------------------------------+ |
| | *ANSWER:  * | False - alert | |
| | | | |
| | | False - alarm | |
| +================================+================================+ |
| | *POINTS:  * | 1 | |
| +--------------------------------+--------------------------------+ |
| | *REFERENCES:  * | p\. 339\ | |
| | | vH1: Introduction To | |
| | | Intrusion Detection And | |
| | | Prevention Systems\ | |
| | | H2: IDPS Terminology | |
| +--------------------------------+--------------------------------+ |
| | *QUESTION TYPE:  * | Modified True / False | |
| +--------------------------------+--------------------------------+ |
| | *HAS VARIABLES:  * | False | |
| +--------------------------------+--------------------------------+ |
| | *STUDENT ENTRY MODE:  * | Basic | |
| +--------------------------------+--------------------------------+ |
| | *LEARNING OBJECTIVES:  * | POIS.WHMA.22.09.1 - Identify | |
| | | and describe the categories | |
| | | and models of intrusion | |
| | | detection and prevention | |
| | | systems | |
| +--------------------------------+--------------------------------+ |
| | *DATE CREATED:  * | 9/14/2016 10:44 AM | |
| +--------------------------------+--------------------------------+ |
| | *DATE MODIFIED:  * | 6/3/2021 6:44 PM | |
| +--------------------------------+--------------------------------+ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 33. Alarm events that are accurate and noteworthy but do not pose |
| significant threats to information security are called |
| [noise]. \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 340\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology |
| |
| *QUESTION TYPE:  * Modified True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *STUDENT ENTRY MODE:  * Basic |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/3/2021 6:44 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 34. [Avoidance] is the process by which an attacker |
| changes the format and/or timing of activities to avoid being |
| detected by an IDPS. \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False - evasion |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 340\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology |
| |
| *QUESTION TYPE:  * Modified True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *STUDENT ENTRY MODE:  * Basic |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/24/2021 4:42 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 35. The [integrity] value, which is based upon |
| fuzzy logic, helps an administrator determine how likely it is that |
| an IDPS alert or alarm indicates an actual attack in progress. |
| \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * False - confidence |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 340\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: IDPS Terminology |
| |
| *QUESTION TYPE:  * Modified True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *STUDENT ENTRY MODE:  * Basic |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/3/2021 6:44 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 36. A(n) [known] vulnerability is a published weakness or |
| fault in an information asset or its protective systems that may be |
| exploited and result in loss. \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *ANSWER:  * True |
| -------------------------- ---------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
| *POINTS:  * 1 |
| |
| *REFERENCES:  * p\. 341\ |
| H1: Introduction To Intrusion Detection |
| And Prevention Systems\ |
| H2: Why Use an IDPS? |
| |
| *QUESTION TYPE:  * Modified True / False |
| |
| *HAS VARIABLES:  * False |
| |
| *STUDENT ENTRY MODE:  * Basic |
| |
| *LEARNING OBJECTIVES:  * POIS.WHMA.22.09.1 - Identify and describ |
| e the categories and models of intrusion detection and prevention sys |
| tems |
| |
| *DATE CREATED:  * 9/14/2016 10:44 AM |
| |
| *DATE MODIFIED:  * 6/3/2021 6:44 PM |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------ |
+-----------------------------------------------------------------------+

+-----------------------------------------------------------------------+
| 37. The activities that gather public information about the |
| organization and its network activities and assets is called |
| [fingerprinting]. \_\_\_\_\_ |
| |
| ------------------------------------------------------------------- |
| --------------------------------------------------------------------- |
| ------