Guide to Network Security

Computing

Quiz 6 :

Network Monitoring and Intrusion Detection and Prevention Systems

Quiz 6 :

Network Monitoring and Intrusion Detection and Prevention Systems

Question Type
search
arrow
Which tcpdump option specifies the number of packets to capture?
Free
Multiple Choice
Answer:

Answer:

B

Tags
Choose question tag
close menu
arrow
In ____, valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
Free
Multiple Choice
Answer:

Answer:

A

Tags
Choose question tag
close menu
arrow
The first hurdle a potential IDPS must clear is functioning in your systems environment.
Free
True False
Answer:

Answer:

True

Tags
Choose question tag
close menu
arrow
What does the tcpdump host 192.168.1.100 command do?
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Deploying and implementing an IDPS is always a straightforward task.
True False
Answer:
Tags
Choose question tag
close menu
arrow
The tcpdump tool will output both the header and packet contents into ____ format.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
The size of a signature base is a good measure of an IDPS's effectiveness.
True False
Answer:
Tags
Choose question tag
close menu
arrow
A ____ resides on a computer or appliance connected to a segment of an organization's network and monitors network traffic on that network segment - much like tcpdump - looking for indications of ongoing or successful attacks.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Most NBA sensors can be deployed in ____ mode only, using the same connection methods (e.g., network tap, switch spanning port) as network-based IDPSs.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
By default, tcpdump will just print ____ information.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Because of its ubiquity in UNIX/Linux systems, ____ has become the de facto standard in network sniffing.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Wireless sensors are most effective when their ____ overlap.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Signature-based IDPS technology is widely used because many attacks have clear and distinct signatures.
True False
Answer:
Tags
Choose question tag
close menu
arrow
In ____ verification, the higher-order protocols (HTTP, FTP, Telnet) are examined for unexpected packet behavior or improper use.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
A signature-based IDPS examines network traffic in search of patterns that match known ____.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
One of the best reasons to install a(n) ____ is to provide an organization with overall situational awareness - or a better overall understanding - of the activities that take place on the network.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
When the measured activity is outside the baseline parameters - exceeding what is called the ____ - the IDPS sends an alert to the administrator.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
The Simple Network Management Protocol contains ____ functions, which allow a device to send a message to the SNMP management console indicating that a certain threshold has been crossed, either positively or negatively.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
Intrusion ____ consists of activities that deter an intrusion.
Multiple Choice
Answer:
Tags
Choose question tag
close menu
arrow
A sniffer can decipher encrypted traffic.
True False
Answer:
Tags
Choose question tag
close menu
Showing 1 - 20 of 50