Chapter 07

Chapter 07 - 07 True/False Indicate whether the statement...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
07 True/False Indicate whether the statement is true or false. ____ 1. IDPS responses can be classified as active or passive. ____ 2. A passive response is one in which a definitive action is initiated when certain types of alerts are triggered. ____ 3. The Simple Network Management Protocol contains trap functions, which allow a device to send a message to the SNMP management console to indicate that a certain threshold has been crossed, either positively or negatively. ____ 4. An IDPS can be configured to trigger a specific event when it detects specific types of activity. ____ 5. To determine which IDPS would best meet the needs of a specific organization’s environment, first consider that environment, in technical, physical, and political terms. ____ 6. Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and other security tools and technologies to protect your systems. ____ 7. All IDPS vendors target users with the same levels of technical and security expertise. ____ 8. Intrusion detection and prevention systems perform monitoring and analysis of system events and user beha- viors. ____ 9. Intrusion detection and prevention systems can deal effectively with switched networks. ____ 10. A fully distributed IDPS control strategy is the opposite of the centralized strategy. ____ 11. Intrusion detection consists of procedures and systems that are created and operated to detect system intru- sions and protect against attack. ____ 12. A false positive is the failure of an IDPS system to react to an actual attack event. ____ 13. HIDPSs are also known as system integrity verifiers. ____ 14. An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based IDPS. ____ 15. In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information. This corrupts the servers’ answers to routine DNS queries from other systems on the network. ____ 16. NIDPSs can reliably ascertain if an attack was successful or not. ____ 17. A HIDPS can monitor systems logs for predefined events. ____ 18. A HIDPS is optimized to detect multi-host scanning, and is it able to detect the scanning of non-host network devices, such as routers or switches. ____ 19. Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined. ____ 20. The statistical anomaly-based IDPS collects statistical summaries by observing traffic that is known to be nor- mal. ____ 21. A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
____ 22. Sam Spade is an enhanced Web scanner that, among other things, can scan entire Web sites for valuable pieces of information, such as server names and e-mail addresses.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/09/2011 for the course COM 308 taught by Professor E.bautista during the Fall '10 term at St. Leo.

Page1 / 13

Chapter 07 - 07 True/False Indicate whether the statement...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online