Indicate whether the statement is true or false.
IDPS responses can be classified as active or passive.
A passive response is one in which a definitive action is initiated when certain types of alerts are triggered.
The Simple Network Management Protocol contains trap functions, which allow a device to send a message
to the SNMP management console to indicate that a certain threshold has been crossed, either positively or
An IDPS can be configured to trigger a specific event when it detects specific types of activity.
To determine which IDPS would best meet the needs of a specific organization’s environment, first consider
that environment, in technical, physical, and political terms.
Your organization’s operational goals, constraints, and culture should not affect the selection of the IDPS and
other security tools and technologies to protect your systems.
All IDPS vendors target users with the same levels of technical and security expertise.
Intrusion detection and prevention systems perform monitoring and analysis of system events and user beha-
Intrusion detection and prevention systems can deal effectively with switched networks.
A fully distributed IDPS control strategy is the opposite of the centralized strategy.
Intrusion detection consists of procedures and systems that are created and operated to detect system intru-
sions and protect against attack.
A false positive is the failure of an IDPS system to react to an actual attack event.
HIDPSs are also known as system integrity verifiers.
An HIDPS can detect local events on host systems and also detect attacks that may elude a network-based
In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information.
This corrupts the servers’ answers to routine DNS queries from other systems on the network.
NIDPSs can reliably ascertain if an attack was successful or not.
A HIDPS can monitor systems logs for predefined events.
A HIDPS is optimized to detect multi-host scanning, and is it able to detect the scanning of non-host network
devices, such as routers or switches.
Once the OS is known, all of the vulnerabilities to which a system is susceptible can easily be determined.
The statistical anomaly-based IDPS collects statistical summaries by observing traffic that is known to be nor-
A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active
vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.