NIDPS can reliably ascertain if an attack was successful or not. FALSE Sam Spade is an enhanced web scanner can scan entire web sites for valuable pieces of information, such as server names and email addresses. TRUE Intrusion detection and preventions systems perform monitoring and analysis of system events and user behaviors. TRUE Intrusion detection consists of procedures and systems that are created and operated to detect system intrusions and protect against attack. FALSE Intrusion detection and prevention systems can deal effectively with switched networks. FALSE The statistical anomaly based IDPS collects statistical summaries observing traffic known to be normal. TRUE A Partially distributed IDPS control strategy combines the best of the other two strategies. TRUE An HIDPS can detect local events on host systems and also detect attacks that may elude a network, based IDPS. TRUE A passive response is one in which a definitive action is initiated when certain types o alerts are triggered. FALSE. When a collection of honey pots connects several honey pot systems on a subnet, it may be called a honeynet TRUE The IDPS console includes the management software which collects information from the remote sensors analyzes the systems or networks monitored, and makes the determination as to whether the current situation has deviated from the preconfigured baseline. TRUE A log file monitor is an approach to IDPS that is similar to NIDPS. TRUE In the process of protocol application verification, the NIDp look for invalid data packets. FALSE Strong Authentication requires at least one of the forms of authentication to authenticate the supplicant's identity. FALSE Services using TCP/IP protocol can run only on port 80. FALSE In DNS, cache poisoning, valid packets exploit poorly configured DNS servers to inject false information. This corrupts the server's answers to routine DNS queries from other systems on network. TRUE A false positive is the failure of an IDPS system to react to an actual attack event. FALSE A padded cell is a hardened honey net. FALSE The Metsploit framework is a collection of exploits coupled with an interface that allows the penetration tester to automate the custom exploitation of vulnerable systems. TRUE Preconfigured, predetermined attack patterns are called SIGNATURES. TRUE NIDPS functions on thehost system, wehre ncrypted taffic will have been decrypted and is available for processing. FALSE PACKET SNIFFER IS A NETWORK TOOL THAT SCAN NETWORKS FOR HIGHLY DETAILED INFORMATION. FALSE PORT SCANNERS ARE USED TO FINGERPRINT COMPUTERS THAT ARE ACTIVE ON NETWORK. TRUE A NIDPS functions on the host system, where encrypted traffic will have been decrypted and available for processing. FALSE Nmap uses incrementing Time to Live packets to determine the path into a network as well as the default firewall policy. FALSE
The confidence value, which is type of false logic, provides additional piece of information to assist administrator in whether an attact alert is indicating that actual attack in progress, or whether IDS is reacting to false attack
This is the end of the preview. Sign up to
access the rest of the document.