Page 493 - StudyBook.pdf
P. 493
Topologies and IDS • Chapter 7 477
8. Which security control can best be described by the following? Because
normal user behavior can change easily and readily, this security control
system is prone to false positives where attacks may be reported based on
changes to the norm that are “normal,” rather than representing real attacks.
A. Anomaly based IDS
B. Signature based IDS
C. Honeypot
D. Honeynet
9. Your network is configured to use an IDS to monitor for attacks.The IDS is
network-based and has several sensors located in the internal network and the
DMZ. No alarm has sounded.You have been called in on a Friday night
because someone is claiming their computer has been hacked.What can you
surmise?
A.The misconfigured IDS recorded a positive event
B.The misconfigured IDS recorded a negative event
C.The misconfigured IDS recorded a false positive event
D.The misconfigured IDS recorded a false negative event
10. You have installed an IDS that is being used to actively match incoming
packets against known attacks.Which of the following technologies is being
used?
A. Stateful inspection
B. Protocol analysis
C.Anomaly detection
D. Pattern matching
11. You have been reading about the ways in which a network-based IDS can be
attacked.Which of these methods would you describe as an attack where an
attacker attempts to deliver the payload over multiple packets over long
periods of time?
www.syngress.com
