Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Part 1: True or False Questions. (10 questions at 1 point each) T F Anomaly-base

ID: 3724960 • Letter: P

Question

Part 1: True or False Questions. (10 questions at 1 point each)

T F     Anomaly-based intrusion detection systems generate alerts based on deviations from “normal” traffic.   Answer: _____

T F     A host-based IDS only monitors network traffic that is destined for a single computer or device.   Answer: ____

T F     When discussing IDS and IPS, a signature is a digital certificate used to identify the author of an exploit.   Answer: _____

T F     The success of stateful protocol analysis depends on vendors adhering to standard protocol models that specify expected protocol behavior.   Answer: _____

T F    Signature-based intrusion detection cannot identify previously unknown attacks.   Answer: _____

T F     The main difference between network-based IDS and IPS is that IPS responds to suspected attacks by blocking network traffic, while IDS provides notification if suspicious traffic is observed but allows the traffic to pass.   Answer: _____

T F     Snort requires the use of at least one preprocessor to be able to analyze patterns in network traffic spanning multiple packets.   Answer: _____

T F     Snort generates an alert every time a detection rule is matched.   Answer: _____

T F     A network-based IDS that scans packet traffic to try to match known attack patterns is called a signature-based NIDS.   Answer: _____

T F     An in-line IDS must have the processing power to handle traffic at least as fast as the bandwidth of the network it monitors, or it will lose packets and potentially fail to notify on packets matching alert rules.   Answer: _____

Part 2: Multiple Choice Questions. Print the correct answer in the blank following the question. (Scored as 2 points for each question; there is exactly one correct choice for each question.) (5 questions at 2 points each)

Which of the following is an advantage of anomaly-based detection?

Rules are easy to define

The data it produces can be easily analyzed

It can detect “zero-day” or previously unknown attacks

Malicious activity that falls within normal usage patterns is detected

Rules developed at one site can be shared with many other users

Answer(s): ____

Most commercial NIDS tools generate alerts based on signatures at the network layer and what other OSI model layer?

Application layer

Presentation layer

Data-link layer

Transport layer

Session layer

Answer(s): _____

Potential uses for intrusion detection and prevention systems include all of the following EXCEPT?

Initiating incident response procedures

Notifying system administrators when patches need to be applied

Deterring employees from acting in ways that violate security policy

Recording information about the threats faced by an organization’s network

Verifying the effectiveness of firewall rules in filtering traffic

Answer(s): _____

Which is/are true for intrusion protection systems (IPSes)?

An IPS detects network attacks and issues alerts

An IPS can respond to network attacks by blocking traffic and resetting connections

An IPS is typically deployed inline to monitor traffic

a and b only

a, b, and c

Answer(s): _____

Which of the following is a limitation of Snort?

Cannot be centrally monitored with sensors running on different OSes

Cannot protect against insider threats

Cannot inspect encrypted traffic for attack signatures

Cannot scale to protect a large network

Cannot detect application-layer attacks

Explanation / Answer

1)TRUE

Anamoly based intrusion systems are designed to generate an alarm whenever a suspicious activity is detected.

2)TRUE

A HIDS is used to monitor traffic only on a specific system in which intrusion detection software is installed inlike NIDS which monitors traffic across a network at different points

3)FALSE

Digital signature are updated with malicious activities

4)TRUE

ThE success depends on vendor adhering to some standard protocols

5)TRUE

Only anamoly based can detect previously unknown attacks via machine learning

6)TRUE

7)TRUE

Snort requires atleast one preprocessor to analyze packets

8)TRUE

Whenever a detection rule is matched an alert is made or logged by alerting system/logging system

9)TRUE

It monitors packets in network to match with known patterns

10)TRUE

11)

Anamoly based systems can detect zero day/previously unknown attacks

12)Network layer and Transport layer

13)Deterring employees from acting in way that violate security policy

14)a and b

15)

Cannot inspect encrypted traffic for attack signatures

Related Questions

Part 1: Singly Linked List As discussed in class, create a singly linked list us
Question #645501
Part 1: Smith Ltd Smith Ltd has three products all of which require the same pro
Question #2411432
Part 1: Social Influence. What are other ways that social influence can impact b
Question #3496207
Part 1: Soil Formation and Conservation 1. In \"Skin of the Earth\" (excerpted f
Question #114555
Part 1: Some of the methods in this section are approximations rather than exact
Question #2932883
Part 1: Some of the methods in this section are approximations rather than exact
Question #3336481
Part 1: Sorting For this part, you will implement five sorting algorithms: Heaps
Question #3645879
Part 1: Southern Home Cookin\' just paid its annual dividend of $.70 a share. Th
Question #2693718
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Part 1: To determine if there are outliers in a least squares regression models
Next
Part 1: True or False, please explain why. (2 points each) 1, SQL (Structured Qu

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.