Question

CYBERSECURITY AND INFORMATION ASSURANCE

16. Most IDSs can use both Signature-based detection and Anomaly-based detection methods simultaneously.

a. True

b. False

17. One drawback which Bejtlich points out about standard security process models, is that they represent the relationship between internal security steps and not a/an ________ process/steps.

18. The textbook lists three ways in which NSM consoles (e.g., Sguil, Squert, Snorby) specifically assist security analysts beyond other standard network tools. Which of the following is not one of those three?

a. ability to manipulate NSM output data to paint a picture of current security threats

b. easy for analysts to review multiple forms of NSM data (within a single interface)

c. enable analysts to pivot/transition from one form of NSM data to another

d. capture analyst's decision-making process, making workflow possible (coordinating multiple analysts)

19. There are potential limitations to the amount of data collected by an IDS, including which of the following? [Select ALL correct answers]

a. data storage capacity

b. CPU/processing capacity

c. federal data security standards (e.g., FISMA or FIPS-140)

d. automated vs. human data analysis capabilities

20. Bit masking can be used to set bits (value of 1) using the ______ Boolean operator, and to clear bits (value of 0) using the ______ Boolean operator.

a. XOR , OR

b. NOT, AND

c. AND, XOR

d. OR, AND

Answer 1

Answer -

1. The statement is FALSE as most Ids cannot perform both the detection techniques simultaneously as the ID's can only perform one at once for the detection as they are both very different in their method.

According to the CHEGG guideline I have done the first question. Please upload rest of the question separately.