CYBERSECURITY AND INFORMATION ASSURANCE
16. Most IDSs can use both Signature-based detection and Anomaly-based detection methods simultaneously.
a. True
b. False
17. One drawback which Bejtlich points out about standard security process models, is that they represent the relationship between internal security steps and not a/an ________ process/steps.
18. The textbook lists three ways in which NSM consoles (e.g., Sguil, Squert, Snorby) specifically assist security analysts beyond other standard network tools. Which of the following is not one of those three?
a. ability to manipulate NSM output data to paint a picture of current security threats
b. easy for analysts to review multiple forms of NSM data (within a single interface)
c. enable analysts to pivot/transition from one form of NSM data to another
d. capture analyst's decision-making process, making workflow possible (coordinating multiple analysts)
19. There are potential limitations to the amount of data collected by an IDS, including which of the following? [Select ALL correct answers]
a. data storage capacity
b. CPU/processing capacity
c. federal data security standards (e.g., FISMA or FIPS-140)
d. automated vs. human data analysis capabilities
20. Bit masking can be used to set bits (value of 1) using the ______ Boolean operator, and to clear bits (value of 0) using the ______ Boolean operator.
a. XOR , OR
b. NOT, AND
c. AND, XOR
d. OR, AND
Answer -
According to the CHEGG guideline I have done the first question. Please upload rest of the question separately.
CYBERSECURITY AND INFORMATION ASSURANCE 16. Most IDSs can use both Signature-based detection and Anomaly-based detection methods...