QUESTION 38
A signature-based and anomaly-based system are two different implementations of a __________.
A. |
Intrusion Prevention System. |
|
B. |
Intrusion Detection System |
|
C. |
firewall |
An anomaly-based intrusion detection system, is an
intrusion detection system
B)
Intrusion Detection System |
QUESTION 38 A signature-based and anomaly-based system are two different implementations of a __________. A. Intrusion...
Describe the features of anomaly based intrusion detection scheme.
What is the difference between a network intrusion detection system (NIDS) and a network intrusion prevention system (NIPS)? a. There is no difference; a NIDS and a NIPS are equal. b. A NIPS can take actions more quickly to combat an attack. c. A NIDS provides more valuable information about attacks. d. A NIPS is much slower because it uses protocol analysis.
Q1: Discuss the host and network based intrusion detection system Q2: Discuss the different components of snort with the appropriate diagram Q3:Error Correction (Hamming Code) The following is a corrupted ECC data. 101101101100 Find out the actual data (after removing ECC bits). Q4: Explain Raid0, Raid1, and Raid2
1. Describe two differences between IDS and Intrusion Prevention System (IPS).
Using a statistical intrusion detection system, we want a system with a very high true positive rate and a very low ______ rate. (Fill in the blank) A. false-positive B. rule-based C. true-negative D. base E. false-negative
3. (a) Describe the differences between a host-based Intrusion Prevention System (IPS) and a network-based IPS. (b) What are three benefits that can be provided by an IPS compared to an IDS? (c) One form of IDS starts operation by generating an alert for every action. Over time, the administrator adjusts the setting of the IDS so that common, benign activities do not generate alarms. What are the advantages and disadvantages of this design for an IDS?
CYBERSECURITY AND INFORMATION ASSURANCE 16. Most IDSs can use both Signature-based detection and Anomaly-based detection methods simultaneously. a. True b. False 17. One drawback which Bejtlich points out about standard security process models, is that they represent the relationship between internal security steps and not a/an ________ process/steps. 18. The textbook lists three ways in which NSM consoles (e.g., Sguil, Squert, Snorby) specifically assist security analysts beyond other standard network tools. Which of the following is not one of those...
Which of these indicates the primary purpose of an intrusion detection system a) Detect abnormal activity c) Rate system performance b) Diagnose system failures d) Test a system for vulnerabilities
There are a lot of different technologies out there and deciding which is right for your organization can take a lot of research. One of the most basic pieces of technology out there is a firewall. Modern "Next-Generation" enterprise-grade firewalls integrate many of the technologies discussed in this week's reading providing functionality ranging from basic stateful firewall capabilities, to intrusion detection/prevention, VPNs, and more. Using the web, journals, library, or other resources, identify three well-known manufacturers of enterprise firewalls. Review...
is/are an example of a detective control. 7) A) Physical access controls B) Encryption C) Emergency response teanms D) Log analysis of both 8) COBIT S management practice APO01.08 stresses the importance of employee compliance with the organization's information security policies and overall performance of business processes A) continuous improvement of B) continuous reviewing C) continuous monitoring D) continuous auditing 9) Which of the following is not a requirement of effective passwords? A) Passwords should be changed at regular intervals...