Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796
Chapter 7, Page 259 Prof. Michael P. Harris
ITSY 2430 Intrusion Detection Chapter Quiz 07
Name: ______Date: ______
Chapter Review Questions, Intrusion Detection System Concepts
1. How can the data gained from intrusion detection be used to improve network security? (Choose all that apply.)
2. Name the three network defense functions in intrusion detection.
3. Which of the following is an example of a multiple-session attack?
(Choose all that apply.)
4. Network sensors should be positioned at what locations on the network?
5. Advanced network sensors can perform which of the following advanced security functions?
6. Anomaly-based detection makes use of which feature of network traffic?
7. Misuse detection is based on which feature of network traffic?
8. An anomaly-based IDS can be circumvented in which of the following ways?
9. A misuse-detection IDS can be circumvented in which of the following ways?
10. Which intrusion detection method can begin protecting a network immediately after installation?
11. Which intrusion detection method is almost impossible for intruders to test before attempting an attack?
12. Which activity performed by an IDS could detect a denial-of-service attack?
13. Which IDS component enables administrators to consolidate and track a large volume of events?
14. Which of the following events has the most serious security implications?
15. Which of the following is a characteristic of a firewall rule base that isn’t shared by an IDS database? (Choose all that apply.)
16. _____ A HIDS can detect an intrusion attempt that targets the entire network, such as a port scan on a range of computers in succession. True or False?
17. An IDS can respond to a possible attack. What actions can it take?
18. Which of the following is almost inevitable and should be expected after an IDS is installed? (Choose all that apply.)
19. What is the value of reviewing an IDS log file, especially when you already have firewall and system log files to review?
20. A device that detects and analyzes each packet in its entirety is said to operate in which mode?
Page 1 of 2