What monitors the characteristics of a single host and the events occurring within that host for suspicious activity?

Question 11 of 205.0 PointsA _______ monitors the characteristics of a single host and the events occurring within that host for suspicious activity.A. host-based IDSB. security intrusionC. network-based IDSD. intrusion detectionAnswer Key: A

Question 12 of 205.0 Points_______ involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder.

Get answer to your question and much more

Get answer to your question and much more

Question 13 of 205.0 Points_______ involves the collection of data relating to the behavior of legitimate users over a period of time.

Get answer to your question and much more

Question 14 of 205.0 PointsA(n) ______ is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor.

Get answer to your question and much more

Question 15 of 205.0 PointsThe ______ is the IDS component that examines the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator.A. data sourceB. sensorC. operatorD. analyzer

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 6 pages?

Upload your study docs or become a

Course Hero member to access this document

Computer Security: Principles and Practice, 4th EditionChapter 8

Chapter 8 – Intrusion Detection

TRUE/FALSE QUESTIONS:

TF1. An intruder can also be referred to as a hacker or cracker.

TF2. Activists are either individuals or members of an organized crime

group with a goal of financial reward.

TF3. Running a packet sniffer on a workstation to capture usernames and

passwords is an example of intrusion.

TF4. Those who hack into computers do so for the thrill of it or for status.

TF5. Intruders typically use steps from a common attack methodology.

TF6. The IDS component responsible for collecting data is the user interface.

TF7. Intrusion detection is based on the assumption that the behavior of the

intruder differs from that of a legitimate user in ways that can be

quantified.

TF8. The primary purpose of an IDS is to detect intrusions, log suspicious

events, and send alerts.

TF9. Signature-based approaches attempt to define normal, or expected,

behavior, whereas anomaly approaches attempt to define proper

behavior.

TF 10. Anomaly detection is effective against misfeasors.

TF11. To be of practical use an IDS should detect a substantial percentage of

intrusions while keeping the false alarm rate at an acceptable level.

T F12. An inline sensor monitors a copy of network traffic; the actual traffic

does not pass through the device.

TF13. A common location for a NIDS sensor is just inside the external

firewall.

TF14. Network-based intrusion detection makes use of signature detection

and anomaly detection.

TF15. Snort can perform intrusion prevention but not intrusion detection.

Which intrusion detection approach involves defining attack patterns that can be used to decide that a given behavior is that of an intruder?

What are the characteristics of host base IDS?

Is inserted into a network segment so that the traffic that is monitoring must pass through the sensor?

Which is component monitors network traffic and triggers an alarm if issues are detected?