Home > Quiz: Intrusion detection and prevention systems
Security Quiz:
EMAIL THIS LICENSING & REPRINTS

Quiz: Intrusion detection and prevention systems

25 Aug 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Intrusion detection and prevention systems come with a hefty price tag. And once installed, either one can drain your resources if you didn't make a knowledgeable buying decision or don't know how to operate it efficiently. Test your IDS/IPS know-how and improve your knowledge with this quiz.

1.) Which of the following is an advantage of anomaly detection?
a. Rules are easy to define.
b. Custom protocols can be easily analyzed.
c. The engine can scale as the rule set grows.
d. Malicious activity that falls within normal usage patterns is detected.
Answer

2.) A false positive can be defined as…
a. an alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.
b. an alert that indicates nefarious activity on a system that is not running on the network.
c. the lack of an alert for nefarious activity.
d. Both a. and b.
Answer

3.) One of the most obvious places to put an IDS sensor is near the firewall. Where exactly in relation to the firewall is the most productive placement?
a. Inside the firewall
b. Outside the firewall
c. Both
Answer

4.) What is the purpose of a shadow honeypot?
a. To flag attacks against known vulnerabilities.
b. To help reduce false positives in a signature-based IDS.
c. To randomly check suspicious traffic identified by an anomaly detection system.
d. To enhance the accuracy of a traditional honeypot.
Answer

5.) At which two traffic layers do most commercial IDSes generate signatures?
a. application layer
b. network layer
c. session layer
d. transport layer
Answer

6.) An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?
a. Inspection of password files to detect inadvisable passwords
b. Mechanisms put in place to reenact known methods of attack and record system responses
c. Inspection of system to detect policy violations
d. Inspection of configuration files to detect inadvisable settings
Answer

7.) When discussing IDS/IPS, what is a signature?
a. An electronic signature used to authenticate the identity of a user on the network
b. Attack-definition file
c. It refers to "normal," baseline network behavior
d. None of the above
Answer

8.) "Semantics-aware" signatures automatically generated by Nemean are based on traffic at which two layers?
a. application layer
b. network layer
c. session layer
d. transport layer
Answer

9.) Which of the following is used to provide a baseline measure for comparison of IDSes?
a. crossover error rate
b. false negative rate
c. false positive rate
d. bit error rate
Answer

10.) Which of the following is true of signature-based IDSes?
a. They alert administrators to deviations from "normal" traffic behavior.
b. They identify previously unknown attacks.
c. The technology is mature and reliable enough to use on production networks.
d. They scan network traffic or packets to identify matches with attack-definition files.
Answer

More information

Learn secrets to using IDS and IPS effectively in this on-demand webcast

Get tips for operating Snort in our Snort Technical Guide

Learn more about IDS and IPS in our resource centers

How'd you score?
9-10 correct: You are IDS/IPS intelligent
6-8 correct: You are IDS/IPS conversant
3-5 correct: You're an IDS/IPS novice
0-2 correct: You're IDS/IPS ignorant



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Intrusion Detection (IDS)
What are best practices for creating an IDS and maintaining a signature database?
Network intrusion prevention systems: Should enterprises deploy now?
RSA 2008: Sourcefire founder Roesch previews Snort 3
Screencast: Opening up the Network Security Toolkit
Can a firewall alone effectively block port-scanning activity?
Should an intrusion detection system (IDS) be written using Java?
What security risks do enterprise honeypots pose?
What are the benefits of 'in-the-cloud' network security services?
Screencast: Snort -- Tactics for basic network analysis
Can Snort stop application-layer attacks?
Network Intrusion Detection (IDS) Research

Network Intrusion Prevention (IPS)
Network intrusion prevention systems: Should enterprises deploy now?
What security risks do enterprise honeypots pose?
What are the benefits of 'in-the-cloud' network security services?
What is a 'top-down' IPS sensor search?
Is a 'self-defending network' possible?
Best practices for purchasing an intrusion detection device
VeriSign, AirMagnet team up for wireless IPS
Sourcefire, Nmap deal to open vulnerability scanning
Interop: Vendors update software, demonstrate new security features
McAfee launches IPS for 10g networks, but is IT ready?
Network Intrusion Prevention (IPS) Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
computer forensics  (SearchSecurity.com)
Diffie-Hellman key exchange  (SearchSecurity.com)
Einstein  (SearchSecurity.com)
HIDS/NIDS  (SearchSecurity.com)
intrusion detection  (SearchSecurity.com)
network behavior analysis  (SearchSecurity.com)
ultrasound  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts