Test your knowledge of intrusion detection with these trivia questions. Scroll down to the bottom of the page for the correct answers. If you get them all right, you can call yourself an Infosec Know IT All!
1.) Network-based intrusion detection procedures are considered active and include:
a. inspection of the system's configuration files to detect inadvisable settings.
b. inspection of the password files to detect inadvisable passwords.
c. the setting of mechanisms to re-enact known methods of attack.
d. inspection of system areas to detect policy violations.
2.) This type of IDS involves a wrapper or a scanner that looks for specific events. When it sees the event, it correlates it and decides whether or not it's an acceptable event.
a. anomaly detection
c. blind barricade
d. profile detection
3.) True or False: Hackers can successfully mount slow attacks undetected due to the memory limitations of intrusion-detection systems.
4.) There are other places to look for evidence of an intrusion in addition to your IDS. Which of these could you analyze for evidence of an intrusion?
a. System logs
b. Telephone logs
c. File system dates and times
d. Authentication logs
e. All of the above
5.) When building a cost-benefit model for an IDS, you should include:
a. The ROI associated with protecting the corporate reputation.
b. The ROI associated with keeping the corporate stockholders happy.
c. The ROI associated with maintaining continuity of system service.
d. All of the above.
What do you think of our daily trivia questions? Are they too easy? Too hard? Do you disagree with one of our answers? Let me know.
1.) c. the setting of mechanisms to re-enact known methods of attack.
For more information on intrusion-detection systems, read Intrusion-detection systems sniff out security breaches
2.) c. blind barricade
For information on choosing the right IDS for your organization's needs, read Recommendations for deploying an intrusion-detection system, by SearchSecurity Expert Ed Yakabovicz.