1.) In the tip How to limit false positives in IPSes, author Jonathan Hassell recommends running an IPS in one of two modes to cut back on false positives. In which mode is an IPS likely to generate excessive false positives?
2.) How does an IPS differ from an IDS?
a. An IPS detects network attacks, but doesn't issue alerts.
b. An IPS detects network attacks and issues alerts.
c. An IPS responds to network attacks by blocking traffic and resetting connections.
d. An IPS sits inline and monitors traffic.
3.) What primary advantage does an IPS offer over IDS that makes it a crucial component of a security strategy?
a. The amount of logs generated
b. The speed at which attacks can be mitigated
c. The lower price tag
d. A reduced quantity of false positives
4.) Which of the following detection mechanisms might an IPS employ?
a. packet anomaly detection
b. generic pattern matching
c. TCP connection analysis
d. All of the above
5.) What term best describes the notion of analyzing the condition of systems and networks and doing what is appropriate to deal with whatever is wrong with them?
a. proportionality of response
b. passive defense
c. active defense
d. None of the above
This was first published in July 2005