Enterprise Topic;Questions And Answers,
A process of grouping almost identical alarms that occur nearly at the same time into a
single higher-level alarm is known as alarm _____. - answer;-clustering
A unique value or pattern of an attack that enables detection is called a(n) _____. -
answer;-signature
A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded
every time the system boots. - answer;-persistent
A(n) ____ is a type of IDPS that is similar to an NIDPS; it reviews the log files generated
by servers, network devices, and even other IDPSs. - answer;-log file monitor
A(n) ____ is any system resource that is placed in a functional system but has no
normal use in that system. If it attracts attention, it is from unauthorized access and will
trigger a notification or response. - answer;-honeytoken
A(n) ____ is the set of rules and configuration guidelines governing the implementation
and operation of IDPSs within the organization. - answer;-site policy
An advantage of an HIDPS is _____. - answer;-it functions on the host system, where
encrypted traffic is decrypted and available for processing
By guarding against some types of vulnerabilities, an IDPS can become an important
part of an organization's _____ strategy. - answer;-defense in depth
In an attack known as ____, valid protocol packets exploit poorly configured DNS
servers to inject false information and corrupt the servers' answers to routine DNS
queries from other systems on that network. - answer;-DNS cache poisoning
Like the Wiretap Act's prohibition on intercepting the contents of communications, the
_____ creates a general prohibition on the real-time monitoring of traffic data relating to
communications. - answer;-Pen/Trap statute
The ongoing activity from alarm events that are accurate and noteworthy but not
necessarily as significant as potentially successful attacks is called ____. - answer;-
noise
The process of classifying the attack alerts that an IDPS detects in order to distinguish
or sort false positives from actual attacks more efficiently is known as alarm _____. -
answer;-filtering
The SIEM capability of _____ enables flexible and timely reaction to attacks - answer;-
real-time monitoring
, Enterprise Topic;Questions And Answers,
The SIEM capability of _____ enables review of system activity that can identify
breaches and reveal insider misuse. - answer;-user monitoring
The use of IDPS sensors and analysis systems can be quite complex. One very
common approach is to use an open source software program called ____ running on a
UNIX or Linux system that can be managed and queried from a desktop computer using
a client interface. - answer;-Snort
The ____ of a switch or other networking device is a specially configured connection
that is capable of viewing all the traffic that moves through the entire device. - answer;-
monitoring port
The _____ resides on a particular computer or server, known as the host, and monitors
activity only on that system. - answer;-HIDPS
Which is the most important factor when selecting a SIEM solution? - answer;-The
extent to which the SIEM system provides the required features the organization needs.
____ are closely monitored network decoys that can distract adversaries from more
valuable machines on a network, provide early warning about new attack and
exploitation trends; and can allow in-depth examination of adversaries during and after
exploitation. - answer;-Honeypots
_____ is a value associated with an IDPS's ability to detect and identify an attack
correctly. - answer;-Confidence
_____ systems use a combination of resources to detect an intrusion and then track it
back to its source; they must be used with caution to avoid illegal actions. - answer;-
Trap and trace
A ____ attack is much more substantial than a DoS attack because of the use of
multiple systems to simultaneously attack a single target. - answer;-distributed denial-of-
service
A ____ is a small quantity of data kept by a Web site as a means of recording that a
system has visited that Web site. - answer;-cookie
According to NIST, which of the following is an example of an unauthorized access
attack? - answer;-Modifying Web-based content without permission
Clifford Stoll's book, ____, provides an excellent story about a real-world incident that
turned into an international tale of espionage and intrigue. - answer;-The Cuckoo's Egg
Essentially a DoS attack, a ____ is a message aimed at causing users to waste time
reacting to a nonexistent malware threat. - answer;-malware hoax
A process of grouping almost identical alarms that occur nearly at the same time into a
single higher-level alarm is known as alarm _____. - answer;-clustering
A unique value or pattern of an attack that enables detection is called a(n) _____. -
answer;-signature
A ____ rootkit is one that becomes a part of the system bootstrap process and is loaded
every time the system boots. - answer;-persistent
A(n) ____ is a type of IDPS that is similar to an NIDPS; it reviews the log files generated
by servers, network devices, and even other IDPSs. - answer;-log file monitor
A(n) ____ is any system resource that is placed in a functional system but has no
normal use in that system. If it attracts attention, it is from unauthorized access and will
trigger a notification or response. - answer;-honeytoken
A(n) ____ is the set of rules and configuration guidelines governing the implementation
and operation of IDPSs within the organization. - answer;-site policy
An advantage of an HIDPS is _____. - answer;-it functions on the host system, where
encrypted traffic is decrypted and available for processing
By guarding against some types of vulnerabilities, an IDPS can become an important
part of an organization's _____ strategy. - answer;-defense in depth
In an attack known as ____, valid protocol packets exploit poorly configured DNS
servers to inject false information and corrupt the servers' answers to routine DNS
queries from other systems on that network. - answer;-DNS cache poisoning
Like the Wiretap Act's prohibition on intercepting the contents of communications, the
_____ creates a general prohibition on the real-time monitoring of traffic data relating to
communications. - answer;-Pen/Trap statute
The ongoing activity from alarm events that are accurate and noteworthy but not
necessarily as significant as potentially successful attacks is called ____. - answer;-
noise
The process of classifying the attack alerts that an IDPS detects in order to distinguish
or sort false positives from actual attacks more efficiently is known as alarm _____. -
answer;-filtering
The SIEM capability of _____ enables flexible and timely reaction to attacks - answer;-
real-time monitoring
, Enterprise Topic;Questions And Answers,
The SIEM capability of _____ enables review of system activity that can identify
breaches and reveal insider misuse. - answer;-user monitoring
The use of IDPS sensors and analysis systems can be quite complex. One very
common approach is to use an open source software program called ____ running on a
UNIX or Linux system that can be managed and queried from a desktop computer using
a client interface. - answer;-Snort
The ____ of a switch or other networking device is a specially configured connection
that is capable of viewing all the traffic that moves through the entire device. - answer;-
monitoring port
The _____ resides on a particular computer or server, known as the host, and monitors
activity only on that system. - answer;-HIDPS
Which is the most important factor when selecting a SIEM solution? - answer;-The
extent to which the SIEM system provides the required features the organization needs.
____ are closely monitored network decoys that can distract adversaries from more
valuable machines on a network, provide early warning about new attack and
exploitation trends; and can allow in-depth examination of adversaries during and after
exploitation. - answer;-Honeypots
_____ is a value associated with an IDPS's ability to detect and identify an attack
correctly. - answer;-Confidence
_____ systems use a combination of resources to detect an intrusion and then track it
back to its source; they must be used with caution to avoid illegal actions. - answer;-
Trap and trace
A ____ attack is much more substantial than a DoS attack because of the use of
multiple systems to simultaneously attack a single target. - answer;-distributed denial-of-
service
A ____ is a small quantity of data kept by a Web site as a means of recording that a
system has visited that Web site. - answer;-cookie
According to NIST, which of the following is an example of an unauthorized access
attack? - answer;-Modifying Web-based content without permission
Clifford Stoll's book, ____, provides an excellent story about a real-world incident that
turned into an international tale of espionage and intrigue. - answer;-The Cuckoo's Egg
Essentially a DoS attack, a ____ is a message aimed at causing users to waste time
reacting to a nonexistent malware threat. - answer;-malware hoax
