SophiaPretty
$14/per page/Negotiable
A(n) ____ is software that doesn't just detect packets as they pass through a gateway, but that actively scans the network and sends packets to computers to see whether vulnerabilities exist.
firewall
sniffer
network vulnerability analyzer
intrusion detection system
2.
An organization's SIRT members should always be drawn from external and public organizations.
 True
 False
3.____Â involves removing any files or programs that resulted from the intrusion, including malicious code, Registry keys, unnecessary executable files, viruses,worms, or files created by worms.
Eradication
Alerting
Containment
Recovery
Â
4The term true positive is sometimes used to describe a genuine attack.
 True
 False
5
A Class C address uses the 255.255.0.0 netmask.
 True
 False
6
If a firewall is used to protect the LAN, sensors can only be positioned behind the firewall.
 True
 False
7
Some sophisticated IDS devices can be set up to take some countermeasures, such as resetting all network connections when an intrusion is detected.
 True
 False
8
____, like firewall hardware appliances, can handle more network traffic and have better scalability than software IDS packages.
Norton Internet Security
Mcafee Personal IDS
IDS hardware appliances
Snort
Â
9.In a ____ configuration, the HIDS sends all data that's gathered to a central location (the command console) for analysis.
distributed
centralized
local
remote
10
The first step in the intrusion detection process occurs before the first packet is ever detected on the network.
 True
 False
Â
11.
Sensors installed on individual hosts read packets as they pass into and out of network segments.
 True
 False
____ is the process of replaying the attack so that you can see what the attacker viewed.
Counterattack
External attack
Monitored attack
Attack visualization
Â
____ tell SIRT members to keep records of who performed each task and remind them to analyze the backup of the affected system while locking away the original media for safekeeping.