Question 1

2.5 out of 2.5 points

A(n) log file monitor is similar to a NIDPS. _________________________

Selected Answer:

True

Correct Answer:

True

Question 2
2.5 out of 2.5 points

__________ is the action of luring an individual into committing a crime to get a conviction.
Selected Answer:

d.

Entrapment
Correct Answer:

d.

Entrapment

Question 3
2.5 out of 2.5 points

Most network behavior analysis system sensors can be deployed in __________ mode only, using the
same connection methods as network-based IDPSs.
Selected Answer:

a.

passive
Correct Answer:

a.

passive

Question 4
2.5 out of 2.5 points

Alarm events that are accurate and noteworthy but do not pose significant threats to information
security are called noise. _________________________
Selected Answer:

True

Correct Answer:

True

Question 5
2.5 out of 2.5 points

Services using the TCP/IP protocol can run only on their commonly used port number as specified in
their original Internet standard.
Selected Answer:

False

Correct Answer:

False

Question 6
2.5 out of 2.5 points

A fully distributed IDPS control strategy is an IDPS implementation approach in which all control
functions are applied at the physical location of each IDPS component..
Selected Answer:

True

Correct Answer:

True

Question 7
2.5 out of 2.5 points

Network Behavior Analysis system __________ sensors are typically intended for network perimeter
use, so they would be deployed in close proximity to the perimeter firewalls, often between the
firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
Selected Answer:

d.

inline
Correct Answer:

d.

inline

Question 8
2.5 out of 2.5 points

A __________ vulnerability scanner listens in on the network and identifies vulnerable versions of
both server and client software.
Selected Answer:

b.

passive
Correct Answer:

b.

passive

Question 9
2.5 out of 2.5 points

The integrity value, which is based upon fuzzy logic, helps an administrator determine how likely it
is that an IDPS alert or alarm indicates an actual attack in progress. _________________________
Selected Answer:

False

Correct Answer:

False

Question 10
2.5 out of 2.5 points

Alarm filtering is alarm clustering that may be based on combinations of frequency, similarity in
attack signature, similarity in attack target, or other criteria that are defined by the system
administrators. _________________________
Selected Answer:

False

Correct Answer:

False

Question 11
2.5 out of 2.5 points

A strategy based on the concept of defense in depth is likely to include intrusion detection systems,
active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol
analyzers.
Selected Answer:

True

Correct Answer:

True

Question 12
2.5 out of 2.5 points

In order to determine which IDPS best meets an organizations needs, first consider the organizational
environment in technical, physical, and political terms.
Selected Answer:

True

Correct Answer:

True

Question 13
2.5 out of 2.5 points

A HIDPS is optimized to detect multihost scanning, and it is able to detect the scanning of non-host
network devices, such as routers or switches.
Selected Answer:

False

Correct Answer:

False

Question 14
2.5 out of 2.5 points

The process by which attackers change the format and/or timing of their activities to avoid being
detected by the IDPS is known as a false attack stimulus.
Selected Answer:

False

Correct Answer:

False

Question 15
2.5 out of 2.5 points

In TCP/IP networking, port __________ is not used.

Selected Answer:

a.

0
Correct Answer:

a.

Question 16
2.5 out of 2.5 points

__________ is the process of classifying IDPS alerts so that they can be more effectively managed.
Selected Answer:

c.

Alarm filtering
Correct Answer:

c.

Alarm filtering

Question 17
2.5 out of 2.5 points

A(n) __________ IDPS is focused on protecting network information assets.

Selected Answer:

b.

network-based
Correct Answer:

b.

network-based

Question 18
2.5 out of 2.5 points

Security tools that go beyond routine intrusion detection include honeypots, honeynets and padded
cell systems.
Selected Answer:

True

Correct Answer:

True

Question 19
2.5 out of 2.5 points

A(n) known vulnerability is a published weakness or fault in an information asset or its

protective systems that may be exploited and result in loss.
_________________________
Selected Answer:

True

Correct Answer:

True

Question 20
2.5 out of 2.5 points

Your organizations operational goals, constraints, and culture should not affect the selection of the
IDPS and other security tools and technologies to protect your systems.
Selected Answer:

False

Correct Answer:

False