Quiz 5: CSC154 Computer Systems Attacks and Countermeasures Flashcards

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/14

flashcard set

Earn XP

Description and Tags

Flashcards based on Quiz 5 from CSC154, covering intrusion detection, firewall configurations, and security protocols.

Last updated 8:44 AM on 7/8/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

15 Terms

1
New cards

What is a security incident in which an intruder gains access to a system without having authorization to do so?

Security intrusion

2
New cards

What monitors the characteristics of a single host and the events occurring within that host for suspicious activity?

host-based IDS

3
New cards

What monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity?

network-based IDS

4
New cards

What involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder?

Signature detection

5
New cards

Which type of sensor is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor?

inline sensor

6
New cards

Which ID component analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator?

analyzer

7
New cards

True or False: Signature-based approaches attempt to define normal or expected behavior, whereas anomaly approaches attempt to define proper behavior.

False

8
New cards

True or False: Network-based intrusion detection makes use of signature detection and anomaly detection.

True

9
New cards

True or False: A packet filtering firewall is typically configured to filter packets going in both directions.

True

10
New cards

True or False: A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.

False

11
New cards

What type of gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host?

circuit-level

12
New cards

In which area are systems that require or foster external connectivity, such as corporate Web sites, e-mail servers, or DNS servers, typically located?

DMZ

13
New cards

Which configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control?

distributed firewall

14
New cards

What are attacks that attempt to give ordinary users root access?

Privilege-escalation exploits

15
New cards

Which type of anomaly detection looks for deviation from standards set forth in RFCs?

Protocol anomaly