1/14
Flashcards based on Quiz 5 from CSC154, covering intrusion detection, firewall configurations, and security protocols.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
What is a security incident in which an intruder gains access to a system without having authorization to do so?
Security intrusion
What monitors the characteristics of a single host and the events occurring within that host for suspicious activity?
host-based IDS
What monitors network traffic for particular network segments or devices and analyzes network, transport, and application protocols to identify suspicious activity?
network-based IDS
What involves an attempt to define a set of rules or attack patterns that can be used to decide if a given behavior is that of an intruder?
Signature detection
Which type of sensor is inserted into a network segment so that the traffic that it is monitoring must pass through the sensor?
inline sensor
Which ID component analyzes the data collected by the sensor for signs of unauthorized or undesired activity or for events that might be of interest to the security administrator?
analyzer
True or False: Signature-based approaches attempt to define normal or expected behavior, whereas anomaly approaches attempt to define proper behavior.
False
True or False: Network-based intrusion detection makes use of signature detection and anomaly detection.
True
True or False: A packet filtering firewall is typically configured to filter packets going in both directions.
True
True or False: A DMZ is one of the internal firewalls protecting the bulk of the enterprise network.
False
What type of gateway sets up two TCP connections, one between itself and a TCP user on an inner host and one between itself and a TCP user on an outside host?
circuit-level
In which area are systems that require or foster external connectivity, such as corporate Web sites, e-mail servers, or DNS servers, typically located?
DMZ
Which configuration involves stand-alone firewall devices plus host-based firewalls working together under a central administrative control?
distributed firewall
What are attacks that attempt to give ordinary users root access?
Privilege-escalation exploits
Which type of anomaly detection looks for deviation from standards set forth in RFCs?
Protocol anomaly