Search Header Logo
Untitled Presentation

Untitled Presentation

Assessment

Presentation

Computers

University

Practice Problem

Hard

Created by

abdul hadi

FREE Resource

38 Slides • 25 Questions

1

media

2

media

3

Open Ended

How do monitoring and detection systems like IDS/IPS contribute to protecting organizational information assets?

4

Multiple Choice

Why is intrusion detection important for network security?

1

It helps identify unauthorized access and potential threats.

2

It slows down network performance.

3

It is only useful for small organizations.

4

It replaces the need for firewalls.

5

media

6

Multiple Choice

Which of the following tools is used for monitoring the status of network assets from various operational indicators?

1

Wazuh

2

Nagios

3

Solarwinds

4

Elastic

7

media

8

Multiple Select

Which of the following activities are classified as intrusion according to the definition provided?

1

Attempted Break-ins

2

Masquerade attacks

3

Running permitted programs

4

Denial of Service

9

media

10

Fill in the Blank

IDS is a device or application that monitors ___ and detects dangerous activities or policy violations.

11

media

12

media

13

media

14

Multiple Choice

Why is it necessary to have an application that complements the firewall in network security?

1

Because firewalls cannot detect all threats

2

Because firewalls are always secure

3

Because firewalls can inspect all traffic

4

Because firewalls never get attacked

15

Open Ended

Explain the main difference between the function of a firewall and an IDS in network security.

16

media

17

Multiple Choice

What is the primary goal of an Intrusion Detection System (IDS)?

1

To block all network traffic

2

To inspect all network activity and identify suspicious patterns

3

To encrypt data transmissions

4

To manage user authentication

18

media

19

media

20

Fill in the Blank

The IDS examines and processes information about target system activity to keep up with monitored activity. This function is called ___.

21

media

22

Multiple Select

Which of the following are functions performed by an Intrusion Detection System (IDS)?

1

Monitoring target system activity

2

Reporting information to security infrastructure

3

Responding to detected intrusions

4

Encrypting network traffic

23

Open Ended

Explain the roles of 'Monitor', 'Report', and 'Respond' in the context of Intrusion Detection Systems (IDS).

24

media

25

Open Ended

What are the two approaches to Intrusion Detection mentioned in the slides, and how do they differ?

26

media

27

Fill in the Blank

Network-based IDS provides real-time monitoring activity by ___ header dan isi paket.

28

media

29

Multiple Choice

Which of the following tools is used as a File System Integrity Checker in Host-based IDS?

1

Swatch

2

Log check

3

Mod_security

4

Tripwire

30

media

31

Open Ended

Explain the difference between Rule Based (Misuse detection) and Anomaly detection methods in IDS.

32

media

33

Multiple Select

Which of the following are considered active responses in IDS?

1

Alerts – Visual, Audio, E-mail, Pager, SNMP Alarms

2

Snapshots taken for later analysis

3

Update Policy

4

Block Traffic Completely

34

media

35

Fill in the Blank

Threshold is a value that represents the boundary of ___ activity.

36

media

37

Multiple Choice

In the context of IDS rules, what does the 'content' field specify?

1

The protocol to use

2

The value of a payload

3

The port number

4

The message to send

38

media

39

Open Ended

Describe how header and payload analysis are used in anomaly detection for IDS. Provide examples of attacks detected by each method.

40

media

41

Multiple Choice

Which step comes immediately after data traffic is captured using tcpdump in the anomaly detection process?

1

Preprocessing and splitting data into training and testing sets

2

Classification using SVM

3

Testing the trained model

4

Labeling the data

42

media

43

Multiple Select

Which of the following are examples of attack behaviors detected by anomaly detection systems?

1

Smurf ICMP echo request flooding

2

UDPStorm spoofed request flooding

3

Checksum errors in packets

4

Normal TCP/IP communication

44

Open Ended

Explain how anomaly detection distinguishes between normal and attack packets based on the principles described.

45

media

46

media

47

Fill in the Blank

Snort is a Network IDS with three modes: sniffer, packet logger, and ___.

48

media

49

media

50

media

51

media

52

media

53

media

54

media

55

media

56

media

57

media

58

media

59

media

60

media

61

media

62

Open Ended

Reflecting on the four aspects of network security discussed, which aspect do you think is most critical for an organization and why?

63

Multiple Choice

Which aspect of network security focuses on monitoring organizational information assets, and what are some examples of tools used for this purpose?

1

Protect; Firewall

2

Detect/Monitoring; IDS/IPS, SIEM

3

Respond; Network Forensics

4

Predict; Threat Intelligence

media

Show answer

Auto Play

Slide 1 / 63

SLIDE