last22

One is "high" IDS and the other is "normal"

One is "host" IDS and the other is "normal"

One is "homogeneous" IDS and the other is "network"

They are the same thing

None of the above

Difficulty in keeping the lists readable

Difficulty in managing more than one list

Behavioral anomalies

Variants

All of the above

A SIEM will not work with proper crypto

SIEM security requires network tunnels

SIEMS always require SOCs

SOCs typically use SIEMS

All the above

Perimeter protection works great on enterprise networks

Perimeter protection works poorly on enterprise networks

Perimeters work unless mobility is present

Cloud requires perimeter protection

All of the above

It is a mandatory requirement in most compliance frameworks

It requires 24 by 7 operation

It is already done in other parts of the enterprise

It reduces response cycle times

None of the above

IDS = IPS

SIEM = SOC

IDS is implied by IPS

SOC is implied by SIEM

All of the above

Increased application-level authentication of the client

Running a scan on the web server for vulnerabilities

Implementing improved auditing on both the client and server

None of the above.

Warnings to users to be careful

LAN encryption

Physical security of LAN equipment

None of the above

Running an IPS in front of the server to shun the spoofed source

Running a DOS defense service in front of the web server that detects the flood of spoofed sources

Notifying the spoofed IP address of the incident

All of the above

Positioning a firewall in front of the server to filter commands

Improving the strength of administrative passwords

Running an IDS in front of the server to detect attacks

All of the above