Is a security event that constitutes a security incident in which an intruder gains access to a system without having the authorization to do so?

Computer Security: Principles and Practice, 4th EditionChapter 8

Chapter 8 – Intrusion Detection

TRUE/FALSE QUESTIONS:

TF1. An intruder can also be referred to as a hacker or cracker.

TF2. Activists are either individuals or members of an organized crime

group with a goal of financial reward.

TF3. Running a packet sniffer on a workstation to capture usernames and

passwords is an example of intrusion.

TF4. Those who hack into computers do so for the thrill of it or for status.

TF5. Intruders typically use steps from a common attack methodology.

TF6. The IDS component responsible for collecting data is the user interface.

TF7. Intrusion detection is based on the assumption that the behavior of the

intruder differs from that of a legitimate user in ways that can be

quantified.

TF8. The primary purpose of an IDS is to detect intrusions, log suspicious

events, and send alerts.

TF9. Signature-based approaches attempt to define normal, or expected,

behavior, whereas anomaly approaches attempt to define proper

behavior.

TF 10. Anomaly detection is effective against misfeasors.

TF11. To be of practical use an IDS should detect a substantial percentage of

intrusions while keeping the false alarm rate at an acceptable level.

T F12. An inline sensor monitors a copy of network traffic; the actual traffic

does not pass through the device.

TF13. A common location for a NIDS sensor is just inside the external

firewall.

TF14. Network-based intrusion detection makes use of signature detection

and anomaly detection.

TF15. Snort can perform intrusion prevention but not intrusion detection.

What is responsible for determining if an intrusion has occurred?

Are either individuals or members of a larger group of outsider attackers who are motivated by social or political cause?

Is the granting of a right or permission to a system entity to access a system resource?