Show Computer Security: Principles and Practice, 4th EditionChapter 8 Chapter 8 – Intrusion Detection TRUE/FALSE QUESTIONS: TF1. An intruder can also be referred to as a hacker or cracker. TF2. Activists are either individuals or members of an organized crime group with a goal of financial reward. TF3. Running a packet sniffer on a workstation to capture usernames and passwords is an example of intrusion. TF4. Those who hack into computers do so for the thrill of it or for status. TF5. Intruders typically use steps from a common attack methodology. TF6. The IDS component responsible for collecting data is the user interface. TF7. Intrusion detection is based on the assumption that the behavior of the intruder differs from that of a legitimate user in ways that can be quantified. TF8. The primary purpose of an IDS is to detect intrusions, log suspicious events, and send alerts. TF9. Signature-based approaches attempt to define normal, or expected, behavior, whereas anomaly approaches attempt to define proper behavior. TF 10. Anomaly detection is effective against misfeasors. TF11. To be of practical use an IDS should detect a substantial percentage of intrusions while keeping the false alarm rate at an acceptable level. T F12. An inline sensor monitors a copy of network traffic; the actual traffic does not pass through the device. TF13. A common location for a NIDS sensor is just inside the external firewall. TF14. Network-based intrusion detection makes use of signature detection and anomaly detection. TF15. Snort can perform intrusion prevention but not intrusion detection. What is responsible for determining if an intrusion has occurred?+ Analyzer: receiving input from one or more sensors, responsible for determining if an intrusion has occurred. The output of this component is an indication that an intrusion has occurred and may include evidence supporting the conclusion that an intrusion has occurred.
Are either individuals or members of a larger group of outsider attackers who are motivated by social or political cause?Are either individuals working as insiders, or members of a larger group of outsider attackers, who are motivated by social or political causes. They are also known as hacktivists, and their skill level may be quite low.
Is the granting of a right or permission to a system entity to access a system resource?The right or a permission that is granted to a system entity to access a system resource. Access privileges granted to a user, program, or process or the act of granting those privileges.
|