Test: Intrusion Detection Systems


10 Questions MCQ Test Computer Networks - Notes, Videos, MCQs & PPTs | Test: Intrusion Detection Systems


Description
This mock test of Test: Intrusion Detection Systems for Computer Science Engineering (CSE) helps you for every Computer Science Engineering (CSE) entrance exam. This contains 10 Multiple Choice Questions for Computer Science Engineering (CSE) Test: Intrusion Detection Systems (mcq) to study with solutions a complete question bank. The solved questions answers in this Test: Intrusion Detection Systems quiz give you a good mix of easy questions and tough questions. Computer Science Engineering (CSE) students definitely take this Test: Intrusion Detection Systems exercise for a better result in the exam. You can find other Test: Intrusion Detection Systems extra questions, long questions & short questions for Computer Science Engineering (CSE) on EduRev as well by searching above.
QUESTION: 1

Which of the following is an advantage of anomaly detection?

Solution:

Answer: c
Explanation: Once a protocol has been built and a behavior defined, the engine can scale more quickly and easily than the signature-based model because a new signature does not have to be created for every attack and potential variant.

QUESTION: 2

A false positive can be defined as…

Solution:

Answer: d
Explanation: A false positive is any alert that indicates nefarious activity on a system that, upon further inspection, turns out to represent legitimate network traffic or behavior.

QUESTION: 3

One of the most obvious places to put an IDS sensor is near the firewall. Where exactly in relation to the firewall is the most productive placement?

Solution:

Answer: a
Explanation: There are legitimate political, budgetary and research reasons to want to see all the “attacks” against your connection, but given the care and feeding any IDS requires, do yourself a favor and keep your NIDS sensors on the inside of the firewall.

QUESTION: 4

What is the purpose of a shadow honeypot?

Solution:

Answer: c
Explanation: “Shadow honeypots,” as researchers call them, share all the same characteristics of protected applications running on both the server and client side of a network and operate in conjunction with an ADS.

*Multiple options can be correct
QUESTION: 5

 At which two traffic layers do most commercial IDSes generate signatures?

Solution:

Answer: b, d
Explanation: Most commercial IDSes generate signatures at the network and transport layers.

QUESTION: 6

An IDS follows a two-step process consisting of a passive component and an active component. Which of the following is part of the active component?

Solution:

Answer: b
Explanation: Second component of mechanisms are set in place to reenact known methods of attack and to record system responses.

QUESTION: 7

When discussing IDS/IPS, what is a signature?

Solution:

Answer: b
Explanation: IDSes work in a manner similar to modern antivirus technology. They are constantly updated with attack-definition files (signatures) that describe each type of known malicious activity.

*Multiple options can be correct
QUESTION: 8

“Semantics-aware” signatures automatically generated by Nemean are based on traffic at which two layers?

Solution:

Answer: a, c
Explanation: Nemean automatically generates “semantics-aware” signatures based on traffic at the session and application layers.

QUESTION: 9

Which of the following is used to provide a baseline measure for comparison of IDSes?

Solution:

Answer: a
Explanation: As the sensitivity of systems may cause the false positive/negative rates to vary, it’s critical to have some common measure that may be applied across the board.

QUESTION: 10

Which of the following is true of signature-based IDSes?

Solution:

Answer: d
Explanation: They are constantly updated with attack-definition files (signatures) that describe each type of known malicious activity. They then scan network traffic for packets that match the signatures, and then raise alerts to security administrators.