Team LiB
Previous Section Next Section

Chapter 10 Q&A

1:

List two weaknesses of the signature-based IDS.

A1:

Answer: Weaknesses of the signature-based IDS include the following:

  • High false positive rate

  • Evasion susceptibility

  • Single vulnerability may require multiple signatures

  • Continuous updates required

  • Cannot detect unknown attacks

2:

Why does the deployment of a policy-based IDS take a long time?

A2:

Answer: Deployment of policy-based IDS is lengthy because all the security policy rules of the company must be programmed into the IDS.

3:

Which IDS is not limited by bandwidth restrictions or data encryption?

A3:

Answer: A host IDS is not limited by bandwidth restrictions or data encryption.

4:

Which IDS is very challenging in a switched environment?

A4:

Answer: A network IDS is very challenging in a switched environment because traffic is aggregated only on the backplanes of the devices.

5:

Name the two main components of a Cisco host IDS.

A5:

Answer: The two main components of a Cisco host IDS are as follows:

  • Cisco Secure Agent

  • Cisco Management Station

6:

Name the two interfaces of a network IDS.

A6:

Answer: The two interfaces of a network IDS are as follows:

  • Monitoring or capturing interface

  • Command and control interface

7:

What are the three main components of a network IDS?

A7:

Answer: The three main components of a network IDS are the network sensor, the network management station, and the communication channel.

8:

List three responses to events or alerts.

A8:

Answer: IDSs can respond to attacks in a few different ways. IDSs can actively terminate the session, block the attacking host, or passively create IP session logs.

9:

What two processes are in place to automate sensor maintenance?

A9:

Answer: Automatic updates (auto update server) and active update notification are two ways to automate sensor maintenance.

10:

The RDEP protocol communication consists of what two message types?

A10:

Answer: The RDEP protocol communication consists of two message types: the RDEP request and the RDEP response message. These messages can be event messages or IP log messages.

    Team LiB
    Previous Section Next Section