Networking > IDS/IPS Architectures > Flashcards

IDS/IPS Architectures Flashcards

(16 cards)

Study These Flashcards
1
Q

Which type of tap makes the sniffed traffic available on many different
output ports connected to different types of monitoring devices?

A

Regeneration Tap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following will have a positive impact on your sensor processing
speed?

A

small number of signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of tap takes the RX and TX signals and combines them back into
full-duplex traffic and sends it to a monitoring port?

A

port aggregator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What event will take place when valid traffic is dropped by an Intrusion
Prevention System (IPS) as a result of rules that may not be correct or may
not be tuned for your specific site?

A

false positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following are a hybrid use of both a switch and tap?

A

span tap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of tap will split the signal and offer bandwidth and distance
benefits?

A

Fiber

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following command’s is used to associate a physical interface
(such as eth1 or eth2) with a logical interface?

A

???

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is NOT a concern when using a span port on a
switch?

A

???

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which device bleeds off the existing signal of traffic for capture?

A

tap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is an inexpensive low-end solution for half-duplex
traffic, and is best used on networks where throughput is low?

A

Hub

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following tools captures, indexes and correlates real-time
data in a searchable repository from which it can generate graphs, reports,
alerts, dashboards and visualizations?

A

Splunk – yeah right!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is not an advantage of correlating IDS log data?

A

Reduced volume of data required for analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following correlation methods will compare the condition of a
host to an attack?

Statistical
Rule-based
Flow-based
Behavioral

A

statistical ??

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When correlating data, there are four primary tasks. Which task is required
because different devices have different log formats that need to be
standardized?

Stored in a database
Normalization
Common encoding
Data acquisition

A

Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following services must be used to help correlate log files
between multiple sources on a network?

SNMP
NTP
Syslog
NNTP

A

NTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following will parse data from network, security, or system
devices and reorganize the data into a uniform format that can easily be
searched?

Intrusion Prevention System
Security Information Manager
Unified Threat Management Platform
Intrusion Detection System

Study These Flashcards
A

Security Information Manager

Networking
flashcards
Decks in class (10)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions