1. Host-based IDPS’ scrutinizes an organizations network data traffic by searching for matching patterns in known signatures, such as preconfiguration and predetermined attack schemas.

   True False

QUESTION 2

1. Network IDPS’ detects more categories of attacks than a Host-based IDPS because it does not necessitate complex configurations and extensive maintenance programs.

   True False

QUESTION 3

1. A(n) ______________________ gathers statistical summaries by observing traffic that is perceived or known to be normal.

QUESTION 4

1. A(n) ______________________ classifies IDPS attack notifications by sorting or distinguishing actual attacks from false positives.

   	a.	alarm clustering
   	b.	alarm filtering
   	c.	alarm tuning
   	d.	single alarm

QUESTION 5

1. In a properly designed system, a(n) _________________ event do not elevate to an incident level because legitimate incident and activities would not be wrongfully reported.
   

QUESTION 6

1. An IDPS or IPS automated response system, known as a(n) _____________, combines its resources to detect intrusions and then trail those intrusions back to its source.
   

QUESTION 7

1. Application IDPS’ examines application event abnormality, by reviewing files that are created by applications with the intent of identifying anomalous occurrences, invalid file executions, excessive user authorization, or problematic interactions between the users, application, and data.

   True False

QUESTION 8

1. A(n) _____________________ reduces an organization’s administrative overhead and the total number of generated notifications because it consolidates identical warnings into a single higher-level notice.

   	a.	alarm tuning
   	b.	alarm clustering
   	c.	single alarm
   	d.	alarm filtering

QUESTION 9

1. It is ill-advised for an organization to assign its patch management responsibility to its Incident Response Team (IRT) because these endeavors are challenging time-intensive functions that necessitate a high degree of expertise and cannot be delayed while the IRT respond to other incidents.

   True False

QUESTION 10

1. An after action review serves as an invaluable learning tool for an organization’s response teams because it acts as a training tool for current and future team members by enabling them to observe what historical incidents occurred, what actions were performed, and if these actions were effective to mitigate the incident.

   True False

QUESTION 11

1. When deploying a(n) ____________________ within the interior of a firewall, this component mandates that all traffic passes through the system before reporting back to the network-based IDPS.

QUESTION 12

1. Precursors are an indicator that an adverse event is underway and is highly probable to become an incident, whereas an indicator is a sign that an observed activity is a signal that an incident will probably occur in the future.

   True False

QUESTION 13

1. A(n) _______________________ occurs when legitimate incidents fail to receive attention and goes unreported.

QUESTION 14

1. The CSIRT is responsible for handing multiple specific physical or logical segments of responses within an organization is a(n) ____________________________.

   	a.	Distributed team
   	b.	Fully outsource team
   	c.	Coordinating team
   	d.	Central team

QUESTION 15

1. When an adverse event become an authentic threat to a business’ operation, they are categorized as an incident; therefore, an incident candidate is a process of evaluating circumstances that will involve those events.

   True False

QUESTION 16

1. A(n) _________________________ are triggered alarms that cause an IDPS to react as if a genuine attack was occurring.

   	a.	false positive
   	b.	true attack stimulus
   	c.	false attack stimulus
   	d.	noise

QUESTION 17

1. A (n) ______________________ process enables the NIDPS to identify patterns of attacks by comparing existing activity measurements to known signature and determine if an attack has or may occurred.

QUESTION 18

1. A(n) ____________________ is an event that causes false positives or triggers alarms when no actual attacks are actually in progress.

QUESTION 19

1. A(n) ___________________________ is a formal or informal group of information technology and information security personnel who are tasked with securing an organization’s information assets by detecting and preventing attacks to its assets.
   

QUESTION 20

1. The responsibilities and functions of the CSIRT are not useful when there is a need to compare previous baselines against current performance levels because an organization’s technology, information systems, and perceived threat levels are unchangeable.

   True False

QUESTION 21

1. When an organization observes that its network traffic has exceeded its measured and established baseline values, this is an indicator that an incident candidate is present. Under these circumstances, these occurrences are categorized with an unexpected time probable indicator.

   True False

QUESTION 22

1. The CSIRT that provides advice and guidance to other organizational teams but have no direct or immediate authority over the teams they advise is a(n) ____________________________.

   	a.	Coordinating team
   	b.	Distributed team
   	c.	Central team
   	d.	Fully outsource team

QUESTION 23

1. Anomaly-based IDPS’ periodically samples network activities to establish a baseline and then measures events that surpasses the established parameter, this excess activity is known as a(n) ___________________.

QUESTION 24

1. The primary responsibility for an organization’s management team and its leadership is to deal with unexpected situations and more importantly to reestablish the organization’s information system posture and the security of its information assets.

   True False

QUESTION 25

1. An Incident Response Team (IRT) assumes the responsibility for intrusion detection functions within an organization because other response teams are challenged with other critical tasks and do not have sufficient time, expertise, or resources to accomplish the goal.

   True False

QUESTION 26

1. HIDPS’ benefit is that it maintains its file logs that are useful when an attacker successfully attempts to mask its tracks by modifying its registry and produces its own independent audit of the attack. .

   True False

QUESTION 27

1. Valid packet that exploits poorly configured DNS servers by introducting false information with the intent of corrupting server responses to queries from other network systems, is an attack example of a(n) ________________________.

QUESTION 28

1. System resources that are placed into a functional system but has no normal use for in the system, is known as a(n) ________________________.

QUESTION 29

1. System and network administrators often will use a(n) _______________ to scan their organization’s internal computer and networks to determine which vulnerabilities a hacker can see.

QUESTION 30

1. A(n) ____________________ will indicate that an incident may be in progress, when an organization has property installed and configured the IDPS.