Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list stáhnout pdf (Strana 5)

642-531

Explanation:

True positive - is when an IDS generates an alarm for known intrusive activity.

False negative - is when an IDS fails to generates an alarm for known intrusive activity.

False positive - is when an IDS generates an alarm for normal user activity.

Reference:Cisco Secure Intrusion Detection System (Ciscopress) page 55 & 58

Note:True positive -A situation in which a signature is fired properly when offending traffic is detected. An

attack is detected as expected. - Cisco Secure Intrusion Detection System 4 chap 3 page 12

QUESTION 11

A Cisco IDS Sensor has been configured to detect attempts to extract the password file from Windows

2000 systems. During a security assessment, the consultants attempted to extract the password files from

three Windows 2000 servers. This activity was not detected by the Sensor.

What situation has this activity caused?

A. False negative

B. False positive

C. True positive

D. True negative

Answer: A

False negative- is when an IDS fails to generates an alarm for known intrusive activity.

False positive - is when an IDS generates an alarm for normal user activity.

True positive - is when an IDS generates an alarm for known intrusive activity.

Reference:Cisco Secure Intrusion Detection System (Ciscopress) page 55 & 58

Note

: A situation in which a signature is not fired when offending traffic is detected. An actual attack is not detected

-Cisco Secure Intrusion Detection System 4 chap 3 page 11

QUESTION 12

Which of the following is typical of profile-based, or anomaly-based, intrusion detection?

A. Normal network activity is easily defined

B. It is most applicable to environments with unpredictable traffic patterns

C. It is prone to a high number of false positive alarms

D. Signatures match patterns of malicious activity

Answer: C

Page 3-14 CSIDS Courseware under Profile-based Intrusion Detection

Prone to high number of false positives - Difficult to define "normal" activity

QUESTION 13

An anonymous person has posted a tool on a public website that can cause Cisco DSL routers to reboot.

What term describes how this tool is used to leverage the weakness in the Cisco DSL routers?

A. Vulnerability

B. Exploit

1 2 3 4 5 6 7 8 9 10 ... 122 123

Žádné komentáře

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list Strana 5