Operating System MCQs

1019 MCQs  (Page 66 of 102)

What are the major components of the intrusion detection system?
A. Analysis engine
B. Event provider
C. Alert database
D. All of the mentioned
What are the different ways to classify an IDS?
A. Zone based
B. Host & network based
C. Network & zone based
D. Level based
What are the characteristics of anomaly based IDS?
A. It models the normal usage of network as a nosie characterization
B. It doesn’t detect novel attacks
C. Anything distinct from the nosie is not assumed to be intrusion activity
D. It detects based on signature
What is the major drawback of anomaly detection IDS?
A. These are very slow at detection
B. It generates many false alarms
C. It doesn’t detect novel attacks
D. None of the mentioned
What are the characteristics of signature based IDS?
A. Most are based on simple pattern matching algorithms
B. It is programmed to interpret a certain series of packets
C. It models the normal usage of network as a nosie characterization
D. Anything distinct from the nosie is assumed to be intrusion activity
What are the drawbacks of signature based IDS?
A. They are unable to detect novel attacks
B. They suffer from false alarms
C. They have to be programmed again for every new pattern to be detected
D. All of the mentioned
What are the drawbacks of the host based IDS?
A. Unselective logging of messages may increase the audit burdens
B. Selective logging runs the risk of missed attacks
C. They are very fast to detect
D. They have to be programmed for new patterns
What are the strengths of the host based IDS?
A. Attack verification
B. System specific activity
C. No additional hardware required
D. All of the mentioned
What are characteristics of stack based IDS?
A. They are integrated closely with the TCP/IP stack and watch packets
B. The host operating system logs in the audit information
C. It is programmed to interpret a certain series of packets
D. It models the normal usage of network as a nosie characterization
What are characteristics of Network based IDS?
A. They look for attack signatures in network traffic
B. Filter decides which traffic will not be discarded or passed
C. It is programmed to interpret a certain series of packet
D. It models the normal usage of network as a nosie characterization