An IS auditor is reviewing installation of intrusion detection system (IDS). Which of the following is a GREATEST concern?
Select one
A.
B.
C.
D.
Answer and explanation:
Major concern will be of system not able to identify the alarming attacks. They present a higher risk because attacks will be unnoticed and no action will be taken to address the attack. High false positive is a concern but not a major concern. Also, logs/reports are first analyzed by an automated tool to eliminate known false-positives, which generally are not a problem, and an IDS does not block any traffic.
Question 2 - ID: 7612562
An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:
Select one
A.
B.
C.
D.
Answer and explanation:
A
An excessive number of false alarms from a behavior-based intrusion detection system (IDS) indicates that additional tuning is needed. False positives cannot be eliminated entirely, but ignoring this warning sign may negate the value of the system by causing those responsible for monitoring its warnings to become convinced that anything reported is false.
B
An organization can place sensors outside of the firewall to detect attacks. These sensors are placed in highly sensitive areas and on extranets.
C
Being weak against new types of attacks is expected from a signature-based IDS because it can only recognize attacks that have been previously identified.
D
An IDS cannot detect attacks within encrypted traffic, but there may be good reason to detect the presence of encrypted traffic, such as when a next-generation firewall is configured to terminate encrypted connections at the perimeter. In such cases, detecting encrypted packets flowing past the firewall could indicate improper configuration or even a compromise of the firewall itself.
Question 3 - ID: 4513018
An organization has installed a IDS which monitor general patterns of activity and creates the database. Which of the following intrusion detection systems (IDSs) has this feature?
Select one
A.
B.
C.
D.
Answer and explanation:
Question 4 - ID: 1913025
Attempts of intrusion attacks and penetration threat to a network can be detected by which of the following by analysing the behaviour of the system?
Select one
A.
B.
C.
D.
Answer and explanation:
IDS determine normal (known and expected) behaviour of the system. Any activity which falls outside the scope of normal behaviour is flagged as intrusion. Router, Stateful inspection and packet filters are types of firewalls designed to block certain types of communications routed or passing through specific ports. It is not designed to discover someone bypassing or going under the firewall.
Question 5 - ID: 7613019
The component of an IDS that collects the data is:
Select one
A.
B.
C.
D.
Answer and explanation:
Question 6 - ID: 5012297
Integrating the business continuity plan into IT project management aids in:
Select one
A.
B.
C.
D.
Answer and explanation:
A
A transaction flowchart aids in analyzing an application's controls but does not affect business continuity.
B
Integrating the Bep into the development process ensures complete coverage of the requirements through each phase of the project.
C
A BCP will not directly address the detailed processing needs of the users.
D
Testing the business continuity plan's (BCP) requirements is not related to IT project management.
Question 7 - ID: 9413023
Which of the following is a function of an intrusion detection system (IDS)?
Select one
A.
B.
C.
D.
Answer and explanation:
Obtaining evidence on intrusive activity is a function of IDS. Other options are functions of firewall.
Question 8 - ID: 8413028
Of all three IDS (i.e. (i) signature (ii) statistics and (iii) neural network), neural network is more effective in detecting fraud because:
Select one
A.
B.
C.
D.
Answer and explanation:
Neural networks monitor the general pattern of activities and create a database and attacks problems that require consideration of a large number of input variables. They are capable of capturing relationships and patterns often missed by other statistical methods.
Question 9 - ID: 2713020
Even for normal activity, which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms?
Select one
A.
B.
C.
D.
Answer and explanation:
Statistical based IDS determine normal (known and expected) behaviour of the system. Any activity which falls outside the scope of normal behaviour is flagged as intrusion. Statistical based IDS is most likely to generate false positive (i.e. false alarm) as compared to other IDS. Since normal network activity may include unexpected behaviour (e.g., frequent download by multiple users), these activities will be flagged as suspicious.
Question 10 - ID: 5613027
An IS auditor reviewing the implementation of IDS should be most concerned if:
Select one
A.
B.
C.
D.
Answer and explanation:
IDS cannot detect attacks which are in form of encrypted traffic. So if organization has misunderstood that IDS can detect encrypted traffic also and accordingly designed its control strategy, then it is major concern.
Question 11 - ID: 7013026
To detect intrusion, BEST control would be:
Select one
A.
B.
C.
D.
Answer and explanation:
BEST method to detect the intrusion is to actively monitor the unsuccessful logins. Deactivating the user ID is preventive method and not detective.
Question 12 - ID: 4713022
An organization wants to detect attack attempts that the firewall is unable to recognize. A network intrusion detection system (IDS) between the:
Select one
A.
B.
C.
D.
Answer and explanation:
Placement of Intrusion Detection System: (1)If a network based IDS is placed between Internet & the firewall, it will detect all the attack attempts (whether or not they enter the firewall). (2)If a network based IDS is placed between firewall & the corporate network, it will detect only those attack attempts which enter the firewall. (i.e. cases where firewall failed to block the attack)
Question 13 - ID: 2413024
Which of the following is the most routine problem in implementation of intrusion detection system (IDS)?
Select one
A.
B.
C.
D.
Answer and explanation:
Main problem in operating IDSs is the recognition (detection) of events that are not really security incidents—false positives (i.e. false alarm).
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you accept and understand our Privacy Policy.