| 1: | List two weaknesses of the signature-based IDS. | |
| A1: | Answer: Weaknesses of the signature-based IDS include the following:
| |
| 2: | Why does the deployment of a policy-based IDS take a long time? | |
| A2: | Answer: Deployment of policy-based IDS is lengthy because all the security policy rules of the company must be programmed into the IDS. | |
| 3: | Which IDS is not limited by bandwidth restrictions or data encryption? | |
| A3: | Answer: A host IDS is not limited by bandwidth restrictions or data encryption. | |
| 4: | Which IDS is very challenging in a switched environment? | |
| A4: | Answer: A network IDS is very challenging in a switched environment because traffic is aggregated only on the backplanes of the devices. | |
| 5: | Name the two main components of a Cisco host IDS. | |
| A5: | Answer: The two main components of a Cisco host IDS are as follows:
| |
| 6: | Name the two interfaces of a network IDS. | |
| A6: | Answer: The two interfaces of a network IDS are as follows:
| |
| 7: | What are the three main components of a network IDS? | |
| A7: | Answer: The three main components of a network IDS are the network sensor, the network management station, and the communication channel. | |
| 8: | List three responses to events or alerts. | |
| A8: | Answer: IDSs can respond to attacks in a few different ways. IDSs can actively terminate the session, block the attacking host, or passively create IP session logs. | |
| 9: | What two processes are in place to automate sensor maintenance? | |
| A9: | Answer: Automatic updates (auto update server) and active update notification are two ways to automate sensor maintenance. | |
| 10: | The RDEP protocol communication consists of what two message types?A10: | Answer: The RDEP protocol communication consists of two message types: the RDEP request and the RDEP response message. These messages can be event messages or IP log messages. |