Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
It is important for an investigator to have a pre-conceived
idea of the incident to guide them down the path of what to
investigate.
Optional Answers:
1. True
2. False - Correct Answer ✅False
The role of a network security investigator is to:
Optional Answers:
1. Fine-tune an IDS to minimize false negatives
2. Fine-tune an IDS to minimize false positives
3. investigate alerts generated by an IDS - Correct Answer
✅investigate alerts generated by an IDS
What is the difference between an alert and a warning?
Optional Answers:
,Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
1. A warning is an indicator generated by an IDS and an alert
is the fornicator's interpretation of that warning
2. An alert is an indicator generated by an IDS and a warning
is the fornicator's interpretation of that alert - Correct
Answer ✅An alert is an indicator generated by an IDS and a
warning is the fornicator's interpretation of that alert
The goal of a forensic investigator is to
Optional Answers:
1. prevent intrusions from taking place
2. determine what an intruder has done so that the incident
can be quickly contained and cleaned up
3. figure out who to blame for the intrusion - Correct
Answer ✅determine what an intruder has done so that the
incident can be quickly contained and cleaned up
What are the four questions that a forensic investigator needs
to ask at the start of an investigation?
,Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
Optional Answers:
1. Who is the intruder, where are they from, and what are
they after, and what did they get?
2. What did the intruder do, when did they do it, do they still
have access, and how bad was the compromise?
3. What vulnerability did the intruder leverage, how did they
leverage it, what data did they they take, and is the data
sensitive? - Correct Answer ✅What did the intruder do,
when did they do it, do they still have access, and how bad
was the
Intrusion detection systems all often fail for all of the
following reasons EXCEPT for what?
Optional Answers:
1. Deployment was a "set and forget" mentality
2. Humans aren't interpreting the warnings
3. Humans aren't reviewing the IDS logs
, Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
4. A host based IDS was used instead of a network based IDS
- Correct Answer ✅A host based IDS was used instead of a
network based IDS
If your system generates thousands of transactions per
second, how should you be monitoring it?
Optional Answers:
1. You should look at a different system that does not
generate as much traffic
2. You should figure out how to reduce the number of
transactions so that it can me reasonably monitored
3. You should apply sampling
4. You should capture and analyze all of it - Correct Answer
✅You should apply sampling
In the context of NSM, what is the correct definition of alerts,
warnings, and escalations?
Optional Answers:
Answers (latest Update 2024) 60
Questions
It is important for an investigator to have a pre-conceived
idea of the incident to guide them down the path of what to
investigate.
Optional Answers:
1. True
2. False - Correct Answer ✅False
The role of a network security investigator is to:
Optional Answers:
1. Fine-tune an IDS to minimize false negatives
2. Fine-tune an IDS to minimize false positives
3. investigate alerts generated by an IDS - Correct Answer
✅investigate alerts generated by an IDS
What is the difference between an alert and a warning?
Optional Answers:
,Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
1. A warning is an indicator generated by an IDS and an alert
is the fornicator's interpretation of that warning
2. An alert is an indicator generated by an IDS and a warning
is the fornicator's interpretation of that alert - Correct
Answer ✅An alert is an indicator generated by an IDS and a
warning is the fornicator's interpretation of that alert
The goal of a forensic investigator is to
Optional Answers:
1. prevent intrusions from taking place
2. determine what an intruder has done so that the incident
can be quickly contained and cleaned up
3. figure out who to blame for the intrusion - Correct
Answer ✅determine what an intruder has done so that the
incident can be quickly contained and cleaned up
What are the four questions that a forensic investigator needs
to ask at the start of an investigation?
,Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
Optional Answers:
1. Who is the intruder, where are they from, and what are
they after, and what did they get?
2. What did the intruder do, when did they do it, do they still
have access, and how bad was the compromise?
3. What vulnerability did the intruder leverage, how did they
leverage it, what data did they they take, and is the data
sensitive? - Correct Answer ✅What did the intruder do,
when did they do it, do they still have access, and how bad
was the
Intrusion detection systems all often fail for all of the
following reasons EXCEPT for what?
Optional Answers:
1. Deployment was a "set and forget" mentality
2. Humans aren't interpreting the warnings
3. Humans aren't reviewing the IDS logs
, Network Security Exam 1 Questions and
Answers (latest Update 2024) 60
Questions
4. A host based IDS was used instead of a network based IDS
- Correct Answer ✅A host based IDS was used instead of a
network based IDS
If your system generates thousands of transactions per
second, how should you be monitoring it?
Optional Answers:
1. You should look at a different system that does not
generate as much traffic
2. You should figure out how to reduce the number of
transactions so that it can me reasonably monitored
3. You should apply sampling
4. You should capture and analyze all of it - Correct Answer
✅You should apply sampling
In the context of NSM, what is the correct definition of alerts,
warnings, and escalations?
Optional Answers:
