D483 - IDS/IPS And SIEM: Questions With Proven
Solutions
What is an IDS? Correct Answer - An Intrusion Detection System;
monitors network traffic or system activity for malicious behavior and alerts
administrators.
What is an IPS? Correct Answer - An Intrusion Prevention System;
detects and actively blocks or prevents malicious traffic from continuing.
How does a signature-based IDS work? Correct Answer - Matches traffic
patterns against known attack signatures or rule sets (e.g., Snort rules).
What is anomaly-based detection in IDS/IPS? Correct Answer - Identifies
deviations from a learned baseline of normal behavior to flag potential
threats.
What is a false positive in IDS/IPS? Correct Answer - An alert is
triggered for non-malicious activity that appears suspicious.
What is a false negative in IDS/IPS? Correct Answer - A malicious event
occurs but is not detected or alerted on.
What is the purpose of a SIEM? Correct Answer - A SIEM aggregates logs
from multiple systems, correlates them, and provides alerts, dashboards, and
reports for threat detection and compliance.
What is log correlation in a SIEM? Correct Answer - Combining data
from different sources to identify patterns that indicate security incidents.
What is a use case in SIEM operations? Correct Answer - A predefined
rule or logic that detects specific threat patterns or behaviors based on
correlated events.
What is the difference between alert fatigue and alert tuning? Correct
Answer - Alert fatigue is caused by excessive, often irrelevant alerts; alert
tuning reduces noise by refining rule thresholds or filters.
Solutions
What is an IDS? Correct Answer - An Intrusion Detection System;
monitors network traffic or system activity for malicious behavior and alerts
administrators.
What is an IPS? Correct Answer - An Intrusion Prevention System;
detects and actively blocks or prevents malicious traffic from continuing.
How does a signature-based IDS work? Correct Answer - Matches traffic
patterns against known attack signatures or rule sets (e.g., Snort rules).
What is anomaly-based detection in IDS/IPS? Correct Answer - Identifies
deviations from a learned baseline of normal behavior to flag potential
threats.
What is a false positive in IDS/IPS? Correct Answer - An alert is
triggered for non-malicious activity that appears suspicious.
What is a false negative in IDS/IPS? Correct Answer - A malicious event
occurs but is not detected or alerted on.
What is the purpose of a SIEM? Correct Answer - A SIEM aggregates logs
from multiple systems, correlates them, and provides alerts, dashboards, and
reports for threat detection and compliance.
What is log correlation in a SIEM? Correct Answer - Combining data
from different sources to identify patterns that indicate security incidents.
What is a use case in SIEM operations? Correct Answer - A predefined
rule or logic that detects specific threat patterns or behaviors based on
correlated events.
What is the difference between alert fatigue and alert tuning? Correct
Answer - Alert fatigue is caused by excessive, often irrelevant alerts; alert
tuning reduces noise by refining rule thresholds or filters.
