CSCI 5200 FINAL PT- 1 CH13-CH17
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
1. (p. 426) Network-based IDS (NIDS) examines activity on a system,
such as a mail server or web server. (T/F) -
correct answer ✅F
2. (p. 429) Context-based signatures match a pattern of activity
based on the other activity around it, such as a port (T/F) -
correct answer ✅T
3. (p. 430) Hostile activity that does not match an IDS signature and
goes undetected is called a false positive. (T/F) -
correct answer ✅F
4. (p. 442) Traffic that is encrypted will typically pass by an intrusion
prevention system untouched. (T/F) -
correct answer ✅T
5. (p. 448) Performing cloud-based data loss prevention (DLP) is as
simple as moving the enterprise edge methodology to the cloud.
(T/F) -
correct answer ✅F
, CSCI 5200 FINAL PT- 1 CH13-CH17
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
6. (p. 426) What does a host-based IDS monitor?
•A. Activity on an individual system
•B. Activity on the network itself
•C. A honeynet
•D. A digital sandbox -
correct answer ✅•A. Activity on an individual system
•7. (p. 426) Which component of an IDS examines the collected
network traffic and compares it to known patterns of suspicious or
malicious activity stored in the signature database?
•A. Traffic collector
•B. Analysis engine
•C. Signature database
•D. Examination collector -
correct answer ✅•B. Analysis engine
•8. (p. 434) What is an advantage of a network-based IDS?he
difference between misuse and anomaly IDS models is
, CSCI 5200 FINAL PT- 1 CH13-CH17
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
•A. An IDS can examine data after it has been decrypted.
•B. An IDS coverage requires fewer systems.
•C. An IDS can be very application specific.
•D. An IDS can determine whether or not an alarm may impact that
specific system. -
correct answer ✅•B. An IDS coverage requires fewer systems.
•9. (p. 435) Which tool has been the de facto standard IDS engine
since its creation in 1998?
•A. Squid
•B. Snort
•C. Bro
D. Suricata -
correct answer ✅•B. Snort
10. (p. 439) What is an advantage of a host-based IDS?
•A. It can reduce false-positive rates.
•B. Its signatures are broader.
•C. It can examine data before it is decrypted.
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
1. (p. 426) Network-based IDS (NIDS) examines activity on a system,
such as a mail server or web server. (T/F) -
correct answer ✅F
2. (p. 429) Context-based signatures match a pattern of activity
based on the other activity around it, such as a port (T/F) -
correct answer ✅T
3. (p. 430) Hostile activity that does not match an IDS signature and
goes undetected is called a false positive. (T/F) -
correct answer ✅F
4. (p. 442) Traffic that is encrypted will typically pass by an intrusion
prevention system untouched. (T/F) -
correct answer ✅T
5. (p. 448) Performing cloud-based data loss prevention (DLP) is as
simple as moving the enterprise edge methodology to the cloud.
(T/F) -
correct answer ✅F
, CSCI 5200 FINAL PT- 1 CH13-CH17
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
6. (p. 426) What does a host-based IDS monitor?
•A. Activity on an individual system
•B. Activity on the network itself
•C. A honeynet
•D. A digital sandbox -
correct answer ✅•A. Activity on an individual system
•7. (p. 426) Which component of an IDS examines the collected
network traffic and compares it to known patterns of suspicious or
malicious activity stored in the signature database?
•A. Traffic collector
•B. Analysis engine
•C. Signature database
•D. Examination collector -
correct answer ✅•B. Analysis engine
•8. (p. 434) What is an advantage of a network-based IDS?he
difference between misuse and anomaly IDS models is
, CSCI 5200 FINAL PT- 1 CH13-CH17
ACTUAL EXAM QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS)
•A. An IDS can examine data after it has been decrypted.
•B. An IDS coverage requires fewer systems.
•C. An IDS can be very application specific.
•D. An IDS can determine whether or not an alarm may impact that
specific system. -
correct answer ✅•B. An IDS coverage requires fewer systems.
•9. (p. 435) Which tool has been the de facto standard IDS engine
since its creation in 1998?
•A. Squid
•B. Snort
•C. Bro
D. Suricata -
correct answer ✅•B. Snort
10. (p. 439) What is an advantage of a host-based IDS?
•A. It can reduce false-positive rates.
•B. Its signatures are broader.
•C. It can examine data before it is decrypted.
