Operating System Multiple Choice Questions on “Security – Intrusion Detection”.
1. What are the different ways to intrude?
a) Buffer overflows
b) Unexpected combinations and unhandled input
c) Race conditions
d) All of the mentioned
Answer: d
2. What are the major components of the intrusion detection system?
a) Analysis Engine
b) Event provider
c) Alert Database
d) All of the mentioned
Answer: d
3. What are the different ways to classify an IDS?
a) anomaly detection
b) signature based misuse
c) stack based
d) all of the mentioned
Answer: d
4. What are the different ways to classify an IDS?
a) Zone based
b) Host & Network based
c) Network & Zone based
d) Level based
Answer: b
5. What are the characteristics of anomaly based IDS?
a) It models the normal usage of network as a noise characterization
b) It doesn’t detect novel attacks
c) Anything distinct from the noise is not assumed to be intrusion activity
d) It detects based on signature
Answer: a
6. What is the major drawback of anomaly detection IDS?
a) These are very slow at detection
b) It generates many false alarms
c) It doesn’t detect novel attacks
d) None of the mentioned
Answer: b
Clarification: None.
7. What are the characteristics of signature based IDS?
a) Most are based on simple pattern matching algorithms
b) It is programmed to interpret a certain series of packets
c) It models the normal usage of network as a noise characterization
d) Anything distinct from the noise is assumed to be intrusion activity
Answer: a
Clarification: None.
8. What are the drawbacks of signature based IDS?
a) They are unable to detect novel attacks
b) They suffer from false alarms
c) They have to be programmed again for every new pattern to be detected
d) All of the mentioned
Answer: d
Clarification: None.
9. What are the characteristics of Host based IDS?
a) The host operating system logs in the audit information
b) Logs includes logins,file opens and program executions
c) Logs are analysed to detect tails of intrusion
d) All of the mentioned
Answer: d
Clarification: None.
10. What are the drawbacks of the host based IDS?
a) Unselective logging of messages may increase the audit burdens
b) Selective logging runs the risk of missed attacks
c) They are very fast to detect
d) They have to be programmed for new patterns
Answer: a
Clarification: None.
11. What are the strengths of the host based IDS?
a) Attack verification
b) System specific activity
c) No additional hardware required
d) All of the mentioned
Answer: d
Clarification: None.
12. What are characteristics of stack based IDS?
a) They are integrated closely with the TCP/IP stack and watch packets
b) The host operating system logs in the audit information
c) It is programmed to interpret a certain series of packets
d) It models the normal usage of network as a noise characterization
Answer: a
Clarification: None.
13. What are characteristics of Network based IDS?
a) They look for attack signatures in network traffic
b) Filter decides which traffic will not be discarded or passed
c) It is programmed to interpret a certain series of packet
d) It models the normal usage of network as a noise characterization
Answer: a
Clarification: None.
14. What are strengths of Network based IDS?
a) Cost of ownership reduced
b) Malicious intent detection
c) Real time detection and response
d) All of the mentioned
Answer: d