Which of the following are critical questions that must be addressed when developing a log analysis policy? (Choose all that apply.)
a. What anomalies should trigger immediate alerts?
b. How long must the deviation occur before registering an anomaly?
c. How much of a deviation from the norm represents an anomaly?
d. What is the impact of the logging on system performance?
Answer:
a. What anomalies should trigger immediate alerts?,
b. How long must the deviation occur before registering an anomaly?,
c. How much of a deviation from the norm represents an anomaly?
Learn More :
Network Security
- The use of computer analysis techniques to gather evidence for criminal and/or civil trials is known as:
- To snare intruders, many organizations now use _________ techniques.
- A fundamental technique to determine if an intrusion is in progress in a stable network is: a. anomaly detection b. armoring cable c. RSA algorithm d. patching e. scanning a user's fingerprint Answer: a. anomaly detection
- Which of the following is not a type of intrusion prevention system?
- Which of the following is not true about one-time passwords?
- Which of the following is a mode that is used by IPSec?
- IP Security Protocol:
- A __________ is a trusted organization that can vouch for the authenticity of the person or the organization using the authentication.
- __________ provide authentication which can legally prove who sent a message over a network.
- DES:
- A brute force attack against an encryption system:
- A symmetric encryption system has two parts: the key and the ____________.
- Encryption is the process of:
- A way to prevent intrusion by disguising information through algorithms is:
- Spyware, adware and DDOS agents are three types of:
- A security hole is a(n):
- A(n) _________ is a type of application level firewall that is transparent so that no other computer notices that it is on the network.
- A(n) ____________ acts an intermediate host computer or gateway between the Internet and the rest of the organization's networks.
- IP spoofing means to:
- A(n) ____________ examines the source and destination address of every network packet that passes through it.
- A __________ is a router or special purpose computer that examines packets flowing into and out of a network and restricts access to the organization's network.
- __________ refers to the process of translating between one set of private addresses inside a network and a set of public address outside the network.
- With ANI security control, the network manager:
- The use of a(n) _________ prevents unauthorized intruders from accessing a computer network because the host or server will only permit access via inbound calling from prespecified phone numbers.
- A sniffer program is a: