PrepAway - Latest Free Exam Questions & Answers

Which of the following is an issue with signature-based…

Which of the following is an issue with signature-based intrusion detection systems?

PrepAway - Latest Free Exam Questions & Answers

A.
Only previously identified attack signatures are detected.

B.
Signature databases must be augmented with inferential elements.

C.
It runs only on the windows operating system

D.
Hackers can circumvent signature evaluations.

Explanation:
An Intrusion Detection System (IDS) is a system that is used to monitor network traffic or to monitor host audit
logs in order to determine if any violations of an organization’s security policy have taken place. An IDS can
detect intrusions that have circumvented or passed through a firewall or are occurring within the local area
network behind the firewall.
In a signature-based ID, signatures or attributes, which characterize an attack, are stored for reference. Then,
when data about events are acquired from host audit logs or from network packet monitoring, this data is
compared with the attack signature database. If there is a match, a response is initiated. A weakness of this
approach is the failure to characterize slow attacks that are extended over a long time period. To identify these
types of attacks, large amounts of information must be held for extended time periods. Another issue with
signature-based ID is that only attack signatures that are stored in their database are detected.
Incorrect Answers:
B: It is not true that signature databases must be augmented with inferential elements.
C: It is not true that signature-based intrusion detection systems only run on the windows operating system.
D: Hackers circumventing signature evaluations is not an issue with signature-based intrusion detection
systems.

Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley
Publishing, Indianapolis, 2007, p. 71


Leave a Reply