CIS 359 Midterm Exam Set 1 (2) CIS 359 Midterm Exam Set 1 (2) | Page 3

____ are closely monitored network decoys serving that can distract adversaries from more
valuable machines on a network; can provide early warning about new attack and exploitation
trends; and can allow in-depth examination of adversaries during and after exploitation.
Question 10
Using a process known as ____, network-based IDPSs look for attack patterns by comparing
measured activity to known signatures in their knowledge base to determine whether or not an
attack has occurred or may be under way.
Question 11
In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to
inject false information to corrupt the servers’ answers to routine DNS queries from other
systems on that network.
Question 12
The use of IDPS sensors and analysis systems can be quite complex. One very common
approach is to use an open source software program called ____ running on an open source
UNIX or Linux system that can be managed and queried from a desktop computer using a client
interface.
Question 13
The ____ approach for detecting intrusions is based on the frequency with which certain
network activities take place.