CIS 359 STUDY Great Stories/cis359study.com CIS 359 STUDY Great Stories/cis359study.com | Page 31

____ are closely monitored network decoys serving that can distract
adversaries from more valuable machines on a network; can provide
early warning about new attack and exploitation trends; and can allow
in-depth examination of adversaries during and after exploitation.
Question 10
Using a process known as ____, network-based IDPSs look for attack
patterns by comparing measured activity to known signatures in their
knowledge base to determine whether or not an attack has occurred or
may be under way.
Question 11
In an attack known as ____, valid protocol packets exploit poorly
configured DNS servers to inject false information to corrupt the
servers’ answers to routine DNS queries from other systems on that
network.
Question 12
The use of IDPS sensors and analysis systems can be quite complex.
One very common approach is to use an open source software program
called ____ running on an open source UNIX or Linux system that can
be managed and queried from a desktop computer using a client
interface.