• Home
  • Microsoft Exam Dumps
  • Why Choose Lead2pass?
  • Sitemap

Lead2pass New Updated IT Exam Questions

Exam collection of Micfosoft, Cisco,IBM,CompTIA and other IT exam

Menu
  • Home
  • Microsoft Exam Dumps
  • Why Choose Lead2pass?
  • Sitemap
 › (ISC)2 › CISSP Dumps › CISSP Exam Questions › CISSP New Questions › CISSP PDF › CISSP VCE › [May 2018] 2018 New Released (ISC)2 CISSP Exam Dumps Free Download In Lead2pass 2873q

[May 2018] 2018 New Released (ISC)2 CISSP Exam Dumps Free Download In Lead2pass 2873q

admin May 31, 2018     Comment Closed    

2018 Updated Lead2pass (ISC)2 CISSP Exam Questions:

https://www.lead2pass.com/cissp.html

QUESTION 31
Which of the following monitors network traffic in real time?

A.    network-based IDS
B.    host-based IDS
C.    application-based IDS
D.    firewall-based IDS

Answer: A
Explanation:
This type of IDS is called a network-based IDS because monitors network traffic in real time.

QUESTION 32
A host-based IDS is resident on which of the following?

A.    On each of the critical hosts
B.    decentralized hosts
C.    central hosts
D.    bastion hosts

Answer: A
Explanation:
A host-based IDS is resident on a host and reviews the system and event logs in order to detect an attack on the host and to determine if the attack was successful. All critical serves should have a Host Based Intrusion Detection System (HIDS) installed. As you are well aware, network based IDS cannot make sense or detect pattern of attacks within encrypted traffic. A HIDS might be able to detect such attack after the traffic has been decrypted on the host. This is why critical servers should have both NIDS and HIDS.

FROM WIKIPEDIA:

A HIDS will monitor all or part of the dynamic behavior and of the state of a computer system. Much as a NIDS will dynamically inspect network packets, a HIDS might detect which program accesses what resources and assure that (say) a word-processor hasn\’t suddenly and inexplicably started modifying the system password-database. Similarly a HIDS might look at the state of a system, its stored information, whether in RAM, in the file-system, or elsewhere; and check that the contents of these appear as expected.

One can think of a HIDS as an agent that monitors whether anything/anyone – internal or external – has circumvented the security policy that the operating system tries to enforce. http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system

QUESTION 33
Which of the following usually provides reliable, real-time information without consuming network or host resources?

A.    network-based IDS
B.    host-based IDS
C.    application-based IDS
D.    firewall-based IDS

Answer: A
Explanation:
A network-based IDS usually provides reliable, real-time information without consuming network or host resources.

QUESTION 34
The fact that a network-based IDS reviews packets payload and headers enable which of the following?

A.    Detection of denial of service
B.    Detection of all viruses
C.    Detection of data corruption
D.    Detection of all password guessing attacks

Answer: A
Explanation:
Because a network-based IDS reviews packets and headers, denial of service attacks can also be detected.

This question is an easy question if you go through the process of elimination. When you see an answer containing the keyword: ALL It is something a give away that it is not the proper answer. On the real exam you may encounter a few question where the use of the work ALL renders the choice invalid. Pay close attention to such keyword.

The following are incorrect answers:

Even though most IDSs can detect some viruses and some password guessing attacks, they cannot detect ALL viruses or ALL password guessing attacks. Therefore these two answers are only detractors.
Unless the IDS knows the valid values for a certain dataset, it can NOT detect data corruption.

QUESTION 35
Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

A.    host-based IDS
B.    firewall-based IDS
C.    bastion-based IDS
D.    server-based IDS

Answer: A
Explanation:
A host-based IDS can review the system and event logs in order to detect an attack on the host and to determine if the attack was successful.

QUESTION 36
What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

A.    It can be very invasive to the host operating system
B.    Monitors all processes and activities on the host system only
C.    Virtually eliminates limits associated with encryption
D.    They have an increased level of visibility and control compared to NIDS

Answer: A
Explanation:
The biggest drawback of HIDS, and the reason many organizations resist its use, is that it can be very invasive to the host operating system. HIDS must have the capability to monitor all processes and activities on the host system and this can sometimes interfere with normal system processing.

HIDS versus NIDS

A host-based IDS (HIDS) can be installed on individual workstations and/ or servers to watch for inappropriate or anomalous activity. HIDSs are usually used to make sure users do not delete system files, reconfigure important settings, or put the system at risk in any other way.

So, whereas the NIDS understands and monitors the network traffic, a HIDS’s universe is limited to the computer itself. A HIDS does not understand or review network traffic, and a NIDS does not “look in” and monitor a system’s activity. Each has its own job and stays out of the other’s way.

The ISC2 official study book defines an IDS as:
An intrusion detection system (IDS) is a technology that alerts organizations to adverse or unwanted activity. An IDS can be implemented as part of a network device, such as a router, switch, or firewall, or it can be a dedicated IDS device monitoring traffic as it traverses the network. When used in this way, it is referred to as a network IDS, or NIDS. IDS can also be used on individual host systems to monitor and report on file, disk, and process activity on that host. When used in this way it is referred to as a host-based IDS, or HIDS.

An IDS is informative by nature and provides real-time information when suspicious activities are identified. It is primarily a detective device and, acting in this traditional role, is not used to directly prevent the suspected attack.

What about IPS?

In contrast, an intrusion prevention system (IPS), is a technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity. An IPS permits a predetermined set of functions and actions to occur on a network or system; anything that is not permitted is considered unwanted activity and blocked. IPS is engineered specifically to respond in real time to an event at the system or network layer. By proactively enforcing policy, IPS can thwart not only attackers, but also authorized users attempting to perform an action that is not within policy. Fundamentally, IPS is considered an access control and policy enforcement technology, whereas IDS is considered network monitoring and audit technology.

The following answers were incorrect:
All of the other answer were advantages and not drawback of using HIDS

TIP FOR THE EXAM:
Be familiar with the differences that exists between an HIDS, NIDS, and IPS. Know that IDS’s are mostly detective but IPS are preventive. IPS’s are considered an access control and policy enforcement technology, whereas IDS’s are considered network monitoring and audit technology.

QUESTION 37
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?

A.    signature-based IDS
B.    statistical anomaly-based IDS
C.    event-based IDS
D.    inferent-based IDS

Answer: A

QUESTION 38
Which of the following is an issue with signature-based intrusion detection systems?

A.    Only previously identified attack signatures are detected.
B.    Signature databases must be augmented with inferential elements.
C.    It runs only on the windows operating system
D.    Hackers can circumvent signature evaluations.

Answer: A
Explanation:
An issue with signature-based ID is that only attack signatures that are stored in their database are detected.
New attacks without a signature would not be reported. They do require constant updates in order to maintain their effectiveness.

QUESTION 39
Which of the following is an IDS that acquires data and defines a “normal” usage profile for the network or host?

A.    Statistical Anomaly-Based ID
B.    Signature-Based ID
C.    dynamical anomaly-based ID
D.    inferential anomaly-based ID

Answer: A
Explanation:
Statistical Anomaly-Based ID – With this method, an IDS acquires data and defines a “normal” usage profile for the network or host that is being monitored.

QUESTION 40
Which of the following is most relevant to determining the maximum effective cost of access control?

A.    the value of information that is protected.
B.    management’s perceptions regarding data importance.
C.    budget planning related to base versus incremental spending.
D.    the cost to replace lost data.

Answer: A
Explanation:
The cost of access control must be commensurate with the value of the information that is being protected.

CISSP dumps full version (PDF&VCE): https://www.lead2pass.com/cissp.html

Large amount of free CISSP exam questions on Google Drive: https://drive.google.com/open?id=1393N8RayZN4QJ8sxg6_3cIRxwNv8QGTq

(ISC)2 CISSP Dumps CISSP Exam Questions CISSP New Questions CISSP PDF CISSP VCE
CISSP braindumpsCISSP exam dumpsCISSP exam questionCISSP pdf dumpsCISSP practice testCISSP study guideCISSP vce dumpsLead2pass CISSP

 Previous Post

[May 2018] 2018 Exam CAS-002 Dumps From Lead2pass Cover All New CAS-002 New Questions 900q

― May 31, 2018

Author: admin

Related Articles

admin ― April 16, 2018 | Comment Closed

[April 2018] 2018 Exam CISSP Dumps From Lead2pass Cover All New CISSP New Questions 2873q

2018 Lead2pass New Updated CISSP Exam Questions: https://www.lead2pass.com/cissp.html QUESTION 21What is called the percentage of valid subjects that are falsely

admin ― March 3, 2018 | Comment Closed

[March 2018] Free Lead2pass CISSP PDF Guarantee 100% Get CISSP Certification 2873q

admin ― January 19, 2018 | Comment Closed

[January 2018] Lead2pass CISSP Exam Dumps New Updated By (ISC)2 Official Exam Center 2873q

Categories

Premium VCE Test Engine

VCE Exam Simulator for Mobile

Take exams on your mobile device the same way you do on your desktop. iPhone, iPad and Android devices are supported.

Hottest Microsoft Exam Dumps

HOTMicrosoft 70-243 Dumps ➤ PDF & VCE
HOTMicrosoft 70-246 Dumps ➤ PDF & VCE
HOTMicrosoft 70-247 Dumps ➤ PDF & VCE
HOTMicrosoft 70-331 Dumps ➤ PDF & VCE
HOTMicrosoft 70-332 Dumps ➤ PDF & VCE
HOTMicrosoft 70-333 Dumps ➤ PDF & VCE
HOTMicrosoft 70-341 Dumps ➤ PDF & VCE
HOTMicrosoft 70-342 Dumps ➤ PDF & VCE
HOTMicrosoft 70-346 Dumps ➤ PDF & VCE
HOTMicrosoft 70-347 Dumps ➤ PDF & VCE
HOTMicrosoft 70-410 Dumps ➤ PDF & VCE
HOTMicrosoft 70-411 Dumps ➤ PDF & VCE
HOTMicrosoft 70-412 Dumps ➤ PDF & VCE
HOTMicrosoft 70-413 Dumps ➤ PDF & VCE
HOTMicrosoft 70-414 Dumps ➤ PDF & VCE
HOTMicrosoft 70-417 Dumps ➤ PDF & VCE
HOTMicrosoft 70-457 Dumps ➤ PDF & VCE
HOTMicrosoft 70-458 Dumps ➤ PDF & VCE
HOTMicrosoft 70-461 Dumps ➤ PDF & VCE
HOTMicrosoft 70-462 Dumps ➤ PDF & VCE
HOTMicrosoft 70-463 Dumps ➤ PDF & VCE
HOTMicrosoft 70-464 Dumps ➤ PDF & VCE
HOTMicrosoft 70-465 Dumps ➤ PDF & VCE
HOTMicrosoft 70-466 Dumps ➤ PDF & VCE
HOTMicrosoft 70-467 Dumps ➤ PDF & VCE
HOTMicrosoft 70-469 Dumps ➤ PDF & VCE
HOTMicrosoft 70-480 Dumps ➤ PDF & VCE
HOTMicrosoft 70-481 Dumps ➤ PDF & VCE
HOTMicrosoft 70-482 Dumps ➤ PDF & VCE
HOTMicrosoft 70-483 Dumps ➤ PDF & VCE
HOTMicrosoft 70-486 Dumps ➤ PDF & VCE
HOTMicrosoft 70-487 Dumps ➤ PDF & VCE
HOTMicrosoft 70-488 Dumps ➤ PDF & VCE
HOTMicrosoft 70-489 Dumps ➤ PDF & VCE
HOTMicrosoft 70-511 Dumps ➤ PDF & VCE
HOTMicrosoft 70-513 Dumps ➤ PDF & VCE
HOTMicrosoft 70-515 Dumps ➤ PDF & VCE
HOTMicrosoft 70-532 Dumps ➤ PDF & VCE
HOTMicrosoft 70-533 Dumps ➤ PDF & VCE
HOTMicrosoft 70-534 Dumps ➤ PDF & VCE
HOTMicrosoft 70-640 Dumps ➤ PDF & VCE
HOTMicrosoft 70-642 Dumps ➤ PDF & VCE
HOTMicrosoft 70-646 Dumps ➤ PDF & VCE
HOTMicrosoft 70-687 Dumps ➤ PDF & VCE
HOTMicrosoft 70-688 Dumps ➤ PDF & VCE
HOTMicrosoft 70-689 Dumps ➤ PDF & VCE
HOTMicrosoft 70-692 Dumps ➤ PDF & VCE
HOTMicrosoft 70-695 Dumps ➤ PDF & VCE
HOTMicrosoft 70-696 Dumps ➤ PDF & VCE
HOTMicrosoft 70-697 Dumps ➤ PDF & VCE
HOTMicrosoft 74-335 Dumps ➤ PDF & VCE
HOTMicrosoft 74-338 Dumps ➤ PDF & VCE
HOTMicrosoft 74-343 Dumps ➤ PDF & VCE
HOTMicrosoft 74-344 Dumps ➤ PDF & VCE
HOTMicrosoft 74-409 Dumps ➤ PDF & VCE
HOTMicrosoft 98-361 Dumps ➤ PDF & VCE
HOTMicrosoft 98-367 Dumps ➤ PDF & VCE
HOTMB2-700 Dumps ➤ PDF & VCE
HOTMB2-701 Dumps ➤ PDF & VCE
HOTMB2-702 Dumps ➤ PDF & VCE
HOTMB2-703 Dumps ➤ PDF & VCE
GetAll List Of Microsoft Dumps NOW

Hottest Cisco Exam Dumps

HOTCisco 200-120 Dumps ➤ PDF & VCE
HOTCisco 100-101 Dumps ➤ PDF & VCE
HOTCisco 200-101 Dumps ➤ PDF & VCE
HOTCisco 200-310 Dumps ➤ PDF & VCE
HOTCisco 200-355 Dumps ➤ PDF & VCE
HOTCisco 200-401 Dumps ➤ PDF & VCE
HOTCisco 210-260 Dumps ➤ PDF & VCE
HOTCisco 210-060 Dumps ➤ PDF & VCE
HOTCisco 210-065 Dumps ➤ PDF & VCE
HOTCisco 300-101 Dumps ➤ PDF & VCE
HOTCisco 300-115 Dumps ➤ PDF & VCE
HOTCisco 300-135 Dumps ➤ PDF & VCE
HOTCisco 300-206 Dumps ➤ PDF & VCE
HOTCisco 300-207 Dumps ➤ PDF & VCE
HOTCisco 300-208 Dumps ➤ PDF & VCE
HOTCisco 300-209 Dumps ➤ PDF & VCE
HOTCisco 300-070 Dumps ➤ PDF & VCE
HOTCisco 300-075 Dumps ➤ PDF & VCE
HOTCisco 300-080 Dumps ➤ PDF & VCE
HOTCisco 300-085 Dumps ➤ PDF & VCE
HOTCisco 400-101 Dumps ➤ PDF & VCE
HOTCisco 400-201 Dumps ➤ PDF & VCE
HOTCisco 400-051 Dumps ➤ PDF & VCE
HOTCisco 350-018 Dumps ➤ PDF & VCE
HOTCisco 642-035 Dumps ➤ PDF & VCE

Hottest CompTIA Exam Dumps

HOTSY0-401 Dumps ➤ PDF & VCE
HOTN10-006 Dumps ➤ PDF & VCE
HOT220-901 Dumps ➤ PDF & VCE
HOT220-902 Dumps ➤ PDF & VCE
HOTSG0-001 Dumps ➤ PDF & VCE
HOTCAS-002 Dumps ➤ PDF & VCE
HOTSK0-004 Dumps ➤ PDF & VCE

Other Hottest Exam Dumps

HOTVMware VCP550 Dumps ➤ PDF & VCE
HOTVMware VCP550D Dumps ➤ PDF & VCE
HOTVMware 1V0-601 Dumps ➤ PDF & VCE
HOTVMware 2V0-620 Dumps ➤ PDF & VCE
HOTVCP5-DCV Dumps ➤ PDF & VCE
HOTISC CISSP Dumps ➤ PDF & VCE
HOTPMI PMP Dumps ➤ PDF & VCE
HOTOracle 1Z0-051 Dumps ➤ PDF & VCE
HOTOracle 1Z0-052 Dumps ➤ PDF & VCE
HOTOracle 1Z0-060 Dumps ➤ PDF & VCE
HOTOracle 1Z0-061 Dumps ➤ PDF & VCE
HOTCitrix 1Y0-201 Dumps ➤ PDF & VCE
HOTCitrix 1Y0-301 Dumps ➤ PDF & VCE
HOTCitrix 1Y0-401 Dumps ➤ PDF & VCE
HOT312-50v9 Dumps ➤ PDF & VCE
HOTRHCSA EX200 Dumps ➤ PDF & VCE
HOTRHCE EX300 Dumps ➤ PDF & VCE

Archives

Tags

100-105 exam dumps 200-125 braindumps 200-125 exam dumps 200-125 exam question 200-125 pdf dumps 200-125 practice test 200-125 study guide 200-125 vce dumps 200-355 braindumps 200-355 exam dumps 200-355 exam question 200-355 pdf dumps 200-355 practice test 200-355 study guide 200-355 vce dumps 220-901 braindumps 220-901 exam dumps 220-901 exam question 220-901 pdf dumps 220-901 practice test 220-901 study guide 220-901 vce dumps 300-101 braindumps 300-101 exam dumps 300-101 exam question 300-101 pdf dumps 300-101 practice test 300-101 study guide 300-101 vce dumps 400-101 braindumps 400-101 exam dumps 400-101 exam question 400-101 pdf dumps 400-101 practice test 400-101 study guide 400-101 vce dumps 400-251 braindumps 400-251 exam dumps 400-251 exam question 400-251 pdf dumps 400-251 practice test 400-251 study guide 400-251 vce dumps Lead2pass 220-901 Lead2pass 400-101