The questions that follow give you a bigger challenge than the exam itself by using an open-ended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
1.
What are the IDS evasion techniques?
2.
What is the Target Value Rating?
3.
What is event action override?
4.
How can fragmentation be used to evade detection?
5.
Which common obfuscation techniques are used by attackers?
6.
What are some of the factors to consider when tuning your IPS sensors?
7.
What are the global IP log sensor parameters?
8.
What does it mean when the Max IP Log Bytes is configured to 0?
9.
What must you do to use the signatures that are based on the AIC HTTP signature engine?
10.
When configuring fragment reassembly on your sensor, which operating systems can you use when specifying the IP reassembly mode?
11.
What is the difference between strict stream reassembly and loose stream reassembly?
12.
What is an event action filter?
13.
Which parameters can you specify when defining an event action filter?
14.
What is the purpose of the Stop on Match parameter in the context of configuring an event action filter?
15.
Why is the order of event action filters important?
