Q.1 What is the primary purpose of an Intrusion Detection System (IDS)?
To prevent viruses from infecting a system
To detect unauthorized access or attacks
To manage network bandwidth
To encrypt sensitive data
Explanation - An IDS monitors network or system activities for malicious actions or policy violations and generates alerts when such activities are detected.
Correct answer is: To detect unauthorized access or attacks
Q.2 Which of the following is a key difference between IDS and IPS?
IDS only detects attacks, while IPS can block them
IDS encrypts data, IPS does not
IDS is software-based, IPS is hardware-based
IDS works offline, IPS works online
Explanation - An IDS detects and alerts on malicious activity, whereas an IPS can actively prevent or block attacks in real-time.
Correct answer is: IDS only detects attacks, while IPS can block them
Q.3 Which type of IDS analyzes network traffic for known attack patterns?
Anomaly-based IDS
Signature-based IDS
Behavior-based IDS
Heuristic-based IDS
Explanation - Signature-based IDS uses predefined patterns of known attacks to detect malicious activity in network traffic.
Correct answer is: Signature-based IDS
Q.4 An IDS that monitors deviations from normal behavior is called:
Signature-based IDS
Anomaly-based IDS
Host-based IDS
Network-based IDS
Explanation - Anomaly-based IDS establishes a baseline of normal system behavior and alerts when deviations occur, indicating potential intrusions.
Correct answer is: Anomaly-based IDS
Q.5 What is a Host-based IDS (HIDS) primarily designed to monitor?
Network packets and traffic
System logs and file integrity
Wireless signals
Cloud storage activity
Explanation - HIDS monitors a specific host for suspicious activity by analyzing logs, file changes, and system calls.
Correct answer is: System logs and file integrity
Q.6 Which of the following is a common limitation of signature-based IDS?
Cannot detect unknown attacks
Consumes too much network bandwidth
Cannot generate alerts
Requires no updates
Explanation - Signature-based IDS relies on known attack patterns, so new or unknown attacks can bypass detection.
Correct answer is: Cannot detect unknown attacks
Q.7 What type of IPS response immediately stops malicious traffic?
Passive response
Active response
Logging response
Reporting response
Explanation - Active response in IPS means taking immediate action, such as dropping packets or blocking IP addresses to prevent damage.
Correct answer is: Active response
Q.8 Which component of an IDPS is responsible for analyzing data and generating alerts?
Sensors
Management console
Analysis engine
Firewall
Explanation - The analysis engine inspects incoming data against signatures or behavior models to detect potential intrusions and generate alerts.
Correct answer is: Analysis engine
Q.9 A Network-based IDS (NIDS) is best deployed at:
Individual computers
Network segments or perimeter
Cloud storage servers
Mobile devices
Explanation - NIDS monitors network traffic for suspicious patterns and is typically placed at key network points like gateways or subnets.
Correct answer is: Network segments or perimeter
Q.10 Which of the following is an advantage of anomaly-based IDS over signature-based IDS?
Easier to configure
Can detect unknown attacks
Less false positives
Requires no training
Explanation - Anomaly-based IDS can identify unusual behavior, making it capable of detecting previously unknown attacks.
Correct answer is: Can detect unknown attacks
Q.11 False positives in IDS refer to:
Attacks that go undetected
Normal activity flagged as malicious
Malicious activity correctly detected
Traffic that is encrypted
Explanation - A false positive occurs when legitimate activity is incorrectly identified as an attack, leading to unnecessary alerts.
Correct answer is: Normal activity flagged as malicious
Q.12 Which of the following protocols is often monitored by IDS to detect attacks?
HTTP
FTP
SMTP
All of the above
Explanation - IDS can monitor various protocols like HTTP, FTP, SMTP, and more to detect suspicious activity across different communication channels.
Correct answer is: All of the above
Q.13 What is a key feature of an IPS compared to IDS?
Alerts administrators only
Can block malicious traffic
Monitors system logs
Requires offline analysis
Explanation - Unlike IDS, IPS can take preventive action to block or reject traffic that matches malicious signatures or anomalies.
Correct answer is: Can block malicious traffic
Q.14 Which IDS detection method relies on statistical models of normal behavior?
Signature-based
Anomaly-based
Heuristic-based
Policy-based
Explanation - Anomaly-based IDS compares current activity to statistical models of normal behavior and alerts on deviations.
Correct answer is: Anomaly-based
Q.15 Which of the following is a common challenge in deploying IDS in high-speed networks?
High cost of hardware
Processing large volumes of traffic in real-time
Incompatibility with protocols
Inability to generate alerts
Explanation - High-speed networks require IDS/IPS to handle large traffic loads without dropping packets, which is a technical challenge.
Correct answer is: Processing large volumes of traffic in real-time
Q.16 Which of the following is a host-based intrusion prevention measure?
Firewall packet filtering
Anti-virus with real-time protection
Network traffic sniffing
Router ACL configuration
Explanation - Host-based IPS protects individual systems by monitoring file integrity, applications, and processes to prevent attacks.
Correct answer is: Anti-virus with real-time protection
Q.17 What is the main role of the management console in an IDPS?
Capture packets
Analyze system logs
Provide centralized configuration and reporting
Encrypt network traffic
Explanation - The management console allows administrators to configure sensors, view alerts, and manage policies centrally.
Correct answer is: Provide centralized configuration and reporting
Q.18 Which type of attack is particularly difficult for signature-based IDS to detect?
Known virus attacks
Zero-day attacks
Brute force login attempts
Port scans
Explanation - Zero-day attacks exploit unknown vulnerabilities, which cannot be detected by signature-based IDS that rely on known patterns.
Correct answer is: Zero-day attacks
Q.19 In an IPS, which method actively prevents attacks without human intervention?
Passive monitoring
Inline blocking
Logging only
Alerting only
Explanation - Inline IPS sits directly in the network path and can block malicious traffic in real-time without requiring manual intervention.
Correct answer is: Inline blocking
Q.20 Which IDS placement strategy is best for monitoring internal network threats?
At the network perimeter
Inside the internal network segments
Outside the firewall
At ISP level
Explanation - Deploying IDS inside internal network segments helps detect attacks originating from inside the network, such as insider threats or lateral movement.
Correct answer is: Inside the internal network segments
Q.21 Which of the following best describes a hybrid IDPS?
Combines network and host-based detection
Uses only signature-based methods
Requires no updates
Monitors only encrypted traffic
Explanation - Hybrid IDPS integrates both NIDS and HIDS capabilities to provide broader coverage and more accurate intrusion detection.
Correct answer is: Combines network and host-based detection
Q.22 Which of the following is NOT typically a function of IPS?
Dropping malicious packets
Alerting administrators
Logging security events
Scanning for viruses on endpoints
Explanation - IPS focuses on monitoring and blocking malicious traffic, not endpoint antivirus scanning, which is handled by anti-virus software.
Correct answer is: Scanning for viruses on endpoints
Q.23 Which feature helps reduce false positives in anomaly-based IDS?
Regular updates of attack signatures
Baseline profiling and tuning
Blocking traffic automatically
Encrypting traffic
Explanation - By accurately profiling normal behavior and adjusting thresholds, anomaly-based IDS can reduce false positive alerts.
Correct answer is: Baseline profiling and tuning
Q.24 What is the main advantage of inline IPS deployment over passive IDS?
Cheaper implementation
Can actively block attacks
Requires no maintenance
Consumes less power
Explanation - Inline IPS sits directly in the traffic path and can prevent malicious packets from reaching the target system in real-time.
Correct answer is: Can actively block attacks