Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

Whitman and Mattord

___are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.


___is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.


Most NBA sensors can be deployed in___mode only, using the same connection methods as network-based IDPSs.


___are decoy systems designed to lure potential attackers away from critical systems.


___sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.


A___is a network tool that collects copies of packets from the network and analyzes them.

packet sniffer

___testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.


Using___, the system reviews the log files generated by servers, network devices, and even other IDPSs.

LFM (log file monitor)

A(n)___is a proposed systems user.


The port commonly used for the HTTP protocol:


A(n)___works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.


___is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.

Biometric access control

In TCP/IP networking, port___is not used.

0 (zero)

___is the process of classifying IDPS alerts so that they can be more effectively managed.

Alarm filtering

___is an event that triggers an alarm when no actual attack is in progress.

False attack stimulus

___benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.


To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known___in their knowledge base.


Activities that scan network locales for active systems and then identify the network services offered by the host systems is known as___.


Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording