___are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
___is a specially configured connection on a network device that is capable of viewing all of the traffic that moves through the entire device.
Most NBA sensors can be deployed in___mode only, using the same connection methods as network-based IDPSs.
___sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall.
A___is a network tool that collects copies of packets from the network and analyzes them.
___testing is a straightforward testing technique that looks for vulnerabilities in a program or protocol by feeding random input to the program or a network running the protocol.
Using___, the system reviews the log files generated by servers, network devices, and even other IDPSs.
LFM (log file monitor)
A(n)___works like a burglar alarm in that it detects a violation (some system activities analogous to an opened or broken window) and activates an alarm.
___is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
Biometric access control
___is the process of classifying IDPS alerts so that they can be more effectively managed.
___benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known___in their knowledge base.