A, B. Network sniffers and NIDSs are used to monitor network traffic. Network sniffers are manually oriented, whereas an NIDS can be automated.

C. A host-based IDS (HIDS) is installed on each host that needs IDS capabilities.

C. Dynamically changing the system's configuration to protect the network or a system is an active response.

A. By comparing attack signatures and audit trails, a misuse-detection IDS determines whether an attack is occurring.

D. The analyzer function uses data sources from sensors to analyze and determine whether an attack is under way.

B. The manager is the component that the operator uses to manage the IDS. The manager may be a graphical interface, a real-time traffic screen, or a command-line-driven environment.

A. A honeypot is a system that is intended to be sacrificed in the name of knowledge. Honeypot systems allow investigators to evaluate and analyze the attack strategies used. Law enforcement agencies use honeypots to gather evidence for prosecution.

A. Incident response is the process of determining the best method of dealing with a computer security incident.

C. Entrapment is the process of encouraging an individual to perform an unlawful act that they wouldn't normally have performed.

C. Wireless Application Protocol (WAP) is an open international standard for applications that use wireless communication.

A. 802.11 operates on 2.4GHZ. This standard allows for bandwidths of 1Mbps or 2Mbps.

C. Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to the security on a wired network and implements elements of the 802.11i standard.

D. A site survey is the process of monitoring a wireless network using a computer, wireless controller, and analysis software. Site surveys are easily accomplished and hard to detect.

A. IM users are highly susceptible to malicious code attacks such as worms, viruses, and Trojan horses. Ensure that IM users have up-to-date antivirus software installed.

B. Scanning is the process of gathering data about your network configuration and determining which systems are live.

A. Footprinting involves identifying your network and its security posture. Footprinting is done using multiple sources of information to determine what systems you may be using.

D. When an event is detected when it is happening, is is said to be detected in Real time.

A. Jamming is the process of intentionally disrupting communications in an IM session. Jamming is a loosely defined term, and it refers to any intentional disruption that isn't a DoS attack.

A. Your user has just encountered an application-level DoS attack. This type of attack is common and isn't usually fatal, but it's very annoying. Your user should restart his system, verify that the website didn't transmit a virus, and stay away from broadcasted websites.

A. An IDS will announce an event through an alert when suspicious activity is encountered.