Name: ________________________________________ Permit No.: __________ CIM21 SEMI-FINAL EXAM I. Identification _______________ 1. _______________ 2. _______________ 3. _______________ 4. _______________ 5.

_______________ 6. _______________ 7. _______________ 8. _______________ 9. _______________ 10. _______________ 11. _______________ 12. _______________ 13. _______________ 14. _______________ 15. _______________ 16. _______________ 17. _______________ 18. _______________ 19. _______________ 20. _______________ 21. _______________ 22. _______________ 23. _______________ 24. _______________ 25.

Score: _____________

It is used to detect on a host or a network any undesirable and malicious activity/ behavior. A situation in which a NIDS device trigger an alarm for a supposedly malicious activity or attack when the truth is, it is not. An IDS approach that detects malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic. An IDS approach that is installed on each host and look for attacks directed at the host. The term used to describe a network intrusion devices inability to detect true security events under certain circumstances. A program that replicates itself into a computer system but does not directly infect other files. It can spread itself to other computers without needing to be transferred as part of a host. A file that appears harmless until executed. Any program, file, or code that performs malicious actions on the target system without the users express consent. Any program, file, or code that the user agrees to run or install without realizing the full implications of that choice. A software program that attaches itself to another file or program in computer memory or on a disk, and spreads from one file or program to another. It refers to programs that use your Internet connection to send information from your personal computer to some other computer, without your knowledge or permission. It involves linking browsers to adult websites and bombarding the user with adult pop-up advertisements. A hardware or software that records keystrokes, log electronic chat conversations and log the contents of emails. Spyware that serves personalized advertisements. A virus that can encrypt its code in different ways so that it appears differently in each infection. It collects information about the user to send back to advertisers for purposes of profiling for targeted ad-serving. The part of the virus that is responsible in finding new files to infect. A technique based on the assumption that a virus needs to make a modification to a system in order to infect it. These are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These viruses infect the macros within a document or template. These viruses infect floppy disk boot records or master boot records in hard disks. It is a program the user believes is legitimate, but instead it carries out some malicious act. In this type of detection model, the software discovers intrusions by looking for activity that is different from a users or systems normal behavior and classifying it as anomalous. This technology analyzes packets for specific patterns related to known attacks and flags them when it finds a match.

II. Enumeration 1-2. 3-7. 8-11. 12-14. 15. Two main approaches of Intrusion Detection System Give at least 5 Types/Classification of Viruses Four Parts of a Virus Three Components of IDS Give at least 1 example of Boot Virus

III. Essay 1. Differentiate a Passive System from a Reactive System (5pts) 2. Differentiate Host-Based IDS from Network-Based IDS (5pts)