13. What does tcpdump do? Select all that apply.
- Analyzes packets and provides a textual analysis
- Captures packets
- Generates packets
- Encrypts your packets
14. What does wireshark do differently from tcpdump? Check all that apply.
- It can capture packets and analyze them.
- It understands more application-level protocols.
- It has a graphical interface.
- It can write packet captures to a file.
15. What factors should you consider when designing an IDS installation? Check all that apply.
- Internet connection speed
- Traffic bandwidth
- OS types in use
- Storage capacity
16. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?
- An IDS can actively block attack traffic, while an IPS can only alert on detected attack traffic.
- An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic.
- An IDS can detect malware activity on a network, but an IPS can’t
- They are the same thing.
17. What factors would limit your ability to capture packets? Check all that apply.
- Network interface not being in promiscuous or monitor mode
- Anti-malware software
- Encryption
- Access to the traffic in question
