Chapter 63 · Quiz

Intrusion Prevention Quiz

10 questions covering IDS vs. IPS, fail-open vs. fail-closed, active vs. passive monitoring, and SPAN/tap configurations.

Question 1 of 6
What is the key functional difference between an IDS and an IPS?
Question 2 of 6
An inline IPS fails due to a hardware fault. The device is configured fail-open. What happens to network traffic during the failure?
Question 3 of 6
A security architect needs to monitor traffic on a SCADA network that controls physical manufacturing equipment. Any device failure must have zero impact on the SCADA network's operation. Which monitoring configuration is MOST appropriate?
Question 4 of 6
An organization deploys an IPS appliance connected to a SPAN port on their core switch. A SQL injection attack reaches the database server. The IPS generates an alert. What does this scenario demonstrate?
Question 5 of 6
Which failure mode should a hospital choose for an inline IPS protecting its clinical network, and why?
Question 6 of 6
A security team needs to monitor a high-speed 10Gbps link for forensic purposes. They require 100% packet capture fidelity — no dropped copies. Which traffic copy method is MOST appropriate?

Matching

Match each description to the intrusion detection/prevention concept it best represents.

1. A security device that sits directly in the network traffic path and can drop malicious packets before they reach their destination
2. A security device that generates alerts when it identifies suspicious traffic but cannot stop that traffic from reaching its destination
3. A device failure behavior in which traffic continues to flow through a failed inline security device without inspection
4. A switch feature that duplicates traffic from specified ports and delivers copies to a monitoring device without impacting the original traffic flow
A. IDS (passive)
B. Fail-open
C. Active monitoring / inline IPS
D. SPAN port (port mirror)