Which IDS category is primarily indicated by repeated probes of services, connections from unusual locations, repeated login attempts, and sudden influxes of log data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which IDS category is primarily indicated by repeated probes of services, connections from unusual locations, repeated login attempts, and sudden influxes of log data?

Explanation:
This question is testing recognition of network-based intrusion indicators. Repeated probes of services are classic port-scanning and reconnaissance activity at the network level. Connections from unusual locations suggest traffic coming from geographies or IPs that don’t fit normal patterns, which is a sign of attacker infrastructure sweeping across the network. Repeated login attempts point to brute-force or credential-stuffing activities targeting services accessible over the network. A sudden influx of log data can occur when many network events trigger logging in a short period, often during an attack campaign or widespread scanning. Together, these symptoms reflect intrusion activity that is observed through network traffic and behavior, which is what a Network Intrusion category covers. In contrast, host- or file-based intrusions focus on compromising a specific machine or its files, not the broad network activity described. The sudden influx of log data is an important symptom but not a standalone intrusion category.

This question is testing recognition of network-based intrusion indicators. Repeated probes of services are classic port-scanning and reconnaissance activity at the network level. Connections from unusual locations suggest traffic coming from geographies or IPs that don’t fit normal patterns, which is a sign of attacker infrastructure sweeping across the network. Repeated login attempts point to brute-force or credential-stuffing activities targeting services accessible over the network. A sudden influx of log data can occur when many network events trigger logging in a short period, often during an attack campaign or widespread scanning.

Together, these symptoms reflect intrusion activity that is observed through network traffic and behavior, which is what a Network Intrusion category covers. In contrast, host- or file-based intrusions focus on compromising a specific machine or its files, not the broad network activity described. The sudden influx of log data is an important symptom but not a standalone intrusion category.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy