Question 56
The IPS process has the following steps:
1. Reorganize application data
2. Match signature
3. Message processing
4. Protocol identification
Which of the following is the correct ordering for the processing?
Question 57
Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)
Question 58
Cloud sandbox refers to deploying the sandbox in the cloud and providing remote detection services for tenants. The process includes:
1. Report suspicious files
2. Retrospective attack
3. Firewall linkage defense
4. Prosecution in the cloud sandbox
For the ordering of the process, which of the following options is correct?
Question 59
Regarding intrusion detection I defense equipment, which of the following statements are correct? (multiple choice)
Question 60
Which of the following options is a malformed packet attack based on the TCP protocol?