Graded Quiz: Network Security Techniques :Computer Networks and Network Security (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
How does an IPS differ from an IDS?
-
✅ An IDS alerts administrators about suspicious activities, while an IPS can actively block and prevent threats.
-
❌ IPS generates alerts, IDS blocks threats
-
❌ IDS operates inline, IPS out-of-band
-
❌ Neither can block traffic
Explanation:
IDS = Detect & Alert
IPS = Detect, Alert & Block traffic in real time.
2. Question 2
Role of hashing in File Integrity Monitoring (FIM)?
-
✅ Creating unique identifiers for files to detect changes
-
❌ Enhancing transfer speeds
-
❌ Compressing file sizes
-
❌ Encrypting files
Explanation:
Hashing generates a unique checksum.
Any change to a file → changed hash → alert.
3. Question 3
Primary purpose of FIM?
-
✅ Continuously monitoring file systems for unauthorized changes
-
❌ Backing up files
-
❌ Enhancing performance
-
❌ Ensuring software license compliance
Explanation:
FIM alerts when critical system files are modified unexpectedly — key for security.
4. Question 4
Benefit of stateless inspection?
-
❌ Maintains full logs
-
✅ It is faster than stateful inspection.
-
❌ Provides real-time threat prevention
-
❌ Uses machine learning
Explanation:
Stateless inspection checks packets individually → low overhead → faster but less secure.
5. Question 5
Key advantage of HIPS?
-
✅ Real-time protection by blocking suspicious activities on individual devices
-
❌ Requires no updates
-
❌ Monitors network perimeter
-
❌ Zero performance impact
Explanation:
HIPS protects the host (endpoint) by detecting and stopping threats right on the device.
6. Question 6
Primary function of NIDS?
-
❌ Modify network traffic
-
✅ Monitor network traffic for suspicious activities
-
❌ Encrypt data
-
❌ Actively block traffic
Explanation:
NIDS is passive → monitors & alerts, unlike IPS which can block.
7. Question 7
Difference between EDR and XDR?
-
✅ XDR provides a centralized platform unifying data from multiple security tools, while EDR is limited to endpoint data.
-
❌ XDR eliminates all manual analysis
-
❌ EDR integrates multiple tools, XDR is limited
-
❌ EDR = network, XDR = endpoint
Explanation:
EDR = Endpoint-focused
XDR = Cross-platform visibility (network, cloud, endpoint, identity, etc.)
🧾 Summary Table
| Q No. | Correct Answer | Key Concept |
|---|---|---|
| 1 | IDS alerts, IPS blocks | IDS vs IPS |
| 2 | Hashing detects changes | File integrity |
| 3 | Monitor files for unauthorized changes | FIM |
| 4 | Faster than stateful | Stateless inspection |
| 5 | Real-time host protection | HIPS |
| 6 | Monitor network traffic | NIDS |
| 7 | XDR combines multiple sources; EDR is endpoint-only | EDR vs XDR |