Question 1 A (an) is given to a notification from a firewall that a specific event or packet was detected Question2 A form of intrusion detection system/intrusion prevention system (IDS/IPS) based on a defined normal, often defined using rules similar to firewall rules is called -based detection Question 3 A mechanism that defines traffic or an event to apply an authorization control of allow or deny against describes an Question 4 A technique of load balancing that operates by sending the next transaction to the firewall with the least current workload describes fair Question 5 A written expression of an item of concern (protocol, port, service, application, user, IP address) and one or more actions to take when the item of ncern appears in traffic is called a Question 6 False malicious refers to an event that does not trigger an alarm but should have, due to the traffic or event actually being abnormal and/on Question 7 exceptions Question 8 by default/Allow by exception describes a security stance that prevents all communications except those enabled by specific allovw is a technique for storing or copying log events to a centralized logging server? Question 9 -based detection refers to a form of IDS/IPS detection based on a recording of real-world traffic as a baseline for normal? Question 10 -based detection refers to a form of IDS/IPS detection based on a collection of samples, patterns, signatures, and so on stored in a database of known malicious traffic and events. All traffic or events that match an item in the database are considered abnormal and potentially malicious