Which keyword is used to tell Snort how far inside the packet it should look for the pattern, or defined conte
For the new Snort rules you are building, it will be required to have Snort examine inside the
content of the packet. Which keyword is used to tell Snort how far inside the packet it should look
for the pattern, or defined content match?
you need to add to Snort?
You have been working with Snort, on your Windows Server 2003, for some time as a packet
capture tool, and now wish to connect Snort to a database on your server. You install MySQL as
the database, and are ready to configure Snort. If the database is named: snortdb1, has a user
name of: snort, and a password of: snortpass, what is the configuration line you need to add to
Snort?
what is this known as?
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop
different methods of detection. If an IDS uses the process of finding a deviation from a well know
pattern of user behavior, what is this known as?
What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were p
What step in the process of Intrusion Detection as shown in the exhibit would determine if given
alerts were part of a bigger intrusion, or would help discover infrequent attacks?
What are the components of a LAMP Server?
You are going to configure your SuSe Linux machine to run Snort, as the IDS in your network. In
order to take full advantage of Snort, you have read that you need a LAMP Server. What are the
components of a LAMP Server?
what is this known as?
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop
different methods of detection. If an IDS uses the process of matching known attacks against data
collected in your network, what is this known as?
what rule option keyword would you use to match a defined value in the packets payload?
You are configuring the Intrusion Detection System in your network, and a significant part of the
strategy is to use custom Snort rules. When setting rules for Snort, what rule option keyword
would you use to match a defined value in the packets payload?
What is the name of that configuration file?
After installing Snort on your Windows machine that is destined to be your IDS, you need to edit
the configuration file to customize it to your needs. What is the name of that configuration file?
What are the two basic forms of firewall implementations?
You have recently been contracted to implement a new firewall solution at a client site. What are
the two basic forms of firewall implementations?
which of the following programs?
You are going to add another computer to the pool that you use for detecting intrusions. This time
you are making a customized Snort machine running on Windows 2000 Professional. Prior to
running Snort you must install which of the following programs?