What should these two lines read, after you make your changes, on a default installation?
You have decided to install Snort on your Windows Server 2003 and are making changes to the default configuration file. You see the following two lines:
include classification.config
include reference.config
What should these two lines read, after you make your changes, on a default installation?
What Network Template is designed for this firewall topology?
You are reconfiguring your networks firewall to create a DMZ using three network interfaces. After configuring the addresses on the interfaces, you are making the required changes in ISA Server 2006. You are going to use Network Template during this configuration change. What Network Template is designed for this firewall topology?
Since you wish for your options to be based on time, which of the following will be able to meet your analysis
You have just installed a new IDS and are creating the analysis options. Since you wish for your options to be based on time, which of the following will be able to meet your analysis needs?
You are configuring your Snort rules and you wish to tell Snort to log and send notice when a type of packet i
You are configuring your Snort rules and you wish to tell Snort to log and send notice when a type of packet is received, what rule action syntax will you use?
Which of the following defines an event where an alarm is indicating an intrusion when there is an actual intr
You are configuring your new Intrusion Detection System, and studying the true-false matrix. You read about the different types of alarms and events. Which of the following defines an event where an alarm is indicating an intrusion when there is an actual intrusion?
What is the switch used when telling Snort to apply the rules in the Snort Configuration file to packets proce
You are configuring the new machine in your network that you wish to be used for Snort in your network.
What is the switch used when telling Snort to apply the rules in the Snort Configuration file to packets processed by snort?
php file to test PHP on your Apache server?
You are going to configure your SuSe Linux computer to run Snort as your IDS. Prior to running Snort, you wish to configure Apache and PHP, so you may use Snort monitoring tools in the browser. You need to verify that Apache and PHP are running properly. What line needs to be entered in the info.php file to test PHP on your Apache server?
At the MySQL prompt, what is the correct command to create a database named: snortdb1?
You have configured Snort, running on your Windows Server 2003, to connect to a MySQL database.
You are now creating the Snort database in MySQL. At the MySQL prompt, what is the correct command to create a database named: snortdb1?
you need to see the data in the payload in a packet, what switch should you use?
Your new Intrusion Detection System involves a customized Snort machine with a complex rule set. One thing you wish to accomplish is to identify payload datA. When using Snort and you need to see the data in the payload in a packet, what switch should you use?
What is the most common response of an IDS when an event happens?
You have just installed a new network-based IDS for your organization. You are in the middle of your initial configuration of the system, and are now configuring the response. What is the most common response of an IDS when an event happens?