as to whether it should or should not allow a packet through?
What is the primary difference between proxy and packet filtering when the firewall is making a decision
as to whether it should or should not allow a packet through?
Had your IDS detected this anomaly, which of the following types of detection best describes this event?
You are reviewing the IDS logs and during your analysis you notice a user account that had attempted to log on to your network ten times one night between 3 and 4 AM. This is quite different from the normal pattern of this user account, as this user is only in the office from 8AM to 6PM. Had your IDS detected this anomaly, which of the following types of detection best describes this event?
What are these three default options?
You are configuring a new custom IPSec policy on your Windows Server 2003 machine. On the rules tab, you find the three default options under the IP Filter List. What are these three default options?
0/24 (msg: "O/S Fingerprint detected"; flags: S12;) What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 (msg: “O/S Fingerprint detected”; flags: S12;) What is the effect of this rule?
0/24 any (msg: "NULL scan detected"; flags: 0;) What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “NULL scan detected”; flags: 0;) What is the effect of this rule?
this system would be an example of which of the following?
If you wanted to configure your new system to use the process of detecting unauthorized activity that matches known patterns of misuse, this system would be an example of which of the following?
0/24 any (msg: "SYN-FIN scan detected"; flags: SF;) What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “SYN-FIN scan detected”; flags: SF;) What is the effect of this rule?
What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> any 23 (msg: “Telnet Connection Attempt”;)
What is the effect of this rule?
The best course of action for you to take would be:
You have discovered that your Bastion host has been compromised but cannot determine when the compromise occurred. The best course of action for you to take would be:
0/24 network?
You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire.
Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1 and 1024 on any host in the 10.0.10.0/24 network?