which of the following types of detection best describes this event?
You are reviewing the IDS logs and during your analysis you notice a user account that had
attempted to log on to your network ten times one night between 3 and 4 AM. This is quite
different from the normal pattern of this user account, as this user is only in the office from 8AM to
6PM. Had your IDS detected this anomaly, which of the following types of detection best describes
this event?
What is the primary difference between proxy and packet filtering when the firewall is making a decision as to
What is the primary difference between proxy and packet filtering when the firewall is making a
decision
as to whether it should or should not allow a packet through?
What is the most common response of an IDS when an event happens?
You have just installed a new network-based IDS for your organization. You are in the middle of
your initial configuration of the system, and are now configuring the response. What is the most
common response of an IDS when an event happens?
you need to see the data in the payload in a packet, what switch should you use?
Your new Intrusion Detection System involves a customized Snort machine with a complex rule
set. One thing you wish to accomplish is to identify payload datA. When using Snort and you need
to see the data in the payload in a packet, what switch should you use?
what is the correct command to create a database named: snortdb1?
You have configured Snort, running on your Windows Server 2003, to connect to a MySQL
database.
You are now creating the Snort database in MySQL. At the MySQL prompt, what is the correct
command to create a database named: snortdb1?
What line needs to be entered in the info.php file to test PHP on your Apache server?
You are going to configure your SuSe Linux computer to run Snort as your IDS. Prior to running
Snort, you wish to configure Apache and PHP, so you may use Snort monitoring tools in the
browser. You need to verify that Apache and PHP are running properly. What line needs to be
entered in the info.php file to test PHP on your Apache server?
What is the switch used when telling Snort to apply the rules in the Snort Configuration file to packets proce
You are configuring the new machine in your network that you wish to be used for Snort in your
network.
What is the switch used when telling Snort to apply the rules in the Snort Configuration file to
packets processed by snort?
Which of the following defines an event where an alarm is indicating an intrusion when there is an actual intr
You are configuring your new Intrusion Detection System, and studying the true-false matrix. You
read about the different types of alarms and events. Which of the following defines an event where
an alarm is indicating an intrusion when there is an actual intrusion?
what rule action syntax will you use?
You are configuring your Snort rules and you wish to tell Snort to log and send notice when a type
of packet is received, what rule action syntax will you use?
which of the following will be able to meet your analysis needs?
You have just installed a new IDS and are creating the analysis options. Since you wish for your
options to be based on time, which of the following will be able to meet your analysis needs?