As Intrusion Detection Systems become more sophisticated, the software manufacturers develop
different methods of detection. If an IDS uses the process of matching known attacks against data
collected in your network, what is this known as?

You are configuring the Intrusion Detection System in your network, and a significant part of the
strategy is to use custom Snort rules. When setting rules for Snort, what rule option keyword
would you use to match a defined value in the packets payload?

After installing Snort on your Windows machine that is destined to be your IDS, you need to edit
the configuration file to customize it to your needs. What is the name of that configuration file?

You have recently been contracted to implement a new firewall solution at a client site. What are
the two basic forms of firewall implementations?

You are going to add another computer to the pool that you use for detecting intrusions. This time
you are making a customized Snort machine running on Windows 2000 Professional. Prior to
running Snort you must install which of the following programs?

You have recently installed ISA Server 2006 as your firewall, and are building some new rules. If
you need to create a rule that will be based upon a Network Set, which of the following would you
select in the Toolbox?

During the configuration of your newly installed ISA Server 2006, you are creating new rules.
Which three of the following answers are used to create a protocol rule in ISA Server 2006?

In the command ipchains -N chain , what will the -N accomplish in the chain?

You are reviewing your companys IPTables Firewall and see the command (minus the quotes) ” !
10.10.216″ as part of a rule, what does this mean?

You need to add a line to your IPTables Firewall input chain that will stop any attempts to use the
default install of Back Orifice against hosts on your network (the 10.10.10.0 network). Which of the
following would be the correct command to use?