0/24 any (msg: "NULL scan detected"; flags: 0;) What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “NULL scan detected”; flags: 0;) What is the effect of this rule?
this system would be an example of which of the following?
If you wanted to configure your new system to use the process of detecting unauthorized activity that matches known patterns of misuse, this system would be an example of which of the following?
0/24 any (msg: "SYN-FIN scan detected"; flags: SF;) What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “SYN-FIN scan detected”; flags: SF;) What is the effect of this rule?
What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following rule:
Alert tcp any any -> any 23 (msg: “Telnet Connection Attempt”;)
What is the effect of this rule?
The best course of action for you to take would be:
You have discovered that your Bastion host has been compromised but cannot determine when the compromise occurred. The best course of action for you to take would be:
0/24 network?
You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire.
Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1 and 1024 on any host in the 10.0.10.0/24 network?
0/24 network?
You are configuring your new IDS machine, where you have recently installed Snort. While you are working with this machine, you wish to create some basic rules to test the ability to log traffic as you desire.
Which of the following Snort rules will log any telnet traffic from any IP address to port 23 of the 10.0.10.0/24 network?
Which of the following best describes Interval Analysis?
You have successfully implemented a new Intrusion Detection System in your network. You have verified that the system is active and did detect the tests you have run against it thus far. You are now in the stage of identifying the type of analysis you wish to use with the system. You meet with the rest of the IT staff and are asked to describe the different options for analysis. Which of the following best describes Interval Analysis?
Which of the following best describes the process of Host-Based Intrusion Detection Systems?
After a meeting between the IT department leaders and a security consultant, they decide to implement a new IDS in your network. You are later asked to explain to your team the type of IDS that is going to be implemented. Which of the following best describes the process of Host-Based Intrusion Detection Systems?
What are the two major components of network security that an IDS can meet?
You are configuring the new Intrusion Detection System at your office. Your CEO asks you what the IDS will do for the organization. You tell the CEO about the three main components of Network Security and explain how an IDS can be used to meet two of those components. What are the two major components of network security that an IDS can meet?