Which of the following commands would you use during the creation of such a rule?
You are working on your companys IPTables Firewall, and you wish to create a rule to address the
denial of ICMP requests and messages to your machine. Which of the following commands would
you use during the creation of such a rule?
which of the following?
You have found a user in your organization who has managed to gain access to a system that this
user was not granted the right to use. This user has just provided you with a working example of
which of the following?
What is the function of BASE on your Snort machine?
You have configured Snort and MySQL on your SuSe Linux machine. You wish to enhance the
system by using BASE. What is the function of BASE on your Snort machine?
which of the following programs?
You are going to add another computer to the pool that you use for detecting intrusions. This time
you are making a customized Snort machine running on Windows Server 2003. Prior to running
Snort you must install which of the following programs?
What are the two major components of network security that an IDS can meet?
You are configuring the new Intrusion Detection System at your office. Your CEO asks you what
the IDS will do for the organization. You tell the CEO about the three main components of Network
Security and explain how an IDS can be used to meet two of those components. What are the two
major components of network security that an IDS can meet?
Which of the following best describes the process of Host-Based Intrusion Detection Systems?
After a meeting between the IT department leaders and a security consultant, they decide to
implement
a new IDS in your network. You are later asked to explain to your team the type of IDS that is
going to be implemented. Which of the following best describes the process of Host-Based
Intrusion Detection Systems?
Which of the following best describes Interval Analysis?
You have successfully implemented a new Intrusion Detection System in your network. You have
verified that the system is active and did detect the tests you have run against it thus far. You are
now in the stage of identifying the type of analysis you wish to use with the system. You meet with
the rest of the IT staff and are asked to describe the different options for analysis. Which of the
following best describes Interval Analysis?
Which of the following Snort rules will log any telnet traffic from any IP address to port 23 of the 10.0.10.0
You are configuring your new IDS machine, where you have recently installed Snort. While you
are working with this machine, you wish to create some basic rules to test the ability to log traffic
as you desire.
Which of the following Snort rules will log any telnet traffic from any IP address to port 23 of the
10.0.10.0/24 network?
Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1 and 1024
You are configuring your new IDS machine, where you have recently installed Snort. While you
are working with this machine, you wish to create some basic rules to test the ability to log traffic
as you desire.
Which of the following Snort rules will log any tcp traffic from any IP address to any port between 1
and 1024 on any host in the 10.0.10.0/24 network?
The best course of action for you to take would be:
You have discovered that your Bastion host has been compromised but cannot determine when
the compromise occurred. The best course of action for you to take would be: