When setting rules for Snort, what rule option keyword would you use to match a defined value in the packets p
You are configuring the Intrusion Detection System in your network, and a significant part of the strategy is to use custom Snort rules. When setting rules for Snort, what rule option keyword would you use to match a defined value in the packets payload?
If an IDS uses the process of matching known attacks against data collected in your network, what is this know
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different methods of detection. If an IDS uses the process of matching known attacks against data collected in your network, what is this known as?
What are the components of a LAMP Server?
You are going to configure your SuSe Linux machine to run Snort, as the IDS in your network. In order to take full advantage of Snort, you have read that you need a LAMP Server. What are the components of a LAMP Server?
What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were p
What step in the process of Intrusion Detection as shown in the exhibit would determine if given alerts were part of a bigger intrusion, or would help discover infrequent attacks?
If an IDS uses the process of finding a deviation from a well know pattern of user behavior, what is this know
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different methods of detection. If an IDS uses the process of finding a deviation from a well know pattern of user behavior, what is this known as?
you need to add to Snort?
You have been working with Snort, on your Windows Server 2003, for some time as a packet capture tool, and now wish to connect Snort to a database on your server. You install MySQL as the database, and are ready to configure Snort. If the database is named: snortdb1, has a user name of: snort, and a password of: snortpass, what is the configuration line you need to add to Snort?
Which keyword is used to tell Snort how far inside the packet it should look for the pattern, or defined conte
For the new Snort rules you are building, it will be required to have Snort examine inside the content of the packet. Which keyword is used to tell Snort how far inside the packet it should look for the pattern, or defined content match?
Which keyword is used to categorize Snort events?
You are configuring Snort on your new IDS, and wish to categorize the events of the rules you will use.
Which keyword is used to categorize Snort events?
What are the three options in the Snort rule that can be used to define the Priority level of the rule?
During your configuration of Snort, you wish to use priority levels in your rules. What are the three options in the Snort rule that can be used to define the Priority level of the rule?
Which of the following is the range of Snort Rule IDs that are reserved for Snorts use?
You are configuring the Snort Rules for your new IDS. You are creating the rules, and wish to avoid the
Snort Rule IDs that are reserved for Snorts use. Which of the following is the range of Snort Rule IDs that are reserved for Snorts use?