What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following
rule:
Alert tcp any any -> any 23 (msg: “Telnet Connection Attempt”;)
What is the effect of this rule?
What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following
rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “SYN-FIN scan detected”; flags: SF;)
What is the effect of this rule?
which of the following?
If you wanted to configure your new system to use the process of detecting unauthorized activity
that matches known patterns of misuse, this system would be an example of which of the
following?
What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following
rule:
Alert tcp any any -> 10.0.10.0/24 any (msg: “NULL scan detected”; flags: 0;)
What is the effect of this rule?
What is the effect of this rule?
You are configuring your new IDS machine, and are creating new rules. You enter the following
rule:
Alert tcp any any -> 10.0.10.0/24 (msg: “O/S Fingerprint detected”; flags: S12;)
What is the effect of this rule?
which of the following types of detection best describes this event?
You are reviewing the IDS logs and during your analysis you notice a user account that had
attempted to log on to your network ten times one night between 3 and 4 AM. This is quite
different from the normal pattern of this user account, as this user is only in the office from 8AM to
6PM. Had your IDS detected this anomaly, which of the following types of detection best describes
this event?
What is the primary difference between proxy and packet filtering when the firewall is making a decision as to
What is the primary difference between proxy and packet filtering when the firewall is making a
decision
as to whether it should or should not allow a packet through?
What is the most common response of an IDS when an event happens?
You have just installed a new network-based IDS for your organization. You are in the middle of
your initial configuration of the system, and are now configuring the response. What is the most
common response of an IDS when an event happens?
you need to see the data in the payload in a packet, what switch should you use?
Your new Intrusion Detection System involves a customized Snort machine with a complex rule
set. One thing you wish to accomplish is to identify payload datA. When using Snort and you need
to see the data in the payload in a packet, what switch should you use?
what is the correct command to create a database named: snortdb1?
You have configured Snort, running on your Windows Server 2003, to connect to a MySQL
database.
You are now creating the Snort database in MySQL. At the MySQL prompt, what is the correct
command to create a database named: snortdb1?