Ensurepass.com : Ensure you pass the IT Exams
2018 Mar Cisco Official New Released 500-280
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/500-280.html
Securing Cisco Networks with Open Source Snort
Question No: 31
How is the basic construct of a port variable formatted in the Snort.conf file?
-
variable
-
var arguments
-
portvar value
-
port variable
Answer: C
Question No: 32
Which action should you perform to enable or disable entire classes of rules through the snort.conf file?
-
Specify the -e or :-d command-line argument.
-
Comment or uncomment the rule class.
-
Build and reference a separate rules-configuration file.
-
Specify the enable or the disable argument.
Answer: B
Question No: 33
Which statement about the detection engine configuration settings in snort.conf is true?
-
All the decoder alerts are on by default.
-
All the decoder settings are off by default.
-
Some decoder settings are on and others must be uncommented.
-
The decoder is no longer in use.
Answer: B
Question No: 34
What is the minimum action that you should take when configuring a new Snort installation?
-
Turn on all the rules.
-
Inform your users that you have deployed an IDS/IPS.
-
Provision more network bandwidth in case your installation causes latency.
-
Configure your HOME_NET to include the networks that you want the sensor to protect.
Answer: D
Question No: 35
Which syntax correctly expresses a port variable?
-
portvar HTTP_PORTS [80,1080,8080]
-
ports: HTTP_PORTS (80,1080,8080)
C. var: ports = 80,1080,8080
D. ipportvar /HTTP_PORTS: 80,1080,8080
Answer: A
Question No: 36
Which statement about the FTPTelnet preprocessor is true?
-
It can check for correctness of Telnet commands.
-
It can normalize FTP network traffic.
-
It can limit how much server-side traffic to process.
-
It can reassemble FTP fragments.
Answer: B
Question No: 37
Which preprocessor can normalize the IIS %u encoding scheme?
-
SMTP
-
ftp_telnet
-
http_inspect
-
sfPortscan
Answer: C
Question No: 38
When Snort receives packets, in which order are they placed into the preprocessors?
-
flow, frag3, stream5, application preprocessors, detection engine
-
detection engine, frag3, stream5, flow, application preprocessors
-
frag3, stream5, application preprocessors, detection engine
-
flow, stream5, frag3, application preprocessors, detection engine
Answer: C
Question No: 39
Which configuration is optimal for the frag3 engine?
-
Bind target IP addresses to policies that represent operating systems, so that the IPS engine can process traffic the same way that target hosts do.
-
Bind client IP addresses to policies that represent operating systems, so that clients can process traffic the same way that the IPS engine does.
-
Keep the configuration as simple as possible, for better performance.
-
Deploy the engine only in passive mode, for better performance.
Answer: A
Question No: 40
Which preprocessor maintains connection state so that attacks that manifest over multiple packets in a session can be detected?
-
stream5
-
frag3
-
flow tracking module
-
detection engine
Answer: A