Question

1. T F     To have a Snort rule match on both inbound and outbound traffic, the rule should use the flow:to_server,from_client,established; option.          Answer: _____

2. T F     Host-based IDS can be used to monitor compliance with corporate policies such as acceptable use of computer resources.      Answer: _____

3. T F     An on-demand operational IDS model is not suitable if legally admissible data collection is required.     Answer: _____

4. T F     Current criminal and civil procedure laws and rules of evidence do not apply to digital and electronic forms of evidence such as IDS logs.    Answer: _____

5. T F     Snort unified output handling tools are used to off-load computing tasks from the core Snort program to improve overall performance.    Answer: _____

6. T F     Thresholds used in Snort alert rules can cause false negatives if the attacker works slowly enough.     Answer: _____

7. T F     Network-based IDS provides no protection against internal threats. Answer: _____

8. T F     When a “pass” rule is matched in Snort, no other rules are evaluated for the packet.            Answer: _____

9. T F     To ensure proper execution of Snort rules using the “uricontent” option the HTTP Inspect preprocessor must be installed and configured in Snort.   Answer: _____

10. T F     There are no monitoring situations that justify real-time intrusion response.          Answer: _____

Answer 1

Solution

--

all the best