最新的Cisco 500-280免費考試真題

問題1

Which statement about the distribution of SO rules is true?

A. SO rules are not distributed because you need to build your own rules.

B. SO rules ship with the regular rules download.

C. SO rules ship as a separate download.

D. SO rules ship with the regular Snort distribution.

正確答案: B

問題2

Which preprocessor maintains connection state so that attacks that manifest over multiple packets in a session can be detected?

A. detection engine

B. frag3

C. flow tracking module

D. stream5

正確答案: D

問題3

Which technique can an intruder use to try to evade detection by a Snort sensor?

A. split the malicious payload over several fragments to mask the attack signature

B. disable a sensor by exceeding the number of packets that it can fragment before forwarding

C. send more packet fragments than the destination host can reassemble, to disable the host without regard to any intrusion-detection devices that might be on the network

D. exceed the maximum number of fragments that a sensor can evaluate

正確答案: A

問題4

Which preprocessor provides a means to measure Snort performance?

A. flow

B. stats

C. performance statistics

D. stream5

正確答案: C

問題5

Which preprocessor plays a role in detecting the reconnaissance phase of an attack?

A. frag3

B. sfPortscan

C. telnet_decode

D. rpc_decode

正確答案: B

問題6

Which management and analysis tool can you use to enhance a Snort installation?

A. Nmap

B. PulledPork

C. tcpdump

D. Wireshark

正確答案: B

最新的Cisco Securing Cisco Networks with Open Source Snort - 500-280免費考試真題

聯系我們

站內鏈接

最新更新