[ LiB ] |
Question 1 | What statement is true about service signatures?
|
A1: | Answer C is correct. Service signatures such as DNS, SQL, FTP, IMAP, NTP, POP, and so on are based on network services that are independent of the operating system. Answers A and B are therefore incorrect. Service signatures operate at Layers 5 through 7, so Answer D is incorrect. |
Question 2 | Which of the following should you take into consideration when choosing a signature engine to create a custom signature? (Choose all that apply.)
|
A2: | Answers A, B, C, E, and F are correct. You should consider the network protocol, target address and port, type of attack, and whether inspection of the data payload is required when choosing a signature engine for a custom signature. You can configure the signature action response for all signatures, default or custom. You do not need to consider the signature action response during the process of choosing a signature engine for a custom signature; therefore, Answer D is incorrect. |
Question 3 | How do you enable multiple signature groups from the IDS MC?
|
A3: | Answer C is correct. To enable multiple signature groups, select the signature group check boxes and click Enable. You do not select multiple signature groups with the Ctrl key; therefore, both Answers A and B are incorrect. Answer D is incorrect because there is no drop-down menu with the Enable option. Answer E is incorrect because it is possible to enable multiple signature groups. |
Question 4 | An audit firm investigating corporate fraud requires that any use of the word confidential in common electronic communications should be detected . What signature engine do you use?
|
A4: | Answer D is correct. You can use the String.TCP signature engine because it allows you to specify a string pattern as well as a range of ports: ports 20 and 21 for FTP, 23 for Telnet, 25 for SMTP, 80 for HTTP, 110 for POP3, and 5190 for AOL, for example. Answer A is incorrect because the although the Service.SMTP signature engine allows you to analyze SMTP traffic, it does not examine traffic for other communications methods running on other ports. Answer B is incorrect because the Service.Generic engine does not allow you to specify a text string. Answer C is incorrect because although you can use the State.String.SMTP engine to search for text patterns within SMTP traffic, it does not examine traffic for the other communications methods on other ports. |
Question 5 | Which statement is true about service signature engines?
|
A5: | Answer E is correct. Service signature engines operate at Layers 5, 6, and 7. Answer A is incorrect because the service signature engines are operating systemindependent. Answers B and C are incorrect because service signature engines operate at Layers 5, 6, and 7 and not at Layers 2, 3, and 4. Answer D (and B again) is incorrect because the service signature engines do not support stateful inspection. |
Question 6 | Which of the following are valid values for the IP Reassemble Mode Reassembly Option? (Choose four.)
|
A6: | Answers A, B, C, and E are correct. You can set IP Reassembly Mode to NT, which is the default; Solaris; Linux; or BSD. AIX is not a valid reassembly option, so Answer D is incorrect. |
Question 7 | To configure global sensing, which of the following parameters would you define? (Choose two.)
|
A7: | Answers A and E are correct. You configure global sensing by defining internal networks and by setting reassembly options values. SSH key generation, Remote Data Exchange Protocol (RDEP) communication, and master signature engine parameters do not define global sensing. Answers B, C, and D are therefore incorrect. |
Question 8 | Which of the following ways can you access a signature from the Group Signatures by drop-down menu? (Choose three.)
|
A8: | Answers A, B, and E are correct. You can access signatures that are in the OS, L2/L3/L4, or Attack signature groups. Some signatures are set to a severity level of informational, but it is not a valid signature group. Therefore, Answer C is incorrect. You can use the Sweep signature engines to create custom signatures, but there is no option to access signatures according to a Sweep signature engine group. Therefore, Answer D is incorrect. |
Question 9 | Which of the following signature groups can you access from the Attack Signatures option in the Group Signatures by drop-down menu? (Choose four.)
|
A9: | Answers A, B, D, and F are correct. You can access the DoS, Information, Trojan, and Reconnaissance signature groups from the Attack Signatures option in the drop-down menu. You can access the DHCP and SQL signature groups from the Service Signatures option in the drop-down menu, not the Attack Signatures options. Therefore, Answers C and E are incorrect. |
Question 10 | Which of the following is not a signature group belonging to the OS option in the Group Signatures drop-down menu?
|
A10: | Answer F is correct. You cannot access an OpenBSD signature from the OS Signature option in the Group Signatures drop-down menu. All other signatures belong to the OS Signature group; therefore, Answers A through E are incorrect. |
[ LiB ] |