The questions that follow give you a bigger challenge than the exam itself by using an open-ended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
1.
In IDM, which signature groups can you use to view signatures?
2.
In IDM, which types of attacks can you view signatures by?
3.
In IDM, what field is searched when you display signatures by signature name?
4.
What summary-key values can you specify for a signature?
5.
What is the difference between Fire All and Fire Once alarm summary modes?
6.
What is the difference between Summary and Global Summary alarm summary modes?
7.
What does the Benign Trigger(s) field on the NSDB signature page provide?
8.
What are the two methods (via IDM) that you can use to create new custom signatures?
9.
Using IDM, how can you remove a signature from a signature engine?
10.
What signature responses (actions) are unique to inline mode?
11.
Which signature response (action) uses SNMP?
12.
Besides using the Select All button, how can you select multiple signatures on the Signature Configuration screen?