The questions that follow give you a bigger challenge than the exam itself by using an openended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
1.
Which two fields uniquely identify a signature?
2.
What does the Signature Fidelity Rating indicate?
3.
What does the Alert Severity level indicate?
4.
What values can you assign to the Event Count Key field?
5.
What does the Event Count Key specify?
6.
What is the Meta Event Generator?
7.
When configuring a signature with the Meta signature engine, which engine-specific parameters do you need to specify?
8.
Explain Application Policy Enforcement and identify which signature engines support this capability.
9.
What are some of the checks provided by the AIC HTTP signature engine?
10.
Signature tuning involves changing which signature parameters?
11.
Signature tuning does not usually involve changing which signature parameters?
12.
What are the four high-level steps involved in creating a custom signature?
13.
What are the factors that you need to consider when choosing a signature engine for a new signature?
14.
What is the difference between adding a new signature and creating a new signature by using the cloning functionality?
15.
What regex matches the following patterns: ABXDF, ABXXDF, and ABD?
