| 1. | In IDM, which signature groups can you use to view signatures? |
| [click here] | Answer: Using IDM, you can view signatures by using the following nine signature groups: Attack, L2/L3/L4 Protocol, Operating System, Signature Release, Service, Signature ID, Signature Name, Signature Action, and Signature Engine. |
| 2. | In IDM, which types of attacks can you view signatures by? |
| [click here] | Answer: When using IDM, you can view signatures by the following types of attacks: DoS, File Access, General Attack, IDS Evasion, Informational, Policy Violation, Reconnaissance, and Viruses/Trojans/Worms. |
| 3. | In IDM, what field is searched when you display signatures by signature name? |
| [click here] | Answer: When displaying signatures by signature name, IDM searches for matches (of the text string that you entered) in the signature name field. |
| 4. | What summary-key values can you specify for a signature? |
| [click here] | Answer: The summary-key values are attacker address, victim address, attacker and victim addresses, attacker address and victim port, attacker and victim addresses and ports. |
| 5. | What is the difference between Fire All and Fire Once alarm summary modes? |
| [click here] | Answer: Fire All generates an alarm for every occurrence of traffic that triggers a specific signature, whereas Fire Once generates an alarm for the first occurrence of traffic that triggers a specific signature during a specific summary interval. |
| 6. | What is the difference between Summary and Global Summary alarm summary modes? |
| [click here] | Answer: Summary mode summarizes alerts based on the specified summary key, whereas Global Summary mode summarizes alerts based on all address and port combinations. |
| 7. | What does the Benign Trigger(s) field on the NSDB signature page provide? |
| [click here] | Answer: The NSDB Benign Trigger(s) field indicates situations in which normal user traffic may cause a signature to fire. |
| 8. | What are the two methods (via IDM) that you can use to create new custom signatures? |
| [click here] | Answer: When creating new custom signatures (via IDM), you can use Clone or Add. Clone enables you to start with the parameters of an existing signature and customize it to your environment. Add lets you build a signature from scratch. |
| 9. | Using IDM, how can you remove a signature from a signature engine? |
| [click here] | Answer: To remove a signature from a signature engine, you use the Retire functionality. |
| 10. | What signature responses (actions) are unique to inline mode? |
| [click here] | Answer: The signature responses unique to inline mode are Deny Attacker Inline, Deny Connection Inline, and Deny Packet Inline. |
| 11. | Which signature response (action) uses SNMP? |
| [click here] | Answer: The Request SNMP Trap response (action) generates an SNMP trap when the signature fires. |
| 12. | Besides using the Select All button, how can you select multiple signatures on the Signature Configuration screen? |
| [click here] | Answer: You can select multiple signatures on the Signature Configuration screen by holding down either the Shift or Ctrl key when highlighting signatures. |
