In IDM, which signature groups can you use to view signatures?
Answer: Using IDM, you can view signatures by using the following nine signature groups: Attack, L2/L3/L4 Protocol, Operating System, Signature Release, Service, Signature ID, Signature Name, Signature Action, and Signature Engine.
In IDM, which types of attacks can you view signatures by?
Answer: When using IDM, you can view signatures by the following types of attacks: DoS, File Access, General Attack, IDS Evasion, Informational, Policy Violation, Reconnaissance, and Viruses/Trojans/Worms.
In IDM, what field is searched when you display signatures by signature name?
Answer: When displaying signatures by signature name, IDM searches for matches (of the text string that you entered) in the signature name field.
What summary-key values can you specify for a signature?
Answer: The summary-key values are attacker address, victim address, attacker and victim addresses, attacker address and victim port, attacker and victim addresses and ports.
What is the difference between Fire All and Fire Once alarm summary modes?
Answer: Fire All generates an alarm for every occurrence of traffic that triggers a specific signature, whereas Fire Once generates an alarm for the first occurrence of traffic that triggers a specific signature during a specific summary interval.
What is the difference between Summary and Global Summary alarm summary modes?
Answer: Summary mode summarizes alerts based on the specified summary key, whereas Global Summary mode summarizes alerts based on all address and port combinations.
What does the Benign Trigger(s) field on the NSDB signature page provide?
Answer: The NSDB Benign Trigger(s) field indicates situations in which normal user traffic may cause a signature to fire.
What are the two methods (via IDM) that you can use to create new custom signatures?
Answer: When creating new custom signatures (via IDM), you can use Clone or Add. Clone enables you to start with the parameters of an existing signature and customize it to your environment. Add lets you build a signature from scratch.
Using IDM, how can you remove a signature from a signature engine?
Answer: To remove a signature from a signature engine, you use the Retire functionality.
What signature responses (actions) are unique to inline mode?
Answer: The signature responses unique to inline mode are Deny Attacker Inline, Deny Connection Inline, and Deny Packet Inline.
Which signature response (action) uses SNMP?
Answer: The Request SNMP Trap response (action) generates an SNMP trap when the signature fires.
Besides using the Select All button, how can you select multiple signatures on the Signature Configuration screen?
Answer: You can select multiple signatures on the Signature Configuration screen by holding down either the Shift or Ctrl key when highlighting signatures.