The rule options section is:

used to tighten rules and prevent false positives

Rule actions are implemented if:

at least half of the conditions are true

if two or more conditions are true

What happens when Snort rejects a packet?

It logs the packet and sends an "unreachable" message to the sender

It logs the packet but gives no user feedback

It sends a "443" error to the sender

What is the purpose of the flow:to_server,established; keyword in a Snort rule?

B. Matches established TCP connections going to the server

A. Matches packets going to the client over UDP

C. Matches packets with invalid TCP flags

D. Enables rule logging only when SSL is detected

What does the fast_pattern keyword do in Snort rules?

C. Enables Snort to prioritize this content match for faster detection

A. Ignores this rule in performance mode

C. Limits the number of alerts per second

What does this content directive match? snort content:"/news.php HTTP/1.1|0D 0A|";

Exact match for a URI targeting /news.php with CRLF

Any PHP file requested via HTTP

End of a TCP segment containing a PHP response

What is the default behavior of Snort if two rules match the same packet?

All matching rules are triggered

Only the rule with the lowest SID is triggered

The rule with the most content directives takes precedence

Only the first rule loaded in memory triggers

Which of the following would help detect beaconing behavior in C2 communications?

detection_filter:track by_src, count 10, seconds 60;

Which of the following statements is true regarding NAT and duplicated Snort alerts?

A connection can appear twice — once pre-NAT and once post-NAT

NAT merges both internal and external flows, so no duplication occurs

Snort detects NAT automatically and suppresses external flows

NAT encrypts Snort alerts, making them undetectable

snort

Authored by adam ali

Information Technology (IT)

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

22 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is Snort primarily used for?

File compression

Network intrusion detection and prevention

Data backup

Web hosting

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does the following Snort rule do? alert tcp any any -> 192.168.1.0/24 80 (msg:"Web traffic detected"; sid:100001;)

Blocks HTTP traffic to the specified subnet

Logs any UDP traffic to port 80

Generates an alert for TCP traffic to port 80 in the specified subnet

Drops packets to port 80

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a valid protocol for Snort rules?

TCP

UDP

ICMP

All of the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In Snort rules, what does content:"user-agent" signify?

Specifies the sender of the packet

Searches the packet content for the string "user-agent"

Drops packets containing "user-agent"

Generates an alert for any packet

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does the sid field in a Snort rule represent?

A unique identifier for the rule

The source IP address

The destination port

The action to be performed

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which operator is used in Snort rules to indicate traffic direction?

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the purpose of the msg keyword in a Snort rule?

Logs the packet source address

Specifies the message to display in alerts

Modifies the rule’s priority

Filters out unnecessary packets

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

CI2214 Chapter 1

Quiz

•

University

17 questions

Brainware

Quiz

•

9th Grade - University

20 questions

Quiz 1 | Information Security | Kali Linux Commands

Quiz

•

University

20 questions

Quiz KTI

Quiz

•

University

20 questions

PPL 223 ( QUIZ 2) Syntax and Semantics

Quiz

•

University

19 questions

CHAPTER 3: SYSTEM ANALYSIS AND DESIGN

Quiz

•

University

20 questions

DSA (Quiz 4) - Trees

Quiz

•

University

20 questions

Computer Basics Quiz

Quiz

•

7th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

23 questions

Subject Verb Agreement

Quiz

•

9th Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

5 questions

Poetry Interpretation

Interactive video

•

4th Grade - University

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

15 questions

Review1

Quiz

•

University

15 questions

Pre1

Quiz

•

University

snort

What is Snort primarily used for?

What does the following Snort rule do? alert tcp any any -> 192.168.1.0/24 80 (msg:"Web traffic detected"; sid:100001;)

Which of the following is a valid protocol for Snort rules?

In Snort rules, what does content:"user-agent" signify?

What does the sid field in a Snort rule represent?

Which operator is used in Snort rules to indicate traffic direction?

What is the purpose of the msg keyword in a Snort rule?

Which of the following keywords in a Snort rule is used to specify packet payload?

You want to analyze network traffic to gain overall statistics and summaries without looking at individual packets. Which Traffic Analysis technique would be most suitable?

What are the two sections of a Snort rule?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)