The rule options section is:

used to tighten rules and prevent false positives

Rule actions are implemented if:

at least half of the conditions are true

if two or more conditions are true

What happens when Snort rejects a packet?

It logs the packet and sends an "unreachable" message to the sender

It logs the packet but gives no user feedback

It sends a "443" error to the sender

What is the purpose of the flow:to_server,established; keyword in a Snort rule?

B. Matches established TCP connections going to the server

A. Matches packets going to the client over UDP

C. Matches packets with invalid TCP flags

D. Enables rule logging only when SSL is detected

What does the fast_pattern keyword do in Snort rules?

C. Enables Snort to prioritize this content match for faster detection

A. Ignores this rule in performance mode

C. Limits the number of alerts per second

What does this content directive match? snort content:"/news.php HTTP/1.1|0D 0A|";

Exact match for a URI targeting /news.php with CRLF

Any PHP file requested via HTTP

End of a TCP segment containing a PHP response

What is the default behavior of Snort if two rules match the same packet?

All matching rules are triggered

Only the rule with the lowest SID is triggered

The rule with the most content directives takes precedence

Only the first rule loaded in memory triggers

Which of the following would help detect beaconing behavior in C2 communications?

detection_filter:track by_src, count 10, seconds 60;

Which of the following statements is true regarding NAT and duplicated Snort alerts?

A connection can appear twice — once pre-NAT and once post-NAT

NAT merges both internal and external flows, so no duplication occurs

Snort detects NAT automatically and suppresses external flows

NAT encrypts Snort alerts, making them undetectable

snort

Authored by adam ali

Information Technology (IT)

University

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

22 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is Snort primarily used for?

File compression

Network intrusion detection and prevention

Data backup

Web hosting

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does the following Snort rule do? alert tcp any any -> 192.168.1.0/24 80 (msg:"Web traffic detected"; sid:100001;)

Blocks HTTP traffic to the specified subnet

Logs any UDP traffic to port 80

Generates an alert for TCP traffic to port 80 in the specified subnet

Drops packets to port 80

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is a valid protocol for Snort rules?

TCP

UDP

ICMP

All of the above

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In Snort rules, what does content:"user-agent" signify?

Specifies the sender of the packet

Searches the packet content for the string "user-agent"

Drops packets containing "user-agent"

Generates an alert for any packet

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What does the sid field in a Snort rule represent?

A unique identifier for the rule

The source IP address

The destination port

The action to be performed

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which operator is used in Snort rules to indicate traffic direction?

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the purpose of the msg keyword in a Snort rule?

Logs the packet source address

Specifies the message to display in alerts

Modifies the rule’s priority

Filters out unnecessary packets

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Dasar-Dasar Fotografi untuk Siswa Kelas 10

Quiz

•

11th Grade - University

20 questions

MS2024 Pre-Quiz #5

Quiz

•

University

20 questions

Security Fundamental

Quiz

•

University

20 questions

"Mahal kong NVSU" Quiz Bee

Quiz

•

University

20 questions

Introducción a la Ciberseguridad

Quiz

•

University

22 questions

Internet and App script

Quiz

•

5th Grade - University

20 questions

ICC_Module_7

Quiz

•

University

20 questions

LogoNOVA (FYIT Logo Quiz)

Quiz

•

University

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Information Technology (IT)

8 questions

2 Step Word Problems

Quiz

•

KG - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

7 questions

Force and Motion

Interactive video

•

4th Grade - University

10 questions

14.2 Independent/Dependent Variables

Quiz

•

KG - University

18 questions

Great Lakes States

Quiz

•

KG - University

7 questions

DNA, Chromosomes, Genes, and Traits: An Intro to Heredity

Interactive video

•

11th Grade - University

7 questions

Reflexive Verbs in Spanish

Lesson

•

9th Grade - University

7 questions

Narrative Writing 1

Interactive video

•

4th Grade - University

snort

What is Snort primarily used for?

What does the following Snort rule do? alert tcp any any -> 192.168.1.0/24 80 (msg:"Web traffic detected"; sid:100001;)

Which of the following is a valid protocol for Snort rules?

In Snort rules, what does content:"user-agent" signify?

What does the sid field in a Snort rule represent?

Which operator is used in Snort rules to indicate traffic direction?

What is the purpose of the msg keyword in a Snort rule?

Which of the following keywords in a Snort rule is used to specify packet payload?

You want to analyze network traffic to gain overall statistics and summaries without looking at individual packets. Which Traffic Analysis technique would be most suitable?

What are the two sections of a Snort rule?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)