You are reconfiguring your networks firewall to create a DMZ using three network interfaces. After configuring the addresses on the interfaces, you are making the required changes in ISA Server 2006. You are going to use Network Template during this configuration change. What Network Template is designed for this firewall topology?
You have decided to install Snort on your Windows Server 2003 and are making changes to the default
configuration file. You see the following two lines:
include classification.config
include reference.config
What should these two lines read, after you make your changes, on a default installation?
You are configuring the Snort Rules for your new IDS. You are creating the rules, and wish to avoid the Snort Rule IDs that are reserved for Snorts use. Which of the following is the range of Snort Rule IDs that are reserved for Snorts use?
During your configuration of Snort, you wish to use priority levels in your rules. What are the three options in the
Snort rule that can be used to define the Priority level of the rule?
You are configuring Snort on your new IDS, and wish to categorize the events of the rules you will use. Which keyword is used to categorize Snort events?
For the new Snort rules you are building, it will be required to have Snort examine inside the content of the
packet. Which keyword is used to tell Snort how far inside the packet it should look for the pattern, or defined
content match?
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different
methods of detection. If an IDS uses the process of finding a deviation from a well know pattern of user
behavior, what is this known as?
You are going to configure your SuSe Linux machine to run Snort, as the IDS in your network. In order to take
full advantage of Snort, you have read that you need a LAMP Server. What are the components of a LAMP
Server?
As Intrusion Detection Systems become more sophisticated, the software manufacturers develop different
methods of detection. If an IDS uses the process of matching known attacks against data collected in your
network, what is this known as?
You are configuring the Intrusion Detection System in your network, and a significant part of the strategy is to
use custom Snort rules. When setting rules for Snort, what rule option keyword would you use to match a
defined value in the packets payload?