Cisco 500-280 - Securing Cisco Networks with Open Source Snort Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: )
An IPS addresses evasion by implementing countermeasures. What is one such
countermeasure?
countermeasure?
A. periodically reset statistical buckets to zero for memory utilization, maximization, and performance
B. send packets to the origination host of a given communication session, to confirm or eliminate spoofing
C. perform pattern and signature analysis against the entire packet, rather than against individual fragments
D. automate scans of suspicious source IP addresses
Answer: C
Question #7 (Topic: )
Which IPS placement option is the noisiest?
A. inside the firewall
B. outside the firewall
C. inside the DMZ
D. inside general user segments
Answer: B
Question #8 (Topic: )
What is the purpose of using a span or monitor port on a switch?
A. to aggregate traffic from multiple switch ports
B. to tap data off network media
C. to overcome problems that switches have in accurately reproducing desired traffic
D. to limit the amount of traffic that passes through the switch
Answer: A
Question #9 (Topic: )
Which item examines packets for malformation, anomalies, and protocol compliance and
gathers and presents packets in one consistent fashion?
gathers and presents packets in one consistent fashion?
A. Sniffer
B. preprocessors
C. detection engine
D. output and alerting module
Answer: B
Question #10 (Topic: )
Which component is one of the four primary components of Snort?
A. ACL
B. postprocessor
C. iptables
D. output and alerting
Answer: D
