Check On learning¶
---
primaryColor: steelblue
shuffleQuestions: false
shuffleAnswers: true
---
### LSA 1-1: What are the three modes of SNORT?
- [ ] Sniffer Mode, Alert Mode, Packet Logger Mode
- [x] NIDS Mode, Packet Logger Mode, Sniffer Mode
- [ ] Packet Logger Mode, HIDS Mode, Monitor Mode
- [ ] Alert Mode, Drop Mode, Pass Mode
### LSA 1-2 Which mode of SNORT displays real-time captured packets to your screen?
- [x] Sniffer Mode
- [ ] Packet Logger Mode
- [ ] NIDS Mode
- [ ] Suricata Mode
### LSA 2-1 What are signature-based rules vulnerable to?
- [ ] NOOP Sleds
- [ ] Slow detection
- [x] Zero day attacks
- [ ] Low accuracy
### LSA 2-2 ***(TRUE or FALSE)*** Updating the signature database with the latest threats from vendors is a well-established practice.
- [ ] False
- [x] True
### LSA 3-1 What part of the SNORT rule is shows here:
`alert tcp $EXTERNAL_NET 80 -> $HOME_NET any`
- [ ] Rule Body
- [ ] Rule Option
- [X] Rule Header
### LSA 3-2 Which line will send an alert when the anyone except the 192.168.1.0 network utilizes telnet?
- [ ] 1
- [ ] 2
- [ ] 3
- [x] 4
- [ ] 5
### LSA 3-3 Which of the following is NOT a category of rule options in SNORT?
- [ ] General
- [X] Signature
- [ ] Payload
- [ ] Non-Payload
### LSA 4-1 You get an alert that there was an attack on your system. You perform analysis and find an attack was not present. This is classified as what?
- [ ] True-Positive
- [ ] True-Negative
- [ ] False-Negative
- [x] False-Positive
### LSA 4-2 ***(TRUE of FALSE)*** Your IDS infers that a particular email message is not spam and that email message is not spam. This is an example of a True-Positive
- [ ] True
- [x] False
### LSA 5-1 Which term is more unique to your own network?
- [ ] Baseline Configurations
- [x] Baselining