Cisco Exam 500-285 Topic 1 Question 72 Discussion

Actual exam question for Cisco's 500-285 exam

Question #: 72
Topic #: 1

Which option describes the two basic components of Sourcefire Snort rules?

Apreprocessor configurations to define what to do with packets before the detection engine sees them, and detection engine configurations to define exactly how alerting is to take place

Ba rule statement characterized by the message you configure to appear in the alert, and the rule body that contains all of the matching criteria such as source, destination, and protocol

Ca rule header to define source, destination, and protocol, and the output configuration to determine which form of output to produce if the rule triggers

Da rule body that contains packet-matching criteria or options to define where to look for content in a packet, and a rule header to define matching criteria based on where a packet originates, where it is going, and over which protocol

Show Suggested Answer

Suggested Answer: D

by Tyra at Sep 15, 2024, 04:38 PM

Limited Time Offer

25%

Off

Get Premium 500-285 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Eliseo

6 days ago

Option D seems to cover the basics of Snort rules pretty well. The rule body and the rule header - that's the core of it, right?

upvoted 0 times

...

Galen

22 days ago

I think the answer is A.

upvoted 0 times

...