IT인증시험문제는 수시로 변경됩니다. 이 점을 해결하기 위해 Pass4Test의  Cisco 500-280 (Securing Cisco Networks with Open Source Snort) 덤프도 시험변경에 따라 업데이트하도록 최선을 다하고 있습니다.Cisco 500-280 (Securing Cisco Networks with Open Source Snort) 시험문제 변경에 초점을 맞추어 업데이트를 진행한후 업데이트된 Cisco 500-280 (Securing Cisco Networks with Open Source Snort) 덤프를 1년간 무료로 업데이트서비스를 드립니다.

NO.1 For which application is Snort output suitable?
A. tcpdump
B. Wireshark
C. any application that can read PCAP format
D. NMap
Answer: C

NO.2 What does protocol normalization do?
A. compares evaluated packets to normal, daily network-traffic patterns
B. removes any protocol-induced or protocol-allowable ambiguities
C. compares a packet to related traffic from the same session, to determine whether the packet is
out of sequence
D. removes application layer data, whether or not it carries protocol-induced anomalies, so that
packet headers can be inspected more accurately for signs of abuse
Answer: B

NO.3 What must you do to produce ASCII-formatted output from Snort?
A. Do nothing because Snort produces ASCII output by default.
B. Use the -K ascii switch when you start Snort from the command line.
C. Compile Snort with the -K ascii flag in the configure command.
D. Use a third-party application to convert native Snort output to ASCII.
Answer: B

NO.4 What does the log_dump output plug-in do?
A. converts data into a format similar to Snort ASCII packet dump mode
B. converts data into a format similar to Snort fast alert mode
C. converts log data to PCAP-formatted output
D. converts data to CVS format
Answer: A

NO.5 Which character must a rule body end with?
A. parenthesis
B. period
C. exclamation mark
D. semicolon
Answer: A

NO.6 Which output is in a lightweight, binary form?
A. unified2
B. PCAP
C. SNMP
D. CSV
Answer: A

NO.7 An IPS addresses evasion by implementing countermeasures. What is one such
countermeasure?
A. periodically reset statistical buckets to zero for memory utilization, maximization, and
performance
B. send packets to the origination host of a given communication session, to confirm or eliminate
spoofing
C. perform pattern and signature analysis against the entire packet, rather than against individual
fragments
D. automate scans of suspicious source IP addresses
Answer: C

NO.8 Which information does the rule body contain?
A. source IP
B. protocol
C. port number
D. specification of which portion of a packet payload to examine
Answer: D