You are configuring rules for your Snort installation and want to have an alert message of “Attempted FTP” on any FTP packet coming from an outside address intended for one of your internal hosts. Which of the following rules are correct for this situation?

How does Tripwire (and programs like it) help against Trojan attacks?

A security staff is preparing for a security audit and wants to know if additional security training for the end user would be beneficial. Which of the following methods would be the best option for testing the effectiveness of user training in the environment?

Which of the following best describes a honeypot?

You’re running an IDLE scan and send the first packet to the target machine. Next, the SYN/ACK packet is sent to the zombie. The IPID on the return packet from the zombie is 36754. If the starting IPID was 36753, in what state is the port on the target machine?

You are examining lDS logs and come across the following entry:Mar 30 10:31:07 (1123): IDS1661/NOPS-x86: 64.118.55.64:1146-> 192.168.119.56:53What can you infer from this log entry?

You are examining lDS logs and come across the following entry:Mar 30 10:31:07 (1123): IDS1661/NOPS-x86: 64.118.55.64:1146-> 192.168.119.56:53What can you infer from this log entry?

You’ve decided to begin scanning against a target organization but want to keep your efforts as quiet as possible. Which IDS evasion technique splits the TCP header among multiple packets?

You are discussing wireless security with your client. She tells you she feels safe with her network as she has implemented MAC filtering on all access points, allowing only MAC addresses from clients she personally configures in each list. You explain this step will not prevent a determined attacker from connecting to this network. Which of the following explains why the APs are still vulnerable?

Which of the following is true regarding n-tier architecture?