Task 1
Can an intrusion detection system (IDS) prevent the threat after it detects it? Yea/Nay
Nay
Task 2
Which type of IDS is deployed to detect threats throughout the network?
Network Intrusion Detection System
Which IDS leverages both signature-based and anomaly-based detection techniques?
Hybrid IDS
Task 3
Which mode of Snort helps us to log the network traffic in a PCAP file?
Packet Logging Mode
What is the primary mode of Snort called?
Network Intrusion Detection System Mode
Task 4
Where is the main directory of Snort that stores its files?
/etc/snort
Which field in the Snort rule indicates the revision number of the rule?
rev
Which protocol is defined in the sample rule created in the task?
icmp
What is the file name that contains custom rules for Snort?
local.rules
Task 5
What is the IP address of the machine that tried to connect to the subject machine using SSH?
10.11.90.211
What other rule message besides the SSH message is detected in the PCAP file?
Ping Detected
What is the sid of the rule that detects SSH?
1000002
