New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)
P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s
QUESTION 11
What does the log_dump output plug-in do?
A. converts data into a format similar to Snort ASCII packet dump mode
B. converts data into a format similar to Snort fast alert mode
C. converts log data to PCAP-formatted output
D. converts data to CVS format
Answer: A
QUESTION 12
Which output method is the fastest for Snort?
A. unified2
B. database
C. binary (tcpdump)
D. CSV
Answer: A
QUESTION 13
Which command-line argument can you use with Snort to produce a binary output file?
A. -B
B. -b
C. -u
D. -U
Answer: B
QUESTION 14
What must you do to produce ASCII-formatted output from Snort?
A. Do nothing because Snort produces ASCII output by default.
B. Use the -K ascii switch when you start Snort from the command line.
C. Compile Snort with the -K ascii flag in the configure command.
D. Use a third-party application to convert native Snort output to ASCII.
Answer: B
QUESTION 15
For which application is Snort output suitable?
A. tcpdump
B. Wireshark
C. any application that can read PCAP format
D. NMap
Answer: C
QUESTION 16
When you instruct Snort to place ASCII-formatted log data in a specific directory, what does Snort use to organize the alert data?
A. IP address
B. port number
C. packet
D. interface
Answer: A
QUESTION 17
How is the basic construct of a port variable formatted in the Snort.conf file?
A. variable
B. var arguments
C. portvar value
D. port variable
Answer: C
QUESTION 18
Which action should you perform to enable or disable entire classes of rules through the snort.conf file?
A. Specify the -e or :-d command-line argument.
B. Comment or uncomment the rule class.
C. Build and reference a separate rules-configuration file.
D. Specify the enable or the disable argument.
Answer: B
QUESTION 19
Which statement about the detection engine configuration settings in snort.conf is true?
A. All the decoder alerts are on by default.
B. All the decoder settings are off by default.
C. Some decoder settings are on and others must be uncommented.
D. The decoder is no longer in use.
Answer: B
QUESTION 20
What is the minimum action that you should take when configuring a new Snort installation?
A. Turn on all the rules.
B. Inform your users that you have deployed an IDS/IPS.
C. Provision more network bandwidth in case your installation causes latency.
D. Configure your HOME_NET to include the networks that you want the sensor to protect.
Answer: D
New 500-280 exam questions from PassLeader 500-280 dumps! Welcome to download the newest PassLeader 500-280 VCE and PDF dumps: http://www.passleader.com/500-280.html (70 Q&As)
P.S. Free 500-280 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpdGtsVkxNYUYwa2s
