New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CPEH-001 Exam - Topic 2 Question 43 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 43
Topic #: 2
[All CPEH-001 Questions]

Which of the following snort rules look for FTP root login attempts?

Show Suggested Answer Hide Answer
Suggested Answer: D

The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:''user root'';)


by Kristofer at May 08, 2022, 09:37 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shawnna
4 months ago
Wait, are we really looking for 'user root'? That seems risky!
upvoted 0 times
...
Ryan
4 months ago
D is way too broad, can't be right.
upvoted 0 times
...
Ernie
4 months ago
C seems off, FTP doesn't use 'user password' like that.
upvoted 0 times
...
Avery
4 months ago
I think B is the right one, not A.
upvoted 0 times
...
Jamal
5 months ago
Definitely A, it looks correct.
upvoted 0 times
...
Maryanne
5 months ago
I feel like option C might be the right choice since it specifically mentions 'user password root', but I can't recall if it needs to be formatted differently.
upvoted 0 times
...
Nicolette
5 months ago
I’m a bit confused about the difference between 'msg' and 'message' in the rules. Does it affect how the alert is triggered?
upvoted 0 times
...
Ellsworth
5 months ago
I remember practicing with similar questions, and I feel like the keyword 'content' is important for matching specific strings.
upvoted 0 times
...
Emmett
5 months ago
I think option A looks familiar, but I'm not sure if the syntax is exactly right for detecting FTP logins.
upvoted 0 times
...
Starr
5 months ago
I'm a bit confused here. Is it something to do with the commit-id or the NTP configuration? I'll have to review those concepts.
upvoted 0 times
...
Amie
5 months ago
The address pool used for a vHBA template is WWPN, right? That makes the most sense to me based on what I know about virtual HBAs.
upvoted 0 times
...
Adelina
5 months ago
The internal and external audit reports might give me a good sense of the key risks and challenges the organization is facing. That could help inform the audit plan.
upvoted 0 times
...
Buck
5 months ago
The key is to focus on the equipment mentioned in the options. I'll go through each one and see which one best fits the description.
upvoted 0 times
...
Brittni
5 months ago
I think the entry should include both sales revenue and sales tax, but I'm not sure how to separate them correctly.
upvoted 0 times
...

Save Cancel