Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GSEC Topic 6 Question 42 Discussion

Actual exam question for GIAC's GIAC Security Essentials exam
Question #: 42
Topic #: 6
[All GIAC Security Essentials Questions]

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic triggering an alert with a destination port of 156?

Note: Snort Is configured to exit after It evaluates 50 packets.

Show Suggested Answer Hide Answer
Suggested Answer: I

by Evangelina at Apr 09, 2024, 05:11 AM

Limited Time Offer

25%

Off

Get Premium GSEC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Helga
20 hours ago
Okay, let's think this through step-by-step. We need to use sudo to launch Snort with the specified config file, and then find the source IP of the traffic triggering an alert on port 156.
upvoted 0 times
...
Elenore
3 days ago
Wait, did they say Snort is configured to exit after evaluating 50 packets? That's an unusual setting, but it might help us narrow down the answer.
upvoted 0 times
...
Natalya
4 days ago
I hope the answer choices aren't too tricky. Sometimes these certification exams try to mislead you with similar-looking IP addresses.
upvoted 0 times
...
Lorriane
5 days ago
Ah, I see the key is to find the source IP address of the traffic triggering an alert with a destination port of 156. That's a good way to test our Snort knowledge.
upvoted 0 times
...
Jina
7 days ago
I'm a bit unsure about the 'full mode' part. Does that mean we need to analyze the packet capture in detail?
upvoted 0 times
...
Nan
8 days ago
Hmm, this seems like a straightforward Snort question. I wonder what the catch is.
upvoted 0 times
...

Save Cancel