Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GSEC Topic 6 Question 42 Discussion

Actual exam question for GIAC's GIAC Security Essentials exam
Question #: 42
Topic #: 6
[All GIAC Security Essentials Questions]

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic triggering an alert with a destination port of 156?

Note: Snort Is configured to exit after It evaluates 50 packets.

Show Suggested Answer Hide Answer
Suggested Answer: I

by Evangelina at Apr 09, 2024, 05:11 AM

Limited Time Offer

25%

Off

Get Premium GSEC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Helga
10 days ago
Okay, let's think this through step-by-step. We need to use sudo to launch Snort with the specified config file, and then find the source IP of the traffic triggering an alert on port 156.
upvoted 0 times
...
Elenore
12 days ago
Wait, did they say Snort is configured to exit after evaluating 50 packets? That's an unusual setting, but it might help us narrow down the answer.
upvoted 0 times
...
Natalya
13 days ago
I hope the answer choices aren't too tricky. Sometimes these certification exams try to mislead you with similar-looking IP addresses.
upvoted 0 times
...
Lorriane
14 days ago
Ah, I see the key is to find the source IP address of the traffic triggering an alert with a destination port of 156. That's a good way to test our Snort knowledge.
upvoted 0 times
...
Jina
16 days ago
I'm a bit unsure about the 'full mode' part. Does that mean we need to analyze the packet capture in detail?
upvoted 0 times
...
Nan
17 days ago
Hmm, this seems like a straightforward Snort question. I wonder what the catch is.
upvoted 0 times
...

Save Cancel