New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GSEC Exam - Topic 8 Question 10 Discussion

Actual exam question for GIAC's GSEC exam
Question #: 10
Topic #: 8
[All GSEC Questions]

Which of the following is a signature-based intrusion detection system (IDS) ?

Show Suggested Answer Hide Answer
Suggested Answer: B

Snort is a signature-based intrusion detection system.

Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the

network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol

(IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

The three main modes in which Snort can be configured are as follows:

Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.

Packet logger mode: It logs the packets to the disk.

Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for

matches against a user-defined rule set.

Answer option C is incorrect. StealthWatch is a behavior-based intrusion detection system.

Answer option A is incorrect. RealSecure is a network-based IDS that monitors TCP, UDP and ICMP traffic and is configured to look for attack

patterns.


by Lucina at May 06, 2022, 06:19 PM

Limited Time Offer

25%

Off

Get Premium GSEC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Glendora
4 months ago
I thought StealthWatch was the right answer, surprised!
upvoted 0 times
...
Marnie
4 months ago
RealSecure is not signature-based, just saying.
upvoted 0 times
...
Edelmira
4 months ago
Wait, isn't Tripwire also signature-based?
upvoted 0 times
...
Alona
4 months ago
Totally agree, Snort is the one!
upvoted 0 times
...
Raul
5 months ago
Snort is a signature-based IDS.
upvoted 0 times
...
Darrel
5 months ago
I’m leaning towards Snort too, but I also have a vague memory of StealthWatch being discussed in a different context.
upvoted 0 times
...
Ammie
5 months ago
I remember studying RealSecure, but I thought it was more of a behavior-based system.
upvoted 0 times
...
Iluminada
5 months ago
I think Snort is the one that’s often mentioned as a signature-based IDS, but I’m not completely sure.
upvoted 0 times
...
Laila
5 months ago
Tripwire sounds familiar, but I can't recall if it’s signature-based or not. I feel like I’ve seen similar questions before.
upvoted 0 times
...
Mariko
5 months ago
Number of courses? I don't see how that would be the biggest challenge here. This seems more about the inherent properties of the data itself.
upvoted 0 times
...
Stevie
5 months ago
I'm pretty sure this is about the new mechanisms for data transfers under the GDPR, so I'll focus on that. I think the answer is B, binding corporate rules.
upvoted 0 times
...
Niesha
5 months ago
This question seems straightforward, I think I can handle it.
upvoted 0 times
...

Save Cancel