nerdexam
EC-Council

312-50V13 · Question #69

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/

The correct answer is D. An Intrusion Detection System. The provided string is a rule written in a specific syntax used by network intrusion detection and prevention systems to identify and respond to suspicious network traffic. This syntax, particularly the alert action and msg keyword, is characteristic of Snort, a widely used open-

Submitted by lucia.co· Mar 6, 2026Evading IDS, Firewalls, and Honeypots

Question

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any any -> 192.168.100.0/24 21 (msg: ""FTP on the network!"";)

Options

  • AA firewall IPTable
  • BFTP Server rule
  • CA Router IPTable
  • DAn Intrusion Detection System

How the community answered

(47 responses)
  • A
    2% (1)
  • B
    6% (3)
  • C
    13% (6)
  • D
    79% (37)

Why each option

The provided string is a rule written in a specific syntax used by network intrusion detection and prevention systems to identify and respond to suspicious network traffic. This syntax, particularly the `alert` action and `msg` keyword, is characteristic of Snort, a widely used open-source Intrusion Detection System.

AA firewall IPTable

A firewall IPTable rule, commonly used in Linux, has a different syntax and structure (e.g., `iptables -A INPUT -p tcp --dport 21 -j DROP`), and does not typically include an `alert` action or `msg` field in this manner.

BFTP Server rule

An FTP server rule would relate to the server's configuration (e.g., user permissions, directory access) and not to network traffic monitoring with an `alert` action or `msg` field.

CA Router IPTable

A Router IPTable rule (or Access Control List) also has a different syntax focused on permitting or denying traffic flow, similar to a firewall, without the `alert` and `msg` components found in an IDS rule.

DAn Intrusion Detection SystemCorrect

The syntax `alert tcp any any -> 192.168.100.0/24 21 (msg: "FTP on the network!";)` is a classic example of a Snort rule. Snort is an open-source Intrusion Detection System (IDS) that uses such rules to monitor network traffic for patterns that indicate malicious activity and then trigger an alert.

Concept tested: IDS rule syntax (Snort)

Source: https://www.snort.org/documents/snort-users-manual

Topics

#IDS rules#Snort#network security monitoring#intrusion detection system

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice