EC-Council
EC0-350 · Question #185
EC0-350 Question #185: Real Exam Question with Answer & Explanation
Sign in or unlock EC0-350 to reveal the answer and full explanation for question #185. The question stem and answer options stay visible for context.
Question
Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets? alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msG. "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids, 485;) alert
Options
- AThe payload of 485 is what this Snort signature will look for.
- BSnort will look for 0d0a5b52504c5d3030320d0a in the payload.
- CPackets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.
- DFrom this snort signature, packets with HOME_NET 27374 in the payload will be flagged.
Unlock EC0-350 to see the answer
You've previewed enough free EC0-350 questions. Unlock EC0-350 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.