GIAC
GCED · Question #42
GCED Question #42: Real Exam Question with Answer & Explanation
Sign in or unlock GCED to reveal the answer and full explanation for question #42. The question stem and answer options stay visible for context.
Question
The security team wants to detect connections that can compromise credentials by sending them in plaintext across the wire. Which of the following rules should they enable on their IDS sensor?
Options
- Aalert tcp any 22 <> any 22 (msg:SSH connection; class type:misc-attack;sid: 122:rev:1;)
- Balert tcp any any <> any 6000: (msg:X-Windows session;
- Calert tcp any 23 <> any 23 (msg:Telnet shell; class type:misc-attack;sid:100; rev:1;)
- Dalert udp any any <> any 5060 (msg:VOIP message; classtype:misc-attack;sid:113; rev:2;)
Unlock GCED to see the answer
You've previewed enough free GCED questions. Unlock GCED for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.