GSEC Question #350: Real Exam Question with Answer & Explanation

Question

Exhibit

Options

• A192.168.^.30
• B10.72.101.210
• C10.10.28.19
• D10.11.10.11
• E10.10.10.66
• F192.168.87.68
• G10.12.10.112
• H10.11.12.13
• I10.10.201.150
• J10.10.199.146

Explanation

This hands-on lab requires launching Snort IDS in full alert mode and reviewing generated alerts to identify which source IP sent traffic destined for port 156.

Common mistakes.

• A. 192.168.1.30 does not match the source IP recorded in the Snort alert corresponding to destination port 156 within the first 50 evaluated packets.
• B. 10.72.101.210 appears in network traffic but is not the source IP associated with the alert triggered by destination port 156.
• C. 10.10.28.19 may appear in other captured packets but is not the source triggering a port 156 alert in the Snort output.
• D. 10.11.10.11 does not correspond to the source IP in the alert with destination port 156 as shown in the Snort analysis.
• E. 10.10.10.66 is not the source IP identified in the Snort alert for destination port 156 traffic.
• F. 192.168.87.68 does not match the source address in the relevant Snort alert for port 156.
• G. 10.12.10.112 is not the source IP associated with the destination port 156 alert in the Snort output.
• H. 10.11.12.13 does not appear as the source in the Snort alert triggered by traffic to port 156.
• J. 10.10.199.146 does not match the source IP recorded in the Snort alert for destination port 156.

Concept tested. Snort IDS alert analysis and traffic source identification

Reference. https://www.snort.org/documents/snort-users-manual

No community discussion yet for this question.