GIAC
GSEC · Question #42
GSEC Question #42: Real Exam Question with Answer & Explanation
The correct answer is B. Application analysis. In-line NIDS devices combine anomaly analysis, signature-based rules, and application analysis to detect malicious network traffic.
Question
IPS devices that are classified as "In-line NIDS" devices use a combination of anomaly analysis, signature-based rules, and what else to identify malicious events on the network?
Options
- AFirewall compatibility rules
- BApplication analysis
- CICMP and UDP active scanning
- DMAC address filtering
Explanation
In-line NIDS devices combine anomaly analysis, signature-based rules, and application analysis to detect malicious network traffic.
Common mistakes.
- A. Firewall compatibility rules are a configuration concern for network architecture, not an analysis technique used by NIDS engines to identify malicious events.
- C. ICMP and UDP active scanning is an offensive reconnaissance technique and is not a passive detection method employed by in-line NIDS devices.
- D. MAC address filtering operates at Layer 2 and is a basic access control mechanism, not a malicious event detection technique used by NIDS.
Concept tested. In-line NIDS detection methods including application analysis
Reference. https://docs.snort.org/start/introduction
Community Discussion
No community discussion yet for this question.