Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

GIAC Exam GSEC Topic 6 Question 42 Discussion

Actual exam question for GIAC's GIAC Security Essentials exam
Question #: 42
Topic #: 6
[All GIAC Security Essentials Questions]

Use sudo to launch Snort with the, /etc /snort /snort.conf file In full mode to generate alerts based on incoming traffic to echo. What is the source IP address of the traffic triggering an alert with a destination port of 156?

Note: Snort Is configured to exit after It evaluates 50 packets.

Show Suggested Answer Hide Answer
Suggested Answer: I

by Evangelina at Apr 09, 2024, 05:11 AM

Limited Time Offer

25%

Off

Get Premium GSEC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shay
1 days ago
I'm not sure, but I believe the source IP address could also be E) 10.10.10.66.
upvoted 0 times
...
Clemencia
2 days ago
I think the answer might be C) 10.10.28.19 because it seems to fit the criteria.
upvoted 0 times
...
Helga
24 days ago
Okay, let's think this through step-by-step. We need to use sudo to launch Snort with the specified config file, and then find the source IP of the traffic triggering an alert on port 156.
upvoted 0 times
...
Elenore
26 days ago
Wait, did they say Snort is configured to exit after evaluating 50 packets? That's an unusual setting, but it might help us narrow down the answer.
upvoted 0 times
...
Natalya
27 days ago
I hope the answer choices aren't too tricky. Sometimes these certification exams try to mislead you with similar-looking IP addresses.
upvoted 0 times
...
Lorriane
28 days ago
Ah, I see the key is to find the source IP address of the traffic triggering an alert with a destination port of 156. That's a good way to test our Snort knowledge.
upvoted 0 times
...
Jina
1 months ago
I'm a bit unsure about the 'full mode' part. Does that mean we need to analyze the packet capture in detail?
upvoted 0 times
...
Nan
1 months ago
Hmm, this seems like a straightforward Snort question. I wonder what the catch is.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77