Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

Questions › Category: 350-201 › Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

0 Vote Up Vote Down

Admin Staff asked 3 months ago


Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the
Snort rule be modified to improve performance?

A. Block list of internal IPs from the rule

B. Change the rule content match to case sensitive

C. Set the rule to track the source IP

D. Tune the count and seconds threshold of the rule








 

Suggested Answer: B



This question is in 350-201 Performing CyberOps Using Cisco Security Technologies (CBRCOR) Exam
For getting Cisco Certified CyberOps Professional Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.

Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password

Refer to the exhibit. IDS is producing an increased amount of false positive events about brute force attempts on the organization's mail server. How should the Snort rule be modified to improve performance?

Where do threat intelligence tools search for data to identify potential malicious IP addresses, domain names, and URLs?

A threat actor used a phishing email to deliver a file with an embedded macro. The file was opened, and a remote code execution attack occurred in a company's infrastructure. Which steps should an engineer take at the recovery stage?

Related Questions

Recommended

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Fortinet NSE 4 – FortiOS 7.2 certificate

Welcome Back!

Create New Account!

Retrieve your password