ABC Corp, a medium-sized enterprise, is experiencing network performance degradation and intermittent service disruptions. Upon investigation, the IT security team suspects the presence of Denial of Service (DOS) attacks targeting their network infrastructure. As the Threat Management Analyst, you're tasked with hunting and mitigating these threats effectively. What would be an appropriate Snort rule to detect a DDoS attack targeting a specific IP address?alert tcp any any -> 192.168.1.100 any (msg:"Potential DDoS Activity";)alert ip 192.168.1.100 any -> any any (msg:"Possible DDoS Attack";)alert ip any any -> 192.168.1.100 any (msg:"Potential DDoS Activity";)alert udp any any -> 192.168.1.100 any (msg:"Suspected DDoS Attack";)

ABC Corp, a medium-sized enterprise, is experiencing network performance degradation and intermittent service disruptions. Upon investigation, the IT security team suspects the presence of Denial of Service (DOS) attacks targeting their network infrastructure. As the Threat Management Analyst, you're tasked with hunting and mitigating these threats effectively. When crafting a Snort rule to detect DDoS attacks, what is the importance of considering false positives?False positives do not matter when it comes to DDoS detectionFalse positives can lead to unnecessary alerts and wasted resourcesFalse positives are useful for training machine learning models to recognize DDoS patternsFalse positives indicate successful detection of DDoS attacks

Question 1What do network-level Denial of Service (DoS) attacks target?1 pointThe personal information of employeesCommonly used software applicationsAll hardware within an organizationNetwork bandwidth2.Question 2Which of the following statements accurately describe Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks? Select three answers.1 pointA DoS attack targets a network or server.In both DoS and DDoS attacks, if any part of the network is overloaded, the attacks are successful.A DDoS attack may use multiple devices in different locations to flood the target network with unwanted traffic.A DoS attack involves multiple hosts carrying out the attack.3.Question 3A security manager is training their team to identify when a server has experienced a SYN-flood attack. What might indicate to the team members that their organization is at risk?1 pointThe port numbers in the data packets are incorrect.An oversized ICMP packet is sent to the network server.The server has stopped responding after receiving an unusually high number of incoming SYN packets.A large number of ICMP packets are delivered to the organization’s servers.4.Question 4Fill in the blank: The DoS attack _____ occurs when a malicious actor sends an oversized ICMP packet to a server.1 pointon-pathSYN flood Ping of Deathsmurf5.Question 5Which of the following statements correctly describe passive and active packet sniffing? Select three answers.1 pointActive packet sniffing may enable attackers to redirect the packets to unintended ports.A company can avoid using unprotected Wi-Fi to help protect itself from packet sniffing.Passive packet sniffing enables attackers to change the information a packet contains.Passive packet sniffing allows malicious actors to view the information going in and out of the targeted device.6.Question 6As a security professional, you implement safeguards against attackers changing the source IP of a data packet in order to communicate over your company’s network. What type of network attack are you trying to avoid?1 pointPing of DeathPassive packet sniffingActive packet sniffingIP spoofing7.Question 7Fill in the blank: _____ is a network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.1 pointA KRACK attackIP spoofingSYN floodingA DoS attack8.Question 8In which attack would malicious actors gain access to a network, put themselves between a web browser and a web server, then sniff the packet to learn the devices’ IP and MAC addresses?1 pointSmurf attackPacket flooding attackMalware attackOn-path attack9.Question 9Fill in the blank: The _____ network attack occurs when an attacker intercepts a data packet in transit, then repeats it at another time.1 pointSYN floodsmurfreplayon-path10.Question 10Which combination of DoS and IP spoofing attack can bring down an entire network by flooding an authorized user’s IP address with packets?1 pointSmurf attackOn-path attackReplay attackPing of Death

What is the key characteristic that distinguishes a DDoS attack from a DoS attack?Select one:a. The use of social engineering techniquesb. The involvement of a single attackerc. The use of advanced encryptiond. The use of multiple attack vectors

Which type of firewall is most effective at detecting and mitigating Distributed Denial of Service (DDoS) attacks before they reach the internal network?0.5 MarksSoftware firewallHost-based firewallStateful inspection firewallNetwork-based firewallHardware firewall

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24111 (content:"|00 01 86 a5|"; msG. "mountd access";)A. An alert is generated when a TCP packet is generated from any IP on the 192.168.1.0 subnet anddestined to any IP on port 111B. An alert is generated when any packet other than a TCP packet is seen on the network anddestined for the 192.168.1.0 subnetC. An alert is generated when a TCP packet is originated from port 111 of any IP address to the192.168.1.0 subnetD. An alert is generated when a TCP packet originating from any IP address is seen on the networkand destined for any IP address on the 192.168.1.0 subnet on port 111