ES Advanced Dragon IDS
Exam Questions, Answers, Braindumps (2B0-023)
Cleared paper. Thanks to www.exams.ws and www.examcheats.net.
But you don't need to have it from both of them, questions
from only one are sufficient regarding paper.
In which Host Sensor configuration file are custom (wrapped
or native) modules defined?
Which of the following best describes the Host Sensor
Event Filter Engine (EFE)?
A. Scrutinizes events, either altering the contents
of the event or discarding it
B. Generates alerts or guarantees delivery of events
C. Analyzes events and produces categorized event forensics
D. Detects an event and forwards it to the Host Sensor
framework for processing
What is a Host Sensor "Virtual Sensor", and
in what module is it activated?
A. Saves system memory by deploying a "thin client"
Host Sensor that reports to a fullyfunctioning remote
Host Sensor; activated in EDE module
B. Consolidates events from multiple event sources by
assigning a virtual name to an event based on its source
IP; activated in the EFE module
C. Detects virtual events that are technically not harmful
but should be logged anyway; activated in the EAE module
D. Deters attacks in background mode (virtually) that
the Host Sensor EDE detects; activated in Alarmtool
What term best describes the process of deploying a
local EFP that only processes IDS events from the Network
and Host Sensors directly attached to it?
A. Local Flow Processing (LFP)
B. IDS Data Partitioning
C. Strict Event Flow
D. Flexible Event Flow
In the Host Sensor Event Alerting Engine (EAE), what
is the function of Hexadecimal Screen Dump?
A. Redirects screen display (stdout) to a dragon.db
B. For troubleshooting on UNIX platforms, allows Host
Sensor to display events to the screen as they occur
C. In the event of a system compromise, copies (dumps)
the attackers screen output to a log file for later
D. In the event of a system compromise, initializes
TCPDUMP on the Host Sensor terminal screen
Given a scenario where you have created and deployed
a Host Sensor policy for monitoring a specific Windows
file for attribute changes (increased, truncated, etc.),
what is the result if you try to delete this file while
it is being monitored by Host Sensor?
A. The file will be deleted, and Host Sensor will log
B. The file will be deleted, and the operating system
will experience a buffer overflow when Host Sensor next
attempts to monitor this file
C. The file will not be deleted because Windows will
report the file as being used by another person or program
D. Host Sensor will interrupt the file deletion request,
log an attack, and send an Active Response to prevent
further deletion attempts
Which of the following best describes the generally
recommended method for writing Dragon Network Sensor
A. Narrow the focus of the signature as much as possible,
compare normal usage to abnormal usage, and create alerts
for the abnormal usage
B. Detect an attack, scan the network for vulnerabilities,
create appropriate signatures
C. Monitor network traffic with a sniffer, import sniffer
filters into Dragon, and convert them into the appropriate
D. Export your corporate security policy in ASCII format
and import this file into the Dragon Host Sensor policy
library signature conversion utility
In what Dragon configuration file could you create additional
Network Sensor event groups?