REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Micheal Garwean
 
 

 

Braindumps of 2B0-023
ES Advanced Dragon IDS

 

Exam Questions, Answers, Braindumps (2B0-023)
Cleared paper. Thanks to www.exams.ws and www.examcheats.net. But you don't need to have it from both of them, questions from only one are sufficient regarding paper.


QUESTION 1
In which Host Sensor configuration file are custom (wrapped or native) modules defined?
A. dragon.net
B. dragon.cfg
C. dsquire.net
D. dsquire.cfg
ANS D
QUESTION 2
Which of the following best describes the Host Sensor Event Filter Engine (EFE)?
A. Scrutinizes events, either altering the contents of the event or discarding it
B. Generates alerts or guarantees delivery of events to destinations
C. Analyzes events and produces categorized event forensics reports
D. Detects an event and forwards it to the Host Sensor framework for processing
ANS A
QUESTION 3
What is a Host Sensor "Virtual Sensor", and in what module is it activated?
A. Saves system memory by deploying a "thin client" Host Sensor that reports to a fullyfunctioning remote Host Sensor; activated in EDE module
B. Consolidates events from multiple event sources by assigning a virtual name to an event based on its source IP; activated in the EFE module
C. Detects virtual events that are technically not harmful but should be logged anyway; activated in the EAE module
D. Deters attacks in background mode (virtually) that the Host Sensor EDE detects; activated in Alarmtool
ANS B
QUESTION 4
What term best describes the process of deploying a local EFP that only processes IDS events from the Network and Host Sensors directly attached to it?
A. Local Flow Processing (LFP)
B. IDS Data Partitioning
C. Strict Event Flow
D. Flexible Event Flow
ANS B
QUESTION 5
In the Host Sensor Event Alerting Engine (EAE), what is the function of Hexadecimal Screen Dump?
A. Redirects screen display (stdout) to a dragon.db file
B. For troubleshooting on UNIX platforms, allows Host Sensor to display events to the screen as they occur
C. In the event of a system compromise, copies (dumps) the attackers screen output to a log file for later analysis
D. In the event of a system compromise, initializes TCPDUMP on the Host Sensor terminal screen
ANS B
QUESTION 6
Given a scenario where you have created and deployed a Host Sensor policy for monitoring a specific Windows file for attribute changes (increased, truncated, etc.), what is the result if you try to delete this file while it is being monitored by Host Sensor?
A. The file will be deleted, and Host Sensor will log an event
B. The file will be deleted, and the operating system will experience a buffer overflow when Host Sensor next attempts to monitor this file
C. The file will not be deleted because Windows will report the file as being used by another person or program
D. Host Sensor will interrupt the file deletion request, log an attack, and send an Active Response to prevent further deletion attempts
ANS C
QUESTION 7
Which of the following best describes the generally recommended method for writing Dragon Network Sensor signatures?
A. Narrow the focus of the signature as much as possible, compare normal usage to abnormal usage, and create alerts for the abnormal usage
B. Detect an attack, scan the network for vulnerabilities, create appropriate signatures
C. Monitor network traffic with a sniffer, import sniffer filters into Dragon, and convert them into the appropriate Dragon signatures
D. Export your corporate security policy in ASCII format and import this file into the Dragon Host Sensor policy library signature conversion utility
ANS A
QUESTION 8
In what Dragon configuration file could you create additional Network Sensor event groups?
A. dragon.net
B. dragon.sigs
C. dragon.cfg
D. dragon.conf
E. driders.cfg
ANS D

 

2B0-023

 

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend