ES Dragon IDS
Exam Questions, Answers, Braindumps (2B0-018)
Hi, I got the names of some sites form here like www.exams.ws
. I followed the suggestions and I got all the questions.
Here are some of my questions as brain dumps.
Which of the following is NOT a typical function
of an Intrusion Detection System?
A. Monitors segment traffic to detect suspicious activity
B. Monitors network traffic and corrects attacks
C. Monitors traffic patterns to report on malicious
D. Monitors individual hosts (HIDS) or network segments
What two modes are available when installing
a Dragon Host Sensor?
A. Standalone and Enterprise
B. Local and Remote
C. Active and Standby
What is the recommended method to start all
installed Dragon components in Enterprise mode?
A. /dragon enterprise
B. /driders enterprise
C. /dragonctl start
D. /dragonctl enterprise
Which of the following is NOT a recommended
means for a Dragon Network Sensor to collect event
data over multiple switched links?
A. Port Redirection
B. Network Tap(s)
C. Port Trunking
D. Strategic deployment of multiple Dragon Network
Which of the following is required in order
for the Dragon installation script (install.pI) to
A. Dragon license key
B. Pre-configured user and group named dragon
C. Active link to the internet
What is one method of de-activating a Dragon
Policy Manager on a Linux host?
A. /dragonctl kill PolicyManager
B. /dragonctI kill policy-manager
C. /dragonctI stop PolicyManager
D. /dragonctI stop policy-manager
What is one drawback of deploying a single
Dragon Network Sensor on the inside (INTRAnet side)
of a firewall that is configured to only allow http
A. The Network Sensor will only see internet (external)
attacks that originate from outside the firewall
B. The Network Sensor will not see all internet (external)
attacks because the firewall will block the associated
C. The Network Sensor will only see intranet (internal)
attacks directed at port 80
D. The Network Sensor will not see intranet (internal)
Which is NOT a recommended means of securing
a Dragon Network Sensor host?
A. Install dual NICs; one with and IP address, the
other without an IP address
B. Install an O/S that supports VPN tunneling
C. Replace Telnet/FTP with Secure Shell
D. Turn off unnecessary O/S services
Which of the following best describes the
components that must be installed in order for a Dragon
Host Sensor for MS-Windows to successfully send event
data to a Dragon Policy Manager?
A. A Connection Manager on the DPM that the Host Sensor
for MS-Windows communicates with
B. A Connection Manager and an EFP on the DPM that
the Host Sensor for MS-Windows communicates with
C. A Connection Manager on the Host Sensor for MS-Windows
that the DPM communicates with
D. A Connection Manager and an EFP on the Host Sensor
for MS-Windows that the DPM communicates with
What is true regarding an installation of
a Dragon Network Sensor that will NOT be in contact
with a Dragon Policy Manager/Server?
A. You must install both the Dragon Rider Sensor and
Dragon Forensics Console components
B. You must not install either the Dragon Rider Sensor
or Dragon Forensics Console components
C. You do not need to install Dragon Rider Sensor,
but you should install Dragon Forensics Console
D. You do not need to install Dragon Forensics Console,
but you should install Dragon Rider Sensor
Which of the following Dragon configuration
files monitors IP payload fields and TCP/UDP network
Assuming proper installation of your Dragon
Network Sensor, which or the following best describes
a method you might use to correct a red icon displaying
in DPM for your Network Sensor?
A. Re-install the Dragon Network Sensor
B. Refresh the DPM Update Network Sensor web interface
C. Stop and re-start all Dragon programs
D. PING to/from the Network Sensors sensing interface
in order to activate it