GAQM Exam CPEH-001 Topic 2 Question 43 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 43
Topic #: 2

[All CPEH-001 Questions]

Which of the following snort rules look for FTP root login attempts?

Aalert tcp -> any port 21 (msg:'user root';)

Balert tcp -> any port 21 (message:'user root';)

Calert ftp -> ftp (content:'user password root';)

Dalert tcp any any -> any any 21 (content:'user root';)

Show Suggested Answer

Suggested Answer: D

The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:''user root'';)

by Kristofer at May 08, 2022, 09:37 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!