Exam Code : 2B0-023
Exam Name : ES Advanced Dragon IDS
Vendor Name :
"Enterasys"
2B0-023 Dumps
2B0-023 Braindumps 2B0-023 Real Questions 2B0-023 Practice Test
2B0-023 Actual Questions
killexams.com Enterasys 2B0-023
ES Advanced Dragon IDS
https://killexams.com/pass4sure/exam-detail/2B0-023
MySQL
DBI
Nessus
DataShowTable
From where does Dragon Trending Console import event data?
Dragon Ring Buffer
Dragon DB Agent
Dragon Export Log Agent
Dragon Trending Console Agent
Which Dragon configuration file allows you to modify Dragon Ring Buffer
parameters?
/usr/dragon/dragon.cfg
/usr/dragon/tools/displayringstats
/usr/dragon/policymgr/driders.cfg
/usr/dragon/sensor/conf/dragon.net
Given a scenario where an SSH session is already established between Host_A and
Server_B, what is the effect on the established session if you PUSH a SNIPER ACL to a Network Sensor that is configured to block all SSH communication from Host_A?
The established session is immediately terminated, and all subsequent SSH attempts from Host_A are denied
The established session is immediately terminated, and all subsequent SSH attempts from Host_A are allowed
The established session remains active until the user terminates it, and all subsequent SSH attempts from Host_A are denied
Host Sensor immediately logs an event and initiates strong monitoring on Host_A, but allows all SSH to/from Host_A until an actual attack is detected
What is the purpose of the rtu-mysql.pl script?
Tails the Dragon Export Log, parses the data, then imports the data into an SQL database
Starts the MySQL programs and connects the Dragon DB Agent to the Dragon
Realtime Console Agent
Writes detected event data to a dragon.log file in ASCII format
Exports data from a MySQL database to a dragon.log file in ASCII format
How can Dragon Workbench be configured to read a 'snoop' capture file on a Solaris
host?
No configuration necessary; Workbench will read a 'snoop' file natively
Add the SNOOP keyword to the dragon.net file
Add a 'SNOOP=1' entry to the dragon.cfg file
Run the /usr/dragon/install/config script and select the Workbench snoop option
Will conflict with Host Sensor if run concurrently
Is located in the /usr/dragon/policymgr/tools directory
Monitors SNMP Traps during the phase of defining a Host Sensor SNMP-trap policy library
Provides SNMP alerting functionality for Dragon Alarmtool
Allows traps to be caught, parsed and displayed in much the same way that Host
Sensor will process them
Analyzes traps and generates NIDS events for any anomalies within an SNMPv1
or SNMPv3 trap
Which of the following are true with regard to Dragon Workbench?
Allows Dragon to replay data contained in TCPDUMP trace/capture files with the goal of tuning a Network Sensor prior to deployment
Can read data directly from the interface specified in the dragon.net file
Will create separate dragon.db files for each 24-hours worth of data contained in a
TCPDUMP trace/capture file
Allows Dragon to compensate for the Snap Length limitation of TCPDUMP
Can read data from Snoop trace/capture files
Can analyze data contained in TCPDUMP trace/capture files and generate events
based on anomalies
What file must be present in the directory in which the 'reinstall' script is executed?
The dragon.cfg file
The config script
The Dragon software bundle in the .tar.gz format
The dragon.tar file after it has been extracted from the software bundle
In UPN's 'Acceptable Use Policy', what proactive service is designed to complement a Dragon IDS deployment?
Deny Spoofing
Deny Unsupported Protocol Access
Protocol Priority Access Control
Dragon RealTime Console
Threat Management