2B0-023 : ES Advanced Dragon IDS Exam

2B0-023 Dumps
2B0-023 Braindumps
2B0-023 Real Questions
2B0-023 Practice Test
2B0-023 Actual Questions


Enterasys
2B0-023
ES Advanced Dragon IDS
https://killexams.com/pass4sure/exam-detail/2B0-023
Console to work properly?
A. MySQL
B. DBI
C. Nessus
D. DataShowTable
Answer: C
QUESTION: 42
From where does Dragon Trending Console import event data?
A. Dragon Ring Buffer
B. Dragon DB Agent
C. Dragon Export Log Agent
D. Dragon Trending Console Agent
Answer: C
QUESTION: 43
Which Dragon configuration file allows you to modify Dragon Ring Buffer
parameters?
A. /usr/dragon/dragon.cfg
B. /usr/dragon/tools/displayringstats
C. /usr/dragon/policymgr/driders.cfg
D. /usr/dragon/sensor/conf/dragon.net
Answer: A
QUESTION: 44
Given a scenario where an SSH session is already established between Host_A and
Server_B, what is the effect on the established session if you PUSH a SNIPER ACL
to a Network Sensor that is configured to block all SSH communication from Host_A?
15
A. The established session is immediately terminated, and all subsequent SSH
attempts from Host_A are denied
B. The established session is immediately terminated, and all subsequent SSH
attempts from Host_A are allowed
C. The established session remains active until the user terminates it, and all
subsequent SSH attempts from Host_A are denied
D. Host Sensor immediately logs an event and initiates strong monitoring on
Host_A, but allows all SSH to/from Host_A until an actual attack is detected
Answer: A
QUESTION: 45
What is the purpose of the rtu-mysql.pl script?
A. Tails the Dragon Export Log, parses the data, then imports the data into an SQL
database
B. Starts the MySQL programs and connects the Dragon DB Agent to the Dragon
Realtime Console Agent
C. Writes detected event data to a dragon.log file in ASCII format
D. Exports data from a MySQL database to a dragon.log file in ASCII format
Answer: A
QUESTION: 46
How can Dragon Workbench be configured to read a 'snoop' capture file on a Solaris
host?
A. No configuration necessary; Workbench will read a 'snoop' file natively
B. Add the SNOOP keyword to the dragon.net file
C. Add a 'SNOOP=1' entry to the dragon.cfg file
D. Run the /usr/dragon/install/config script and select the Workbench snoop option
Answer: B
QUESTION: 47
16
Which of the following are true with regard to the catchTrap utility?
A. Will conflict with Host Sensor if run concurrently
B. Is located in the /usr/dragon/policymgr/tools directory
C. Monitors SNMP Traps during the phase of defining a Host Sensor SNMP-trap
policy library
D. Provides SNMP alerting functionality for Dragon Alarmtool
E. Allows traps to be caught, parsed and displayed in much the same way that Host
Sensor will process them
F. Analyzes traps and generates NIDS events for any anomalies within an SNMPv1
or SNMPv3 trap
Answer: A, C, E
QUESTION: 48
Which of the following are true with regard to Dragon Workbench?
A. Allows Dragon to replay data contained in TCPDUMP trace/capture files with the
goal of tuning a Network Sensor prior to deployment
B. Can read data directly from the interface specified in the dragon.net file
C. Will create separate dragon.db files for each 24-hours worth of data contained in a
TCPDUMP trace/capture file
D. Allows Dragon to compensate for the Snap Length limitation of TCPDUMP
E. Can read data from Snoop trace/capture files
F. Can analyze data contained in TCPDUMP trace/capture files and generate events
based on anomalies
Answer: A, E, F
QUESTION: 49
What file must be present in the directory in which the 'reinstall' script is executed?
A. The dragon.cfg file
B. The config script
C. The Dragon software bundle in the .tar.gz format
D. The dragon.tar file after it has been extracted from the software bundle
17
Answer: D
QUESTION: 50
In UPN's 'Acceptable Use Policy', what proactive service is designed to complement a
Dragon IDS deployment?
A. Deny Spoofing
B. Deny Unsupported Protocol Access
C. Protocol Priority Access Control
D. Dragon RealTime Console
E. Threat Management
Answer: E



18

User: Nurul***** Clearing the 2B0-023 exam seemed unrealistic to me at first because the test factors were honestly extreme. However, the Killexams.com exam guide illuminated my shortcomings, and I was able to correctly answer 90 out of 100 questions. The top-notch exam simulator helped me pass the 2B0-023 exam with ease. I offer my gratitude to Killexams.com for providing these wonderful services.

User: Rasputin***** Killexams.com materials cover every aspect of the 2B0-023 exam, which is essential for those new to it. I needed to improve my understanding of 2B0-023, and Killexams.com practice tests helped me a lot. I passed the 2B0-023 exam with their assistance and have been recommending their services to my friends and colleagues.

User: Thomas***** To become 2b0-023 certified, I was determined to pass the exam after failing the last two attempts. Thankfully, I received Killexams.com material from my cousin. I was very impressed with the Questions and Answers material as I scored 89%. I am satisfied that I scored above the passing mark without any difficulty. The material was well-formatted and enriched with essential standards, making it an excellent choice for the exam.

User: Salvador***** Passing the 2b0-023 exam is a significant accomplishment, and I scored an impressive 87% thanks to killexams.com. Learning the material for the 2b0-023 exam was not easy, and with numerous complicated subjects to cover, I needed a boost in confidence. killexams.com provided me with exact questions that gave me the confidence to pass the exam, leading to an outstanding score of 84%. Although some of the questions were tricky, the matching answers from killexams.com helped me to select the correct answers.

User: Mildred***** As an IT professional, passing the 2b0-023 exam was vital for me, but due to time restraints, it was difficult to prepare adequately. However, the easy-to-memorize answers provided by Killexams.com made it simpler to prepare for the exam. I managed to complete all the questions correctly within the stipulated time.

---