Which one of the following is the purpose of the content option, as shown below?

Which one of the following is the purpose of the content option, as shown below? alert tcp any any -> any any (msg:”Possible exploit”; content: “|90|”;)

Question:

Which one of the following is the purpose of the content option, as shown below?

Options:

The content option will trigger a drop action when it sees the decimal digit 90.

When Snort sees 0x90 in a packet’s payload, it will generate an alert indicating that a possible exploit is occurring.

The above Snort rule is not valid and has formatting errors.

The above Snort rule should contain a destination IP address to alert the network management server.

Correct Answer

The Correct Answer for this Question is

When Snort sees 0x90 in a packet’s payload, it will generate an alert indicating that a possible exploit is occurring.

Leave a Comment