Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 20

An engineer wants to review the packet overviews of SNORT alerts. When printing the SNORT alerts, all the packet headers are included, and the file is too large to utilize. Which action is needed to correct this problem?

Answer options

• A. Modify the alert rule to ג€output alert_syslog: output logג€
• B. Modify the output module rule to ג€output alert_quick: output filenameג€
• C. Modify the alert rule to ג€output alert_syslog: output headerג€
• D. Modify the output module rule to ג€output alert_fast: output filenameג€

Correct answer: D

Explanation

The correct answer is D because using the 'output alert_fast' option generates concise alerts without including unnecessary packet headers, thus reducing file size. Options A and C are incorrect as they do not limit the output to the essentials, while option B does not provide the required summarization format.