Certified Ethical Hacker (CEH) — Question 114

Which of the following does proper basic configuration of snort as a network intrusion detection system require?

Answer options

• A. Limit the packets captured to the snort configuration file.
• B. Capture every packet on the network segment.
• C. Limit the packets captured to a single segment.
• D. Limit the packets captured to the /var/log/snort directory.

Correct answer: A

Explanation

The correct answer is A because limiting packet capture to the snort configuration file ensures that only relevant data is processed, optimizing performance. Options B and C are incorrect because capturing every packet or limiting to a single segment can lead to unnecessary data overhead. Option D is also wrong as it refers to a storage location rather than packet capture criteria.