Which one of the following command strings are correct Snort rules?

Which one of the following command strings are correct Snort rules?
A . alert tcp any any (msg:"IDS Rule 5 Triggered");
B . drop udp 10.40.1.74 anyany any (content: "root"; nocase; msg:"UDP not allowed");
C . pass tcp 443 443 -> any any (msg:"HTTP rule failure"; content: "https:";;)
D . alert icmp any any -> $HOME_NET any (msg:"ICMP rule triggered";)
E . drop vlan (content:"dot1q"; msg:"VLAN Trunking Violation";) -> any any $HOME_NET

View Answer

Answer: D