Within a Snort rule, which one of the following statements best describes an event trigger?

Within a Snort rule, which one of the following statements best describes an event trigger?
A . The IPS engine compares a packet against the defined rules, and if that packets data matches all the conditions, then an event is triggered signaling a potential issue.
B . Events are triggered when the defined conditions partially match, causing the IPS engine to fire an alert.
C . An event is triggered only after the IPS engine compares the packet payloads against the known reputation database lists.
D . An event is triggered only after the IPS engine compares the header fields against the known reputation database lists.
E . Snort rules are not designed to trigger network alerts.

View Answer

Answer: A