Instructions Work alone. You may not confer with other class members, or anyone else, directly or by e-mail or otherwise, regarding the questions, issues, or your answers. You may use your notes, assigned readings, Library resources, other published materials, the LEO online class site for this course, and Internet sources, keeping in mind your responsibility to give proper attribution to sources of material you use in your responses. The test is worth 25% of your grade for the course. It is scored on the basis of 100 points for the exam. For the short answer section, bear in mind that a clear concise response that directly answers the question asked is always preferable to providing large volumes of potentially relevant information in the hope that the “right” answer will somehow be included. Please be sure to read each question carefully to be sure you know what is being asked so that you can answer the question completely. When composing your answers to the essay questions, be thorough. Each essay asks you to consider multiple ideas and to actually address more than one subordinate questions, so make sure your answers are complete. Be sure to identify any assumptions you are making in developing your answers, and describe how your answer would change if the assumptions were different. While composing your answers to the essay questions, be very careful to cite your sources. It is easy to get careless and forget to footnote a source. Remember, failure to cite sources constitutes an academic integrity violation. Use APA style for citations and references. In preparing your exam for submission, please follow these instructions precisely: 1. Use this document as a template, i.e., fill in your answers in the indicated locations. 2. Modify the header to show your name. 3. Submit your completed exam as a Microsoft Word or RTF document via your LEO Assignment folder no later than 11:59 p.m. Eastern Standard Time on December 17, 2017. Late submissions may be subject to a grade penalty. Please submit questions regarding the exam to your instructor at [email protected]. If questions submitted via email are generic, your instructor will post them in the Final Exam Q&A forum, without revealing their source. Exam Questions Part 1: True or False Questions. (10 questions at 1 point each) 1. T F To have a Snort rule match on both inbound and outbound traffic, the rule should use the flow:to_server,from_client,established; option. Answer: _____ 2. T F Host-based IDS can be used to monitor compliance with corporate policies such as acceptable use of computer resources. Answer: _____ 3. T F An on-demand operational IDS model is not suitable if legally admissible data collection is required. Answer: _____ 4. T F Current criminal and civil procedure laws and rules of evidence do not apply to digital and electronic forms of evidence such as IDS logs. Answer: _____ 5. T F Snort unified output handling tools are used to off-.