I would rename this Content Area "Network Intrusion Detection". Task 1 - Define the Work of a Intrustion Detection System. It's not clear to me what this means. It might be better to ask candidates to distinguish between signature-based IDS's and baseline-exception-based IDS's?
Task 5 - "Install Tripwire" - should be in Content Area 3 Task 7 - "Install AIDE" - should be in Content Area 3 Task 8 - "Install Ethereal" - Installation is where the story *begins*. Shouldn't we expect candidates to know how to use it, too? Task 9 - "Install nmap and /or Nessus" - possibly these belong in Content Area 2, which could be broadened in scope to "Security Validation"? Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
