Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)
A. By placing a # in front of the rule and restarting Snort.
B. By placing a pass rule in local.rules and restarting Snort.
C. By deleting the rule and waiting for Snort to reload its rules files automatically.
D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.
Looks A and B. In detail, “#” could be used to deactivate a rule, but snort never reloads rules automatically, it’s required to restart it or force a reload.
Ref. https://resources.infosecinstitute.com/snort-rules-workshop-part-one/
Correct are A and B
What about answer A. That works.
I think that they are A and B