Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?
Based on the partial appdefstrig rile listed below, which port scan signature is classified by AMap as harmful?
Amap classifies a port scan signature as harmful when the tcp flag is set to 1. In the provided appdefstrig file, only the ms-remote-desktop-protocol has the tcp flag set to 1, indicated by 'tcp:1'. Therefore, the ms-remote-desktop-protocol is the harmful port scan signature according to AMap.
The correct answer is D. According to the format of the amap appdefs.trig file, the harmful flag is next to the protocol. So only the ms-remote-desktop-protocol with tcp:1 will be marked as harmful.