Which action should you perform to enable or disable entire classes of rules through the snort.conf file?
Which preprocessor maintains connection state so that attacks that manifest over multiple packets in a session can be detected?