Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
Why is a network that deploys only IDS particularly vulnerable to an atomic attack? |
The IDS permits malicious single packets into the network. |
|
Which statement is true about an atomic alert that is generated by an IPS? |
It is an alert that is generated every time a specific signature has been found.
|
|
Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate? |
The public crypto key is invalid or entered incorrectly. |
|
What is a zero-day attack?
|
an attack that targets software vulnerabilities unknown or unpatched by the software vendor
|
|
An administrator is using CCP to modify a signature action so that if a match occurs, the packet and all future packets from the TCP flow are dropped. What action should the administrator select?
|
deny-connection-inline
|
|
What information is provided by the show ip ips configuration command?
|
the default actions for attack signatures
|
|
efer to the exhibit. What action will be taken if a signature match occurs? |
The packet will be allowed but an alert will be generated |
|
Which protocol is used when an IPS sends signature alarm messages?
|
SDEE, secure device event exchange
|
|
Refer to the exhibit. Which option tab on the CCP screen is used to view the Top Threats table and deploy signatures associated with those threats?
|
Security Dashboard
|
|
Refer to the exhibit. When an IPS signature action is to be modified via CCP, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.) |
Deny Attacker Inline Deny Connection Inline |
|
Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category? |
Only signatures in the ios_ips basic category will be compiled into memory for scanning.
|
|
Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
|
IOS-Sxxx-CLI.pkg
realm-cisco.pub.key.txt |
|
Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase Network database?
|
Global correlation
|
|
What is a disadvantage of network-based IPS as compared to host-based IPS?
|
Network-based IPS cannot examine encrypted traffic.
|
|
What is a disadvantage of a pattern-based detection mechanism? |
it cannot detect unknown attacks
however it is easy to deploy and does not depend on baseline configuration. |
|
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command? |
sub signature id. |
|
Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS? |
all traffic entering the s0/0/1 interface and all traffic entering and leaving the fa0/1 interface |
|
A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use?
|
show ip ips statistics |
|
A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature? |
medium |
|
Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem? |
issue the ip ips notify sdee command in global configuration. |
|
Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem? |
issue the ip ips notify sdee command in global configuration. |
|
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1? |
All traffic that is permitted by the ACL is subject to inspection by the IPS.
|
|
Refer to the exhibit. Based on the configuration commands that are shown, how will IPS event notifications be sent? |
syslog format, because of the key word log, the keyword sdee sends messages in sdee format |
|
Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.) |
addition of a signature risk rating |