Related Essays

  • Ipv6 Security Analysis

    Intrusion Detection Systems Intrusion Detection Systems (IDS), also a crucial mechanism of any network infrastructure. They monitor and analyze the incomin...

  • Costco Firewalls: A Case Study

    Firewalls can be deployed on a machine, router, or LAN switch for service, direction, user, and behavior control. The firewall categories are: packet filteri...

  • The Importance Of Cyber Attacks

    (Mimoso, 2016). Zero-day Attacks: Zero day attacks happen when a hacker or an attacker attacks the system or breach or compromise the data, and the develop...

  • Unit 3 Assignment 1 Network Traffic Analysis

    2) Network traffic shows that hundreds of hosts are constantly sending only SYN packets to a single Web server on campus. a. This type of traffic suggests...

  • Information Security Operation Center Case Analysis

    To protect a corporate from any network attack, it is critical that an organization should have an Incident Response team, who can help monitoring and detect...

  • Nessus: A Case Study

    the leader in continuous network monitoring, has been recognized as the winner of Frost & Sullivan’s 2015 Technology Innovation Award for the company’s marke...

  • Blue Moon Financial Incident Report

    It is the duty of the CIRT to respond to the issue rapidly and proficiently. The CIRT needs to stop the attack to prevent further damage. The team can util...

  • Information Security In Healthcare

    Intrusion detection systems (IDS) can screen the system to identify and eliminate security breaches. By installing necessary system security gadgets and prog...

  • Case Study: Monitoring IP Spoofing

    4. CONTROLLING IP SPOOFING IP addresses are unique addresses used to identify a node on the network. But the attackers have been able to fake or spoof their...

  • Intrusion Detection Systems Case Study

    avoiding such attacks such as Intrusion Detection System (IDS) which is the most popular method of defense [29]. A defense federation is used in [29] for g...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/24

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

24 Cards in this Set

  • Front
  • Back

Why is a network that deploys only IDS particularly vulnerable to an atomic attack?

The IDS permits malicious single packets into the network.

Which statement is true about an atomic alert that is generated by an IPS?
It is an alert that is generated every time a specific signature has been found.
Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate?

Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate?

The public crypto key is invalid or entered incorrectly.

What is a zero-day attack?
an attack that targets software vulnerabilities unknown or unpatched by the software vendor
An administrator is using CCP to modify a signature action so that if a match occurs, the packet and all future packets from the TCP flow are dropped. What action should the administrator select?
deny-connection-inline
What information is provided by the show ip ips configuration command?
the default actions for attack signatures
efer to the exhibit. What action will be taken if a signature match occurs?

efer to the exhibit. What action will be taken if a signature match occurs?

The packet will be allowed but an alert will be generated
Which protocol is used when an IPS sends signature alarm messages?
SDEE, secure device event exchange
Refer to the exhibit. Which option tab on the CCP screen is used to view the Top Threats table and deploy signatures associated with those threats?
Refer to the exhibit. Which option tab on the CCP screen is used to view the Top Threats table and deploy signatures associated with those threats?
Security Dashboard
Refer to the exhibit. When an IPS signature action is to be modified via CCP, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet an...

Refer to the exhibit. When an IPS signature action is to be modified via CCP, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.)

Deny Attacker Inline


Deny Connection Inline

Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category?

Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category?
Only signatures in the ios_ips basic category will be compiled into memory for scanning.
Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
IOS-Sxxx-CLI.pkg
realm-cisco.pub.key.txt
Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase Network database?
Global correlation
What is a disadvantage of network-based IPS as compared to host-based IPS?
Network-based IPS cannot examine encrypted traffic.

What is a disadvantage of a pattern-based detection mechanism?
it cannot detect unknown attacks

however it is easy to deploy and does not depend on baseline configuration.
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?

Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?

sub signature id.
Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS?

Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS?

all traffic entering the s0/0/1 interface and all traffic entering and leaving the fa0/1 interface
A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use?

show ip ips statistics

A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature?

medium
Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem?

Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem?

issue the ip ips notify sdee command in global configuration.

Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem?

issue the ip ips notify sdee command in global configuration.
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?

Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
All traffic that is permitted by the ACL is subject to inspection by the IPS.
Refer to the exhibit. Based on the configuration commands that are shown, how will IPS event notifications be sent?

Refer to the exhibit. Based on the configuration commands that are shown, how will IPS event notifications be sent?

syslog format, because of the key word log, the keyword sdee sends messages in sdee format

Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)

addition of a signature risk rating
support for encrypted signature parameters