Professional Documents
Culture Documents
)
logging on
ip ips notify log
Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
2 IOS-Sxxx-CLI.bin
IOS-Sxxx-CLI.pkg XXX
IOS-Sxxx-CLI.sdf
realm-cisco.priv.key.txt
realm-cisco.pub.key.txt XXX
3 Why is a network that deploys only IDS particularly vulnerable to an atomic attack?
The IDS must track the three-way handshake of established TCP connections.
The IDS must track the three-way handshake of established UDP connections.
The IDS permits malicious single packets into the network. XXX
The IDS requires significant router resources to maintain the event horizon.
The stateful properties of atomic attacks usually require the IDS to have several pieces of data to match an attack signature.
Refer to the exhibit. Based on the SDM screen shown, which two actions will the signature take if an attack is detected? (Choose two.)
Reset the TCP connection to terminate the TCP flow.
Drop the packet and all future packets from this TCP flow.
Drop the packet and permit remaining packets from this TCP flow.
5 When editing IPS signatures with SDM, which action drops all future packets from a TCP flow?
Deny Packet Inline
Which type of intrusion detection triggers an action if excessive activity occurs beyond a specified threshold of normal activity?
7 pattern-based detection
anomaly-based detection
xxx
policy-based detection
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
A named ACL determines the traffic to be inspected.
All traffic that is denied by the ACL is subject to inspection by the IPS.
Xxx All traffic that is permitted by the ACL is subject to inspection by the IPS.
10
Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create an ACL that denies
all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP
flow? (Choose two.)
Deny Attacker Inline xxx
Produce Alert
1
2
Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray?
Cisco Security Agent is installed but inactive.
Cisco Security Agent is active and has detected a potential security problem.xxxxx
A network-based IPS sensor has pushed an alert to a host running Cisco Security Agent.
13 What information is provided by the show ip ips configuration configuration command?
detailed IPS signatures xxxxx
Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ips into memory and use it to scan
14 traffic?
15 Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)
addition of signature micro engines
Take Assessment - CCNAS Chapter 5 - CCNA Security: Implementing Network Security (Version 1.0)
Time Remaining:
16
Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog box shown. Which default action is taken
the user does not respond within 4 minutes and 20 seconds?
The action is allowed, and a log entry is recorded. xxxx
The action is allowed, and CSA does not prompt the user again.
17
Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and deploy signatures associated with thos
Create IPS
Edit IPS
IPS Migration
18 An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature
type does this describe?
1
9
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?
It is the alert severity.
20 What are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choose two.)
Configure all sensors to check the server for new signature packs at the same time to ensure that they are all synchronized.
Configure the sensors to simultaneously check the FTP server for new signature packs.
Ensure that signature levels that are supported on the management console are synchronized with the signature packs on the sensors
Update signature packs manually rather than automatically to maintain close control when setting up a large deployment of sensors.
Place signature packs on a dedicated FTP server within the management network.
xxx
16
Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog box shown. Which default action is taken
the user does not respond within 4 minutes and 20 seconds?
The action is allowed, and a log entry is recorded.
The action is allowed, and CSA does not prompt the user again.
17
Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and deploy signatures associated with thos
Create IPS
Edit IPS
Security Dashboard
IPS Migration
18 An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature typ
this describe?
Trigger: Anomaly-based detection
Type: Atomic signature
Trigger: Anomaly-based detection
Type: Composite signature
Trigger: Pattern-based detection
Type: Atomic signature
Trigger: Pattern-based detection
Type: Composite signature
Trigger: Policy-based detection
Type: Atomic signature
Trigger: Policy-based detection
Type: Composite signature
19
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?
It is the alert severity.
20 What are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choose two.)
Configure all sensors to check the server for new signature packs at the same time to ensure that they are all synchronized.
Configure the sensors to simultaneously check the FTP server for new signature packs.
Ensure that signature levels that are supported on the management console are synchronized with the signature packs on the sensors.
Update signature packs manually rather than automatically to maintain close control when setting up a large deployment of sensors.
Place signature packs on a dedicated FTP server within the management network.