Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

乐档网,我分享,我快乐! http://www.ledlh.cn/ 本文档下载自乐档网,更

advertisement 
乐档网,我分享,我快乐!
http://www.ledlh.cn/
本文档下载自乐档网,更多免费文档请访问网址 http://www.ledlh.cn
http://www.ledlh.cn/doc/info-b6eecced551810a6f52486ed.html
CCNAS Chapter 5
CCNA 安全
Refer to the exhibit. When modifying an IPS signature action, which two check boxes
should be selected to create an ACL that d
from the IP address that is considered the source of the attack and drops the packet
and all future packets from the TCP flow? (
Deny Attacker Inline
Deny Connection Inline
Deny Packet Inline
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Produce Alert
Reset TCP Connection
Why is a network that deploys only IDS particularly vulnerable to an atomic attack?
The IDS must track the three-way handshake of established TCP connections.
The IDS must track the three-way handshake of established UDP connections.
The IDS permits malicious single packets into the network.
The IDS requires significant router resources to maintain the event horizon.
The stateful properties of atomic attacks usually require the IDS to have several
pieces of data to match an attack signatur
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on
router R1?
A named ACL determines the traffic to be inspected.
A numbered ACL is applied to S0/0/0 in the outbound direction.
All traffic that is denied by the ACL is subject to inspection by the IPS.
All traffic that is permitted by the ACL is subject to inspection by the IPS.
Which two files could be used to implement Cisco IOS IPS with version 5.x format
signatures? (Choose two.)
IOS-Sxxx-CLI.bin
乐档网,我分享,我快乐!
http://www.ledlh.cn/
IOS-Sxxx-CLI.pkg
IOS-Sxxx-CLI.sdf
realm-cisco.priv.key.txt
realm-cisco.pub.key.txt
perceived severity of the signature?
high
medium
informational
low
乐档网,我分享,我快乐!
http://www.ledlh.cn/
A network administrator tunes a signature to detect abnormal activity that might be
malicious and likely to be an immediate threa
Which two benefits does the IPS version 5.x signature format provide over the version
4.x signature format? (Choose two.)
addition of signature micro engines
support for IPX and AppleTalk protocols
addition of a signature risk rating
support for comma-delimited data import
support for encrypted signature parameters
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose
two.)
logging on
ip ips notify log
ip http server
ip ips notify sdee
ip sdee events 500
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Refer to the exhibit. What is the significance of the number 10 in the signature 6130
10 command?
It is the alert severity.
It is the signature number.
It is the signature version.
It is the subsignature ID.
It is the signature fidelity rating.
What is a disadvantage of network-based IPS as compared to host-based IPS?
Network-based IPS is less cost-effective.
Network-based IPS cannot examine encrypted traffic.
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Network-based IPS does not detect lower level network events.
Network-based IPS should not be used with multiple operating systems.
What information is provided by the show ip ips configuration configuration command?
detailed IPS signatures
alarms that were sent since the last reset
the number of packets that are audited
the default actions for attack signatures
Which statement is true about an atomic alert that is generated by an IPS?
乐档网,我分享,我快乐!
http://www.ledlh.cn/
It is an alert that is generated every time a specific signature has been found.
It is a single alert sent for multiple occurrences of the same signature.
It is both a normal alarm and a summary alarm being sent simultaneously at set
intervals.
It is an alert that is used only when a logging attack has begun.
Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase
Network database?
event correlation
global correlation
IPS Manager Express
honeypot-based detection
security-independent operation
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Which protocol is used when an IPS sends signature alarm messages?
FTP
SDEE
SIO
SNMP
Refer to the exhibit. Based on the configuration that is shown, which statement is
true about the IPS signature category?
Only signatures in the ios_ips basic category will be compiled into memory for
scanning.
Only signatures in the ios_ips advanced category will be compiled into memory for
scanning.
All signature categories will be compiled into memory for scanning, but only those
signatures in the ios_ips basic category w scanning purposes.
All signatures categories will be compiled into memory for scanning, but only those
乐档网,我分享,我快乐!
http://www.ledlh.cn/
signatures within the ios_ips advanced be used for scanning purposes.
A network security administrator would like to check the number of packets that have
been audited by the IPS. What command administrator use?
show ip ips signatures
show ip ips interfaces
show ip ips statistics
show ip ips configuration
Refer to the exhibit. Based on the configuration commands that are shown, how will
IPS event notifications be sent?
乐档网,我分享,我快乐!
http://www.ledlh.cn/
HTTP format
SDEE format
syslog format
TFTP format
Refer to the exhibit. What action will be taken if a signature match occurs?
An ACL will be created that denies all traffic from the IP address that is considered
the source of the attack, and an alert w generated.
This packet and all future packets from this TCP flow will be dropped, and an alert
will be generated.
Only this packet will be dropped, and an alert will be generated.
乐档网,我分享,我快乐!
http://www.ledlh.cn/
The packet will be allowed, and an alert will be generated.
The packet will be allowed, and no alert will be generated.
dropped. What action should the administrator select?
An administrator is using CCP to modify a signature action so that if a match occurs,
the packet and all future packets from the
deny-attacker-inline
deny-connection-inline
deny-packet-inline
produce-alert
reset-tcp-connection
乐档网,我分享,我快乐!
http://www.ledlh.cn/
Refer to the exhibit. Based on the configuration, what traffic is inspected by the
IPS?
only traffic entering the s0/0/1 interface
all traffic entering or leaving the fa0/1 interface
only traffic traveling from the s0/0/1 interface to the fa0/1 interface
all traffic entering the s0/0/1 interface and all traffic leaving the fa0/1 interface
all traffic entering the s0/0/1 interface and all traffic entering and leaving the
fa0/1 interface
Refer to the exhibit. As an administrator is configuring an IPS,
that is shown appears. What does this error mindicate?
The signature definition file is invalid or outdated.
The public crypto key is invalid or entered incorrectly.
the error message
乐档网,我分享,我快乐!
http://www.ledlh.cn/
The flash directory where the IPS signatures should be stored is corrupt or
nonexistent.
SDEE notification is disabled and must be explicitly enabled.
乐档网-提供各行各业及小学、初中、高中、高等教育、工程科技、工程管理、
职场、商业合同等文档范文下载,所有范文免费分享,是您下载范文的首选网
站。
乐档网 http://www.ledlh.cn/
Related documents
DPI as a means of access segregation in a corporate
DPI as a means of access segregation in a corporate
Study Guide: CP Chemistry, Sections 3
Study Guide: CP Chemistry, Sections 3
iPS Generation Timeline
iPS Generation Timeline
Individual Placement and Support – Sussex
Individual Placement and Support – Sussex
Polytechnic Institute of Setúbal (11
Polytechnic Institute of Setúbal (11
liste des participants/list of participants
liste des participants/list of participants
Project Team Organization and Team Assignments
Project Team Organization and Team Assignments
Intelligent production System
Intelligent production System
Download
advertisement