乐档网，我分享,我快乐!
http://www.ledlh.cn/
本文档下载自乐档网，更多免费文档请访问网址 http://www.ledlh.cn
http://www.ledlh.cn/doc/info-d0e80a3543323968011c9226.html
CCNAS chapter 5 Exam
CCNAS 在线章节第五章答案
Cisco CCNA Security, chapter 5 Exam.
Questions and answers 100% correct.
1. An IPS sensor has detected the string confidential across multiple packets in a
TCP session. Which type of signature trigger and signature type does this describe?
Trigger: Anomaly-based detection
Type: Atomic signature
Trigger: Anomaly-based detection
Type: Composite signature
Trigger: Pattern-based detection
Type: Atomic signature
Trigger: Pattern-based detection
乐档网，我分享,我快乐!
http://www.ledlh.cn/
2. A network administrator tunes a signature to detect abnormal activity that might
be malicious and likely to be an immediate threat. What is the perceived severity
of the signature?
3.
What are two major drawbacks to using HIPS? (Choose two.)
HIPS has difficulty constructing an accurate network picture or coordinating the
events happening across the entire network.
HIPS installations are vulnerable to fragmentation attacks or variable TTL
attacks.
With HIPS, the network administor must verify support for all the different
operating systems used in the network.
乐档网，我分享,我快乐!
http://www.ledlh.cn/
If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms
of the traffic. With HIPS, the success or failure of an attack cannot be readily
determined. high medium low informational Type: Composite signature Trigger:
Policy-based detection Type: Atomic signature Trigger: Policy-based detection Type:
Composite signature
4. Which type of intrusion detection triggers an action if excessive activity occurs
beyond a specified threshold of normal activity?
5. Which two statements characterize a network-based IPS implementation? (Choose
two.)
It makes hosts visible to attackers.
It is unable to examine encrypted traffic.
It monitors to see if an attack was successful. It provides application-level
encryption protection.
乐档网，我分享,我快乐!
http://www.ledlh.cn/
It is independent of the operating system on hosts.
6. What information is provided by the show ip ips configuration configuration
command?
7. When editing IPS signatures with SDM, which action drops all future packets from
a TCP flow?
Deny Packet Inline Deny TCP Connection Deny Attacker Inline Deny Connection Inline
detailed IPS signatures alarms that were sent since the last reset the number of
packets that are audited the default actions for attack signatures pattern-based
detection anomaly-based detection policy-based detection honey pot-based detection
8.
Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA
displayed the dialog box shown. Which default action is taken by CSA if the user does
乐档网，我分享,我快乐!
http://www.ledlh.cn/
not respond within 4 minutes and 20 seconds?
9. The action is allowed, and a log entry is recorded. The action is allowed, and
CSA does not prompt the user again. The action is denied, and a log entry is recorded.
The action is denied, and the FlashPlayerUpdate.exe application is terminated.
Refer to the exhibit. When modifying an IPS signature action, which two check boxes
should be selected to create an ACL that denies all traffic from the IP address that
is considered the source of the attack and drops the packet and all future packets
from the TCP flow? (Choose two.)
Deny Attacker Inline
10
乐档网，我分享,我快乐!
http://www.ledlh.cn/
. Deny Connection Inline Deny Packet Inline Produce Alert Reset TCP Connection
Refer to the exhibit. What is the significance of the number 10 in the signature 6130
10 command?
11. What is a disadvantage of network-based IPS as compared to host-based IPS?
Network-based IPS is less cost-effective.
Network-based IPS cannot examine encrypted traffic.
Network-based IPS does not detect lower level network events.
Network-based IPS should not be used with multiple operating systems.
12. Which two files could be used to implement Cisco IOS IPS with version 5.x format
乐档网，我分享,我快乐!
http://www.ledlh.cn/
signatures? (Choose two.)
IOS-Sxxx-CLI.bin It is the alert severity. It is the signature number. It is the
signature version. It is the subsignature ID. It is the signature fidelity rating.
IOS-Sxxx-CLI.pkg
IOS-Sxxx-CLI.sdf
realm-cisco.priv.key.txt
realm-cisco.pub.key.txt
13. Why is a network that deploys only IDS particularly vulnerable to an atomic attack?
The IDS must track the three-way handshake of established TCP connections.
The IDS must track the three-way handshake of established UDP connections.
The IDS permits malicious single packets into the network.
The IDS requires significant router resources to maintain the event horizon.
14
乐档网，我分享,我快乐!
http://www.ledlh.cn/
. The stateful properties of atomic attacks usually require the IDS to have several
pieces of data to match an attack signature.
Refer to the exhibit. Based on the SDM screen shown, which two actions will the
signature take if an attack is detected? (Choose two.)
Reset the TCP connection to terminate the TCP flow. Drop the packet and all future
packets from this TCP flow. Generate an alarm message that can be sent to a syslog
server. Drop the packet and permit remaining packets from this TCP flow. Create an
ACL that denies traffic from the attacker IP address.
15. Which two Cisco IOS commands are required to enable IPS SDEE message logging?
(Choose
two.)
logging on ip ips notify log
乐档网，我分享,我快乐!
http://www.ledlh.cn/
ip http server
ip ips notify sdee
ip sdee events 500
16
.
Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top
Threats table and deploy signatures associated with those threats?
17. Which Cisco IOS configuration option instructs the IPS to compile a signature
category named ios_ips into memory and use it to scan traffic?
乐档网，我分享,我快乐!
http://www.ledlh.cn/
R1(config)# ip ips signature-category
R1(config-ips-category)# category all
R1(config-ips-category-action)# retired false
R1(config)# ip ips signature-category
R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# retired false
R1(config)# ip ips signature-category
R1(config-ips-category)# category all
R1(config-ips-category-action)# enabled true
R1(config)# ip ips signature-category
R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# enabled true Create IPS Edit IPS Security Dashboard
IPS Migration
乐档网，我分享,我快乐!
http://www.ledlh.cn/
18.
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on
router R1?
19. What are two IPS configuration best practices that can help improve IPS efficiency
in a network? (Choose two.)
Configure all sensors to check the server for new signature packs at the same
time to ensure that they are all synchronized.
Configure the sensors to simultaneously check the FTP server for new signature
packs.
Ensure that signature levels that are supported on the management console are
synchronized with the signature packs on the sensors.
Update signature packs manually rather than automatically to maintain close
乐档网，我分享,我快乐!
http://www.ledlh.cn/
control when setting up a large deployment of sensors.
Place signature packs on a dedicated FTP server within the management network.
20.
Refer to the exhibit. What is the significance of the small red flag waving in the
Windows system tray?
Cisco Security Agent is installed but inactive.
Network-based IPS is active and has detected a potential security problem.
Cisco
Security Agent is active and has detected a potential security problem.
21. Which two benefits does the IPS version 5.x signature format provide over the
version
4.x signature format? (Choose two.) A network-based IPS sensor has pushed an alert
to a host running Cisco Security Agent. A named ACL determines the traffic to be
inspected. A numbered ACL is applied to S0/0/0 in the outbound direction. All traffic
that is denied by the ACL is subject to inspection by the IPS. All traffic that is
permitted by the ACL is subject to inspection by the IPS.
乐档网，我分享,我快乐!
http://www.ledlh.cn/
addition of signature micro engines support for IPX and AppleTalk protocols addition
of a signature risk rating support for comma-delimited data import support for
encrypted signature parameters
乐档网-提供各行各业及小学、初中、高中、高等教育、工程科技、工程管理、
职场、商业合同等文档范文下载，所有范文免费分享，是您下载范文的首选网
站。
乐档网 http://www.ledlh.cn/