Ips V7 Test A

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Keoka
K
Keoka
Community Contributor
Quizzes Created: 3 | Total Attempts: 555
| Attempts: 233
SettingsSettings
Please wait...
  • 1/20 Questions

    The custom signature ID of a Cisco IPS appliance has which range of values?

    • 10000 to 19999
    • 20000 to 29999
    • 50000 to 59999
    • 60000 to 65000
    • 80000 to 90000
    • 1 to 20000
Please wait...
Ips V7 Test A - Quiz
About This Quiz

Cisco IPS v7
These are multiple choice questions ONLY and does not cover drag and drop. Study hard and good luck!

Quiz Preview

  • 2. 

    Which statement about inline VLAN pair deployment with the Cisco IPS 4200 Series appliance is true?

    • The sensing interface acts as an 802.1q trunk port, and the Cisco IPS appliance performs VLAN translation between pairs of VLANs.

    • The Cisco IPS appliance connects to two physically distinct switches using two paired physical interfaces.

    • Two sensing interfaces connect to the same switch that forwards traffic between two VLANs.

    • The pair of sensing interfaces can be selectively divided (virtualized) into multiple logical "wires" by VLANs that can be analyzed separately.

    Correct Answer
    A. The sensing interface acts as an 802.1q trunk port, and the Cisco IPS appliance performs VLAN translation between pairs of VLANs.
    Explanation
    The correct answer states that in inline VLAN pair deployment with the Cisco IPS 4200 Series appliance, the sensing interface acts as an 802.1q trunk port. This means that the interface can carry traffic from multiple VLANs. The Cisco IPS appliance then performs VLAN translation between pairs of VLANs, allowing it to analyze and inspect the traffic between those VLANs. This setup enables the IPS appliance to monitor and protect traffic between different VLANs on the network.

    Rate this question:

  • 3. 

    When upgrading a Cisco IPS AIM or IPS NME using manual upgrade, what must be performed before installing the upgrade?

    • Disable the heartbeat reset on the router.

    • Enable fail-open IPS mode.

    • Enable the Router Blade Configuration Protocol.

    • Gracefully halt the operating system on the Cisco IPS AIM or IPS NME.

    Correct Answer
    A. Disable the heartbeat reset on the router.
    Explanation
    Before installing the upgrade for a Cisco IPS AIM or IPS NME using manual upgrade, it is necessary to disable the heartbeat reset on the router. This is important because the heartbeat reset feature automatically resets the IPS module if it stops responding. By disabling this feature, it ensures that the upgrade process is not interrupted or affected by any automatic resets.

    Rate this question:

  • 4. 

    In which CLI configuration mode is the Cisco IPS appliance management IP address configured?

    • Global configuration ips(config)#

    • Service network-access ips(config-net)#

    • Service host network-settings ips(config-hos-net)#

    • Service interface ips(config-int)#

    Correct Answer
    A. Service host network-settings ips(config-hos-net)#
    Explanation
    In the given CLI configuration, the Cisco IPS appliance management IP address is configured in the "service host network-settings" mode (ips(config-hos-net)#). This mode allows the user to configure various network settings for the host, including the management IP address.

    Rate this question:

  • 5. 

    Which option is best to use to capture only a subset of traffic (capturing traffic per-IP-address, per-protocol, or per-application) off the switch backplane and copy it to the Cisco IPS appliance?

    • SPAN

    • PBR

    • VACL

    • MPF

    • STP

    Correct Answer
    A. VACL
    Explanation
    VACL (VLAN Access Control List) is the best option to use in order to capture only a subset of traffic off the switch backplane and copy it to the Cisco IPS appliance. VACLs allow for granular control over network traffic by filtering based on IP address, protocol, or application. By configuring a VACL on the switch, specific traffic can be mirrored or copied to the Cisco IPS appliance for analysis and monitoring, while other traffic can continue to flow normally.

    Rate this question:

  • 6. 
    Refer to the exhibit. Which statement is true? - ProProfs

    Refer to the exhibit. Which statement is true?

    • A summary alert is sent once during each interval for each unique Summary Key entry.

    • An alert is generated each time the signature triggers.

    • This signature does not fire until three events are seen during 60 seconds with the same attacker and victim IP addresses and ports.

    • This signature is disabled by default.

    • When this signature triggers, the Cisco IPS appliance sends an SNMP trap for this event.

    Correct Answer
    A. This signature does not fire until three events are seen during 60 seconds with the same attacker and victim IP addresses and ports.
    Explanation
    The given statement is true. This signature will only trigger if three events are observed within a 60-second interval with the same attacker and victim IP addresses and ports.

    Rate this question:

  • 7. 

    Which three are global correlation network participation modes? (Choose three.)

    • Off

    • Partial participation

    • Reputation filtering

    • Detect

    • Full participation

    • Learning

    Correct Answer(s)
    A. Off
    A. Partial participation
    A. Full participation
    Explanation
    The correct answer choices for global correlation network participation modes are off, partial participation, and full participation. "Off" refers to the mode where there is no participation in the global correlation network. "Partial participation" means that only certain elements or entities participate in the network. "Full participation" indicates that all elements or entities actively participate in the global correlation network.

    Rate this question:

  • 8. 

    Which Cisco IPS NME interface is visible to the NME module but not visible in the router configuration and acts as the sensing interface of the NME module?

    • Ids-sensor 0/1 interface

    • Ids-sensor 1/0 interface

    • GigabitEthernet 0/1

    • GigabitEthernet 1/0

    • Management 0/1

    • Management 1/0

    Correct Answer
    A. GigabitEthernet 0/1
    Explanation
    The correct answer is "gigabitEthernet 0/1". This interface is visible to the NME module but not visible in the router configuration. It acts as the sensing interface of the NME module.

    Rate this question:

  • 9. 

    Which type of signature engine is best suited for creating custom signatures that inspect data at OSI Layer 5 and above?

    • Atomic

    • String

    • Sweep

    • Service

    • Meta

    • Flood

    Correct Answer
    A. Service
    Explanation
    The Service signature engine is best suited for creating custom signatures that inspect data at OSI Layer 5 and above. This is because the Service signature engine is designed to analyze and identify specific protocols and services being used in network traffic. By focusing on Layer 5 and above, the Service signature engine can accurately detect and classify different application-layer protocols, such as HTTP, FTP, SMTP, etc. This allows for more precise and targeted inspection of network traffic, enabling the identification of specific services and applications being used.

    Rate this question:

  • 10. 

    Which two switching-based mechanisms are used to deploy high availability IPS using multiple Cisco IPS appliances? (Choose two.)

    • Spanning Tree-based HA

    • HSRP-based HA

    • EtherChannel-based HA

    • VRRP-based HA

    Correct Answer(s)
    A. Spanning Tree-based HA
    A. EtherChannel-based HA
    Explanation
    The two switching-based mechanisms used to deploy high availability IPS using multiple Cisco IPS appliances are Spanning Tree-based HA and EtherChannel-based HA. Spanning Tree-based HA ensures redundancy and fault tolerance by preventing loops in the network and providing backup paths. EtherChannel-based HA combines multiple physical links into a single logical link, increasing bandwidth and providing load balancing and redundancy. HSRP-based HA and VRRP-based HA are not switching-based mechanisms but rather routing protocols used for providing redundancy and failover in a network.

    Rate this question:

  • 11. 

    Which statement about the 4-port GigabitEthernet card with hardware bypass is true?

    • Hardware bypass only works with inline interface pairs.

    • Hardware bypass is only supported on the Cisco IPS 4270 appliance.

    • Hardware bypass is independent from software bypass.

    • Hardware bypass is enabled if software bypass is configured to "OFF".

    • Hardware bypass is supported between any of the fourGigabitEthernet ports.

    Correct Answer
    A. Hardware bypass only works with inline interface pairs.
    Explanation
    Hardware bypass only works with inline interface pairs. This means that the hardware bypass feature is only applicable when the GigabitEthernet card is used in conjunction with inline interface pairs. It is not supported when the card is used in other configurations or with other types of interfaces.

    Rate this question:

  • 12. 

    Which four types of interface modes are available on the Cisco IPS 4200 Series appliance? (Choose four.)

    • Promiscuous

    • Inline TAP

    • Inline interface

    • Inline VLAN pair

    • VLAN groups

    • Bypass

    Correct Answer(s)
    A. Promiscuous
    A. Inline interface
    A. Inline VLAN pair
    A. VLAN groups
    Explanation
    The Cisco IPS 4200 Series appliance offers four types of interface modes: promiscuous, inline interface, inline VLAN pair, and VLAN groups. The promiscuous mode allows the IPS to monitor the network traffic by connecting to a span port on a switch. The inline interface mode enables the IPS to be placed directly in the network traffic path, actively inspecting and blocking suspicious traffic. The inline VLAN pair mode allows the IPS to monitor and control traffic between two VLANs. VLAN groups mode enables the IPS to monitor and control traffic across multiple VLANs.

    Rate this question:

  • 13. 

    You are working with Cisco TAC to troubleshoot a software problem on the Cisco IPS appliance. TAC suspects a fault with the NotificationApp software module in the Cisco IPS appliance. In this case, which Cisco IPS appliance operations may be most affected by the NotificationApp software module fault?

    • SNMP

    • IDM or IME

    • Global correlation

    • Remote blocking

    • Anomaly detection

    • SDEE

    Correct Answer
    A. SNMP
    Explanation
    The SNMP (Simple Network Management Protocol) operation may be most affected by the NotificationApp software module fault. SNMP is a protocol used for managing and monitoring network devices. If there is a fault with the NotificationApp software module, it could potentially impact the ability to collect and transmit SNMP data, leading to issues with network management and monitoring.

    Rate this question:

  • 14. 

    Which four statements about Cisco IPS appliance anomaly detection histograms are true? (Choose four.)

    • Histograms are learned or configured manually.

    • Destination IP address row is the same for all histograms.

    • Source IP address row can be learned or configured.

    • Anomaly detection only builds a single histogram for all services in a zone.

    • You can enable a separate histogram and scanner threshold for specific services, or use the default one for all other services.

    • Anomaly detection histograms only track source (attacker) IP addresses.

    Correct Answer(s)
    A. Histograms are learned or configured manually.
    A. Destination IP address row is the same for all histograms.
    A. Source IP address row can be learned or configured.
    A. You can enable a separate histogram and scanner threshold for specific services, or use the default one for all other services.
    Explanation
    The given answer is correct because it accurately identifies the four true statements about Cisco IPS appliance anomaly detection histograms. According to the answer, histograms can be learned or configured manually, the destination IP address row is the same for all histograms, the source IP address row can be learned or configured, and it is possible to enable a separate histogram and scanner threshold for specific services or use the default one for all other services.

    Rate this question:

  • 15. 

    What is the correct regular expression to match a URI request equal to /test.exe?

    • /test.exe

    • Vtest\.exe

    • /test\.exe

    • */test\.exe

    • \*/test\.exe

    • */test.exe

    Correct Answer
    A. /test\.exe
    Explanation
    The correct regular expression to match a URI request equal to "/test.exe" is "/test\.exe". In regular expressions, the backslash (\) is used to escape special characters, and the dot (.) is a special character that matches any character. Therefore, by adding a backslash before the dot, we are specifically looking for the exact string "/test.exe".

    Rate this question:

  • 16. 

    What are the three anomaly detection modes? (Choose three.)

    • Detect

    • Active

    • Inactive

    • Learn

    • Full

    • Partial

    Correct Answer(s)
    A. Detect
    A. Inactive
    A. Learn
    Explanation
    The three anomaly detection modes are detect, inactive, and learn. "Detect" mode is used to actively monitor for any anomalies or deviations from the normal behavior. "Inactive" mode refers to the state where the anomaly detection system is not actively monitoring for anomalies. "Learn" mode is used to train the system and gather data on normal behavior in order to establish a baseline for future anomaly detection.

    Rate this question:

  • 17. 

    Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.)

    • Subtract all aggressive actions using event action filters.

    • Enable anomaly detection learning mode.

    • Enable verbose alerts using event action overrides.

    • Decrease the number of events required to trigger the signature.

    • Increase the maximum inter-event interval of the signature.

    Correct Answer(s)
    A. Subtract all aggressive actions using event action filters.
    A. Enable verbose alerts using event action overrides.
    Explanation
    To configure a Cisco IPS signature set into detection mode and reduce false positives, two methods can be used together. The first method is to subtract all aggressive actions using event action filters. This means that any aggressive actions triggered by the signature set will be ignored, reducing the chances of false positives. The second method is to enable verbose alerts using event action overrides. This allows for more detailed and informative alerts to be generated, providing better visibility into potential threats and reducing the likelihood of false positives. Using these two methods in combination helps to fine-tune the Cisco IPS appliance and improve its detection capabilities.

    Rate this question:

  • 18. 

    What are four properties of an IPS signature? (Choose four.)

    • Reputation rating

    • Fidelity rating

    • Summarization strategy

    • Signature engine

    • Global correlation mode

    • Signature ID and signature status

    Correct Answer(s)
    A. Fidelity rating
    A. Summarization strategy
    A. Signature engine
    A. Signature ID and signature status
    Explanation
    The four properties of an IPS signature are fidelity rating, summarization strategy, signature engine, and signature ID and signature status. The fidelity rating indicates the accuracy and reliability of the signature in detecting threats. The summarization strategy determines how the IPS handles multiple instances of the same signature. The signature engine is responsible for analyzing network traffic and comparing it against signatures. The signature ID and status provide identification and information about the specific signature being used.

    Rate this question:

  • 19. 

    Which four parameters are used to configure how often the Cisco IPS appliance generates alerts when a signature is firing? (Choose four.)

    • Summary mode

    • Summary interval

    • Event count key

    • Global summary threshold

    • Summary key

    • Event count

    • Summary count

    • Event alert mode

    Correct Answer(s)
    A. Summary mode
    A. Summary interval
    A. Global summary threshold
    A. Event count
    Explanation
    The four parameters used to configure how often the Cisco IPS appliance generates alerts when a signature is firing are summary mode, summary interval, global summary threshold, and event count. The summary mode determines whether alerts are generated for individual events or summarized events. The summary interval sets the time interval for summarizing events. The global summary threshold determines the minimum number of events required for a summary to be generated. The event count specifies the maximum number of events to be included in a summary.

    Rate this question:

  • 20. 

    Which three Cisco IPS cross-launch capabilities do Cisco Security Manager and Cisco Security MARS support? (Choose three.)

    • Edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query.

    • Create custom signatures in Cisco Security Manager from a Cisco Security MARS query.

    • Create event action filters in Cisco Security Manager from a Cisco Security MARS query.

    • Create a Cisco Security MARS drop rule from Cisco Security Manager policy.

    • Create a Cisco Security MARS user inspection rule from Cisco Security Manager policy.

    • Query Cisco Security MARS from Cisco Security Manager policy.

    Correct Answer(s)
    A. Edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query.
    A. Create event action filters in Cisco Security Manager from a Cisco Security MARS query.
    A. Query Cisco Security MARS from Cisco Security Manager policy.
    Explanation
    Cisco Security Manager and Cisco Security MARS support three cross-launch capabilities. First, they allow users to edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query, enabling them to modify and customize the IPS signatures. Second, they enable users to create event action filters in Cisco Security Manager from a Cisco Security MARS query, allowing them to filter and manage events based on specific criteria. Lastly, they allow users to query Cisco Security MARS from Cisco Security Manager policy, providing a seamless integration between the two platforms for monitoring and managing security events.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Apr 03, 2012
    Quiz Created by
    Keoka
Back to Top Back to top
Advertisement