Cisco IPS v7
These are multiple choice questions ONLY and does not cover drag and drop. Study hard and good luck!
The sensing interface acts as an 802.1q trunk port, and the Cisco IPS appliance performs VLAN translation between pairs of VLANs.
The Cisco IPS appliance connects to two physically distinct switches using two paired physical interfaces.
Two sensing interfaces connect to the same switch that forwards traffic between two VLANs.
The pair of sensing interfaces can be selectively divided (virtualized) into multiple logical "wires" by VLANs that can be analyzed separately.
Rate this question:
Disable the heartbeat reset on the router.
Enable fail-open IPS mode.
Enable the Router Blade Configuration Protocol.
Gracefully halt the operating system on the Cisco IPS AIM or IPS NME.
Rate this question:
Global configuration ips(config)#
Service network-access ips(config-net)#
Service host network-settings ips(config-hos-net)#
Service interface ips(config-int)#
Rate this question:
SPAN
PBR
VACL
MPF
STP
Rate this question:
A summary alert is sent once during each interval for each unique Summary Key entry.
An alert is generated each time the signature triggers.
This signature does not fire until three events are seen during 60 seconds with the same attacker and victim IP addresses and ports.
This signature is disabled by default.
When this signature triggers, the Cisco IPS appliance sends an SNMP trap for this event.
Rate this question:
Off
Partial participation
Reputation filtering
Detect
Full participation
Learning
Rate this question:
Ids-sensor 0/1 interface
Ids-sensor 1/0 interface
GigabitEthernet 0/1
GigabitEthernet 1/0
Management 0/1
Management 1/0
Rate this question:
Atomic
String
Sweep
Service
Meta
Flood
Rate this question:
Spanning Tree-based HA
HSRP-based HA
EtherChannel-based HA
VRRP-based HA
Rate this question:
Hardware bypass only works with inline interface pairs.
Hardware bypass is only supported on the Cisco IPS 4270 appliance.
Hardware bypass is independent from software bypass.
Hardware bypass is enabled if software bypass is configured to "OFF".
Hardware bypass is supported between any of the fourGigabitEthernet ports.
Rate this question:
Promiscuous
Inline TAP
Inline interface
Inline VLAN pair
VLAN groups
Bypass
Rate this question:
SNMP
IDM or IME
Global correlation
Remote blocking
Anomaly detection
SDEE
Rate this question:
Histograms are learned or configured manually.
Destination IP address row is the same for all histograms.
Source IP address row can be learned or configured.
Anomaly detection only builds a single histogram for all services in a zone.
You can enable a separate histogram and scanner threshold for specific services, or use the default one for all other services.
Anomaly detection histograms only track source (attacker) IP addresses.
Rate this question:
/test.exe
Vtest\.exe
/test\.exe
*/test\.exe
\*/test\.exe
*/test.exe
Rate this question:
Detect
Active
Inactive
Learn
Full
Partial
Rate this question:
Subtract all aggressive actions using event action filters.
Enable anomaly detection learning mode.
Enable verbose alerts using event action overrides.
Decrease the number of events required to trigger the signature.
Increase the maximum inter-event interval of the signature.
Rate this question:
Reputation rating
Fidelity rating
Summarization strategy
Signature engine
Global correlation mode
Signature ID and signature status
Rate this question:
Summary mode
Summary interval
Event count key
Global summary threshold
Summary key
Event count
Summary count
Event alert mode
Rate this question:
Edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query.
Create custom signatures in Cisco Security Manager from a Cisco Security MARS query.
Create event action filters in Cisco Security Manager from a Cisco Security MARS query.
Create a Cisco Security MARS drop rule from Cisco Security Manager policy.
Create a Cisco Security MARS user inspection rule from Cisco Security Manager policy.
Query Cisco Security MARS from Cisco Security Manager policy.
Rate this question:
Quiz Review Timeline (Updated): Mar 21, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.