Ips V7 Test C

20 Questions | Total Attempts: 94

SettingsSettingsSettings
Please wait...
Ips V7 Test C

Questions and Answers
  • 1. 
    What must be configured to enable Cisco IPS appliance reputation filtering and global correlation?
    • A. 

      DNS server(s) IP address

    • B. 

      Full sensor based network participation

    • C. 

      Trusted hosts settings

    • D. 

      External product interfaces settings

  • 2. 
    What is a best practice to follow before tuning a Cisco IPS signature?
    • A. 

      Disable all the alert actions on the signature to be tuned.

    • B. 

      Disable the signature to be tuned.

    • C. 

      Create a clone of the signature to be tuned.

    • D. 

      Increase the number of events required to trigger the signature to be tuned.

    • E. 

      Decrease the attention span (maximum inter-event interval) of the signature to be tuned

  • 3. 
    Which three statements about the Cisco IntelliShield Alert Manager are true? (Choose three.)
    • A. 

      Alert information is analyzed and validated by Cisco security analysts.

    • B. 

      Alert analysis is vendor-neutral.

    • C. 

      The built-in workflow system provides a mechanism for tracking vulnerability remediation and integration with Cisco Security Manager and Cisco Security MARS.

    • D. 

      Users can customize the notification to deliver tailored information relevant to the needs of the organization

    • E. 

      Customers are automatically subscribed to use Cisco SecurityIntelliShield Alert Manager Service with the Cisco IPS license.

    • F. 

      More than 10 report types are available within the Cisco SecurityIntelliShield Alert Manager Service.

  • 4. 
    Which two configurations are required on the Cisco IPS appliance to allow Cisco Security Manager to log into the Cisco IPS appliance? (Choose two.)
    • A. 

      Enable SNMPv2.

    • B. 

      Enable SSH access.

    • C. 

      Enable TLS/SSL to allow HTTPS access.

    • D. 

      Enable NTP.

    • E. 

      Enable Telnet access.

    • F. 

      Enable the IP address of the Cisco Security Manager server as an allowed host.

  • 5. 
    Which four statements about the blocking capabilities of the Cisco IPS appliance are true? (Choose four.)
    • A. 

      The three types of blocks are: host, connection, and network.

    • B. 

      Host and connection blocks can be initiated manually or automatically when a signature is triggered.

    • C. 

      Network blocks can only be initiated manually.

    • D. 

      The Device Login Profiles pane is used to configure the profiles that the network devices use when logging into the Cisco IPS appliance

    • E. 

      Multiple Cisco IPS appliances can forward their blocking requests to the master blocking sensor.

    • F. 

      Pre-Block and Post-Block ACLs are applicable for blocking or rate limiting.

  • 6. 
    OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value?
    • A. 

      TVR

    • B. 

      SFR

    • C. 

      ARR

    • D. 

      PD

    • E. 

      ASR

  • 7. 
    Which signature engine is recommended for creating a custom signature for packet header matching?
    • A. 

      MULTI-STRING

    • B. 

      FLOOD.HOST

    • C. 

      ATOMIC.IP

    • D. 

      SERVICE

    • E. 

      SWEEP

    • F. 

      META

  • 8. 
    On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.)
    • A. 

      Scanner threshold

    • B. 

      Packet per second rate limit

    • C. 

      Anomaly detection mode

    • D. 

      Histogram

    • E. 

      Total bytes transferred

  • 9. 
    Which four features are supported on the Cisco ASA AIP-SSM but are not supported on the Cisco ASA AIP-SSC? (Choose four.)
    • A. 

      Multiple virtual sensors

    • B. 

      Anomaly detection

    • C. 

      Promiscuous mode

    • D. 

      Custom signatures

    • E. 

      Fail open

    • F. 

      Global correlation

  • 10. 
    Which Cisco IPS appliance TCP session tracking mode should be used if packets of the same session are coming to the sensor over different interfaces, but should be treated as a single session?
    • A. 

      Interface and VLAN

    • B. 

      Virtual sensor

    • C. 

      VLAN only

    • D. 

      Promiscuous

    • E. 

      Normalizer

  • 11. 
    Which two Cisco IPS appliance features are implemented using input data from the Cisco SensorBase? (Choose two.)
    • A. 

      Global correlation

    • B. 

      Anomaly detection

    • C. 

      Reputation filters

    • D. 

      Botnet traffic filters

    • E. 

      OS fingerprinting

    • F. 

      Threat detection

  • 12. 
    Which four configuration elements can the virtual sensor of an Cisco IPS appliance have? (Choose four.)
    • A. 

      Interfaces or VLAN pairs

    • B. 

      IPS reputation filters

    • C. 

      Signature set definition

    • D. 

      Global correlation rules

    • E. 

      Event action rules (filters and overrides)

    • F. 

      Anomaly detection policy

  • 13. 
    Which value is not used by the Cisco IPS appliance in the risk rating calculation?
    • A. 

      Attack severity rating

    • B. 

      Target value rating

    • C. 

      Signature fidelity rating

    • D. 

      Promiscuous delta

    • E. 

      Threat rating adjustment

    • F. 

      Watch list rating

  • 14. 
    Refer to the exhibit. Which General settings under the Event Action Rule affect the risk rating calculations?
    • A. 

      Use Summarizer

    • B. 

      Use Meta Event Generator

    • C. 

      Use Threat Rating Adjustment

    • D. 

      Use Event Action Filters

    • E. 

      Enable One Way TCP Reset

  • 15. 
    In a centralized Cisco IPS appliance deployment, it may not be possible to connect an IPS appliance to every switch or segment in the network. So, an IPS appliance can be deployed to inspect traffic on ports that are located on multiple remote network switches. In this case, which two configurations required? (Choose two.)
    • A. 

      IPS promiscuous mode operations

    • B. 

      In-line IPS operations

    • C. 

      RSPAN

    • D. 

      SPAN

    • E. 

      HSRP

    • F. 

      SLB

  • 16. 
    Which three actions does the Cisco IDM custom signature wizard provide? (Choose three.)
    • A. 

      Selecting the signature engine to use or not to use any signature engine

    • B. 

      Selecting the Layer 3 or Layer 4 protocol that the sensor will use to match malicious traffic

    • C. 

      Selecting the attack relevancy rating

    • D. 

      Selecting the signature threat rating

    • E. 

      Selecting the scope of matching (for example, single packet)

  • 17. 
    You want your inline Cisco IPS appliance to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two parameters should you set to protect your DMZ servers in the most-time-efficient manner? (Choose two.)
    • A. 

      Event action filter

    • B. 

      Reputation filter

    • C. 

      Target value rating

    • D. 

      Signature fidelity rating

    • E. 

      Global correlation

    • F. 

      Event action override

  • 18. 
    Which Cisco IPS appliance feature is best used to detect these two conditions? 1) The network starts becoming congested by worm traffic. 2) A single worm-infected source enters the network and starts scanning for other vulnerable hosts.
    • A. 

      Global correlation

    • B. 

      Anomaly detection

    • C. 

      Reputation filtering

    • D. 

      Custom signature

    • E. 

      Meta signature

    • F. 

      Threat detection

  • 19. 
    What will happen if you try to recover the password on the Cisco IPS 4200 Series appliance on which password recovery is disabled?
    • A. 

      The GRUB menu will be disabled.

    • B. 

      The ROM monitor command to reset the password will be disabled.

    • C. 

      The password recovery process will proceed with no errors or warnings; however, the password is not reset.

    • D. 

      The Cisco IPS appliance will reboot immediately.

  • 20. 
    Which four networking tools does Cisco IME include that can be invoked for specific events, to learn more about attackers and victims using basic network reconnaissance? (Choose four.)
    • A. 

      Ping

    • B. 

      Traceroute

    • C. 

      Packet tracer

    • D. 

      Nslookup

    • E. 

      Whois

    • F. 

      Nmap

Back to Top Back to top