Ips V7 Test C

  • ISO/IEC 27001
  • NIST SP 800-53
Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Keoka
K
Keoka
Community Contributor
Quizzes Created: 3 | Total Attempts: 560
| Attempts: 121 | Questions: 20
Please wait...
Question 1 / 20
0 %
0/100
Score 0/100
1. What will happen if you try to recover the password on the Cisco IPS 4200 Series appliance on which password recovery is disabled?

Explanation

If password recovery is disabled on the Cisco IPS 4200 Series appliance, attempting to recover the password will not result in any errors or warnings. However, the password will not be reset. This means that even though the process will proceed smoothly without any indications of failure, the password will remain unchanged and the user will not be able to regain access to the appliance through password recovery.

Submit
Please wait...
About This Quiz
Ips V7 Test C - Quiz

IPS v7 Test C assesses knowledge on configuring Cisco IPS appliances for reputation filtering, signature tuning, and understanding IntelliShield Alert Manager. It evaluates skills necessary for secure network management and threat mitigation.

Personalize your quiz and earn a certificate with your name on it!
2. OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value?

Explanation

OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate the ARR value.

Submit
3. Which Cisco IPS appliance TCP session tracking mode should be used if packets of the same session are coming to the sensor over different interfaces, but should be treated as a single session?

Explanation

The virtual sensor mode should be used if packets of the same session are coming to the sensor over different interfaces but should be treated as a single session. In virtual sensor mode, the Cisco IPS appliance can monitor multiple interfaces and VLANs as a single logical entity, allowing it to track and analyze the packets of the same session regardless of the interface they are coming from. This ensures that the IPS appliance can effectively detect and respond to any potential threats or anomalies within the session, regardless of the network path taken by the packets.

Submit
4. Refer to the exhibit. Which General settings under the Event Action Rule affect the risk rating calculations?

Explanation

The General setting "Use Threat Rating Adjustment" affects the risk rating calculations in the Event Action Rule. This setting allows for the adjustment of the threat rating based on certain criteria, such as the source or destination IP address, the event severity, or the event type. By enabling this setting, the risk rating can be adjusted accordingly, resulting in a more accurate assessment of the level of risk associated with the event.

Submit
5. What must be configured to enable Cisco IPS appliance reputation filtering and global correlation?

Explanation

To enable Cisco IPS appliance reputation filtering and global correlation, the DNS server(s) IP address must be configured. This is because reputation filtering and global correlation require the Cisco IPS appliance to communicate with DNS servers to perform reputation lookups and correlate information. By configuring the DNS server(s) IP address, the Cisco IPS appliance can access the necessary information to effectively filter and correlate network traffic.

Submit
6. Which value is not used by the Cisco IPS appliance in the risk rating calculation?

Explanation

The Cisco IPS appliance uses various factors to calculate the risk rating, including the attack severity rating, target value rating, signature fidelity rating, promiscuous delta, and watch list rating. However, the threat rating adjustment is not used in the risk rating calculation.

Submit
7. Which signature engine is recommended for creating a custom signature for packet header matching?

Explanation

The recommended signature engine for creating a custom signature for packet header matching is ATOMIC.IP. This engine is specifically designed to match against the IP header of packets and is commonly used for creating signatures that detect specific IP addresses or ranges. It allows for precise matching based on IP addresses, making it ideal for creating custom signatures that target specific network traffic.

Submit
8. Which Cisco IPS appliance feature is best used to detect these two conditions? 1) The network starts becoming congested by worm traffic. 2) A single worm-infected source enters the network and starts scanning for other vulnerable hosts.

Explanation

Anomaly detection is the best feature to detect these two conditions. Anomaly detection monitors network traffic and identifies any abnormal or unusual behavior. In the first condition, when the network starts becoming congested by worm traffic, anomaly detection can detect the sudden increase in network traffic and identify it as an anomaly. In the second condition, when a single worm-infected source enters the network and starts scanning for other vulnerable hosts, anomaly detection can detect the unusual scanning behavior and identify it as an anomaly. Therefore, anomaly detection is the most suitable feature to detect these conditions.

Submit
9. Which two configurations are required on the Cisco IPS appliance to allow Cisco Security Manager to log into the Cisco IPS appliance? (Choose two.)

Explanation

To allow Cisco Security Manager to log into the Cisco IPS appliance, two configurations are required. The first is to enable TLS/SSL to allow HTTPS access, which ensures secure communication between the two devices. The second configuration is to enable the IP address of the Cisco Security Manager server as an allowed host, which allows the server to establish a connection with the IPS appliance. These configurations ensure that the communication between the devices is secure and authorized.

Submit
10. Which four networking tools does Cisco IME include that can be invoked for specific events, to learn more about attackers and victims using basic network reconnaissance? (Choose four.)

Explanation

Cisco IME includes four networking tools that can be invoked for specific events to learn more about attackers and victims using basic network reconnaissance. These tools are ping, traceroute, nslookup, and whois. Ping is used to test connectivity between devices, traceroute helps identify the path packets take through a network, nslookup is used to query DNS servers for information about domain names, and whois provides information about the owner of a domain name. These tools can provide valuable information for analyzing network traffic and identifying potential threats.

Submit
11. Which four statements about the blocking capabilities of the Cisco IPS appliance are true? (Choose four.)

Explanation

The correct answer is that the three types of blocks are host, connection, and network. Host and connection blocks can be initiated manually or automatically when a signature is triggered. Network blocks can only be initiated manually. Multiple Cisco IPS appliances can forward their blocking requests to the master blocking sensor. This means that the Cisco IPS appliance has the capability to block hosts, connections, and networks, and these blocks can be initiated manually or automatically. Additionally, multiple appliances can work together to forward their blocking requests to a central blocking sensor.

Submit
12. On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.)

Explanation

The anomaly detection knowledge base on the Cisco IPS appliance stores information about the scanner threshold and histogram for each service. The scanner threshold helps determine the maximum number of scans that can be performed by a service, while the histogram provides a statistical representation of the frequency distribution of events. These two types of information are crucial for identifying and analyzing anomalies in network traffic.

Submit
13. In a centralized Cisco IPS appliance deployment, it may not be possible to connect an IPS appliance to every switch or segment in the network. So, an IPS appliance can be deployed to inspect traffic on ports that are located on multiple remote network switches. In this case, which two configurations required? (Choose two.)

Explanation

In a centralized Cisco IPS appliance deployment, where it may not be possible to connect an IPS appliance to every switch or segment in the network, two configurations are required. The first configuration is IPS promiscuous mode operations, which allow the IPS appliance to monitor and inspect traffic on ports located on multiple remote network switches. The second configuration is RSPAN (Remote Switched Port Analyzer), which enables the IPS appliance to receive a copy of the network traffic from remote switches for analysis and inspection. These two configurations together facilitate effective traffic monitoring and inspection in a centralized IPS deployment.

Submit
14. Which three actions does the Cisco IDM custom signature wizard provide? (Choose three.)

Explanation

The Cisco IDM custom signature wizard provides three actions. Firstly, it allows the user to select the signature engine to use or choose not to use any signature engine. Secondly, it enables the user to select the Layer 3 or Layer 4 protocol that the sensor will use to match malicious traffic. Lastly, it allows the user to select the scope of matching, such as a single packet. These actions help customize the signature detection and matching process to suit the user's specific requirements and network environment.

Submit
15. Which four configuration elements can the virtual sensor of an Cisco IPS appliance have? (Choose four.)

Explanation

The virtual sensor of a Cisco IPS appliance can have the following four configuration elements: interfaces or VLAN pairs, signature set definition, event action rules (filters and overrides), and anomaly detection policy. These elements allow the virtual sensor to monitor and analyze network traffic, detect and prevent security threats, and take appropriate actions based on the configured rules and policies. The interfaces or VLAN pairs define the network segments to be monitored, the signature set definition includes the rules to identify specific attacks, the event action rules determine the actions to be taken when an event is detected, and the anomaly detection policy helps in identifying abnormal behavior in the network.

Submit
16. You want your inline Cisco IPS appliance to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two parameters should you set to protect your DMZ servers in the most-time-efficient manner? (Choose two.)

Explanation

To protect the DMZ servers in the most-time-efficient manner, you should set the "target value rating" parameter. This parameter allows you to prioritize the severity of different types of packets, ensuring that the most severe risks are addressed first. Additionally, you should set the "event action override" parameter, which allows you to customize the actions taken by the IPS appliance in response to specific events. By setting these two parameters, you can ensure that the most critical packets are dropped promptly and that the appropriate actions are taken to protect your DMZ servers efficiently.

Submit
17. Which four features are supported on the Cisco ASA AIP-SSM but are not supported on the Cisco ASA AIP-SSC? (Choose four.)

Explanation

The Cisco ASA AIP-SSM supports multiple virtual sensors, anomaly detection, custom signatures, and global correlation. These features allow for better threat detection and prevention. Multiple virtual sensors enable the ASA AIP-SSM to monitor different network segments separately. Anomaly detection helps identify abnormal behavior and potential attacks. Custom signatures allow for the creation of specific rules to detect unique threats. Global correlation enables the ASA AIP-SSM to share threat intelligence with other devices in the network. These features are not supported on the Cisco ASA AIP-SSC, limiting its capabilities in threat detection and prevention.

Submit
18. Which two Cisco IPS appliance features are implemented using input data from the Cisco SensorBase? (Choose two.)

Explanation

The Cisco SensorBase is a central repository of threat information that collects and analyzes data from various sources. It provides information about the reputation of IP addresses, URLs, and domains. Global correlation is a feature that uses this information to correlate events and identify global attack patterns. Reputation filters, on the other hand, use the SensorBase data to block traffic from known malicious sources. Therefore, both global correlation and reputation filters are implemented using input data from the Cisco SensorBase.

Submit
19. Which three statements about the Cisco IntelliShield Alert Manager are true? (Choose three.)

Explanation

The Cisco IntelliShield Alert Manager analyzes and validates alert information through the expertise of Cisco security analysts. This ensures that the alerts provided are accurate and reliable. The alert analysis is also vendor-neutral, meaning it does not favor any specific vendor or product. This allows for unbiased and comprehensive analysis of security threats. Additionally, users have the ability to customize notifications, tailoring them to the specific needs and requirements of their organization. This enhances the effectiveness and relevance of the alert system.

Submit
20. What is a best practice to follow before tuning a Cisco IPS signature?

Explanation

Before tuning a Cisco IPS signature, it is best practice to disable all the alert actions on the signature to be tuned. This is because tuning a signature involves making adjustments to the sensitivity or behavior of the signature, and if the alert actions are enabled, it could potentially generate unnecessary alerts or actions during the tuning process. By disabling the alert actions, it allows for a more controlled and focused tuning process without generating any unwanted alerts or actions.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Apr 04, 2012
    Quiz Created by
    Keoka
Cancel
  • All
    All (20)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
What will happen if you try to recover the password on the Cisco IPS...
OS mappings associate IP addresses with an OS type, which in turn...
Which Cisco IPS appliance TCP session tracking mode should be used if...
Refer to the exhibit. Which General settings under the Event Action...
What must be configured to enable Cisco IPS appliance reputation...
Which value is not used by the Cisco IPS appliance in the risk rating...
Which signature engine is recommended for creating a custom signature...
Which Cisco IPS appliance feature is best used to detect these two...
Which two configurations are required on the Cisco IPS appliance to...
Which four networking tools does Cisco IME include that can be invoked...
Which four statements about the blocking capabilities of the Cisco IPS...
On the Cisco IPS appliance, the anomaly detection knowledge base is...
In a centralized Cisco IPS appliance deployment, it may not be...
Which three actions does the Cisco IDM custom signature wizard...
Which four configuration elements can the virtual sensor of an Cisco...
You want your inline Cisco IPS appliance to drop packets that pose the...
Which four features are supported on the Cisco ASA AIP-SSM but are not...
Which two Cisco IPS appliance features are implemented using input...
Which three statements about the Cisco IntelliShield Alert Manager are...
What is a best practice to follow before tuning a Cisco IPS signature?
Alert!

Advertisement