The questions that follow pose a greater challenge than the exam questions, because these use an open-ended format. By reviewing now with this more difficult question format, you can better exercise your memory and prove your conceptual understanding of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
1.
What is a false positive?
2.
What is a true positive?
3.
If your sensor has only two monitoring interfaces, can you operate in promiscuous and inline modes simultaneously?
4.
What factors are use to calculate the risk rating?
5.
How is the asset value of a target configured?
6.
Which appliance sensors support the inline mode of operation?
7.
Which appliance sensors are diskless?
8.
Which appliance sensor comes with dual 1 Gb monitoring interfaces?
9.
What are the three modes that you can configure for software bypass when using inline mode?
10.
If you want the sensor to fail close when operating in inline mode, what software bypass mode would you use?
11.
What are the four network boundaries that you need to consider when deploying sensors on your network?
12.
What factors (besides network boundaries) must you consider when deploying your sensors?
13.
Which XML-based protocol does your sensor use to transfer event messages to other Cisco IPS devices?
14.
Which standard provides a product-independent standard for communicating security device events?
15.
What is a true negative?
16.
What is the Meta-Event Generator (MEG)?
17.
What is the main difference between intrusion detection and intrusion prevention?
