Chapter 2. IPS Command-Line Interface
This chapter covers the following subjects:
Each Cisco IPS sensor provides a robust command-line interface (CLI) that enables you to configure the operational characteristics of your sensor. This CLI operates in a way similar to the IOS CLI. You must understand this interface to appropriately install a sensor as well as to debug sensor problems.
"Do I Know This Already?" Quiz
The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.
The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.
Table 2-1 outlines the major topics discussed in this chapter and the corresponding "Do I Know This Already?" quiz questions.
Table 2-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping
Foundation or Supplemental Topic
Questions Covering This Topic
1, 5, 10
2, 6, 9
3, 4, 7, 8
The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.
Which sensor CLI command should you use to update the sensor software from version 4.1 to 5.0 via the network?
None of these
Which command should you use to initialize a new sensor that you install on your network?
None of these
Which is the most privileged role that you can assign to a normal user account on the sensor?
Which is the least privileged role that you can assign to a user account on the sensor?
What must you do before upgrading your sensor's software by using SCP?
Add the Secure Shell (SSH) server's X.509 certificate to the sensor's authorized list.
Add the SSH server key to the sensor's authorized list.
Add the SSH key for the sensor to the SSH server.
Add the sensor's X.509 certificate to the SSH server.
Which of the following cannot be configured by using the setup command?
Web server port
Sensor time settings
Sensor default gateway
TCP port that Telnet uses
Sensor access list entries
What should you type at the sensor CLI to get help?
Either help or ?
None of these
Which account is used by the Technical Assistance Center (TAC) to troubleshoot problems with your sensor?
Which of the following is true about the account configured with the Service role?
It is a privileged sensor CLI account that TAC uses to troubleshoot sensor problems.
It is an account made to enable end users to bypass the CLI.
You can configure multiple accounts with the Service role.
This account bypasses the sensor CLI.
None of these.
Which sensors provide no keyboard or mouse ports? (Choose 2.)
The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:
8 or less overall score —Read the entire chapter, including the "Foundation and Supplemental Topics," "Foundation Summary," and Q&A sections.
9 or 10 overall score —If you want more review on these topics, skip to the "Foundation Summary" section of this chapter. Then go to the Q&A section. Otherwise, move to the next chapter.