CCSP IPS Exam Certification Guide - page 20


Q&A

You have two choices for review questions:

  • The questions that follow pose a greater challenge than the exam questions, because these use an open-ended format. By reviewing now with this more difficult question format, you can better exercise your memory and prove your conceptual understanding of this chapter. The answers to these questions are found in the appendix.

  • For more practice with exam-like question formats, use the exam engine on the CD-ROM.

1.

What is a false positive?

2.

What is a true positive?

3.

If your sensor has only two monitoring interfaces, can you operate in promiscuous and inline modes simultaneously?

4.

What factors are use to calculate the risk rating?

5.

How is the asset value of a target configured?

6.

Which appliance sensors support the inline mode of operation?

7.

Which appliance sensors are diskless?

8.

Which appliance sensor comes with dual 1 Gb monitoring interfaces?

9.

What are the three modes that you can configure for software bypass when using inline mode?

10.

If you want the sensor to fail close when operating in inline mode, what software bypass mode would you use?

11.

What are the four network boundaries that you need to consider when deploying sensors on your network?

12.

What factors (besides network boundaries) must you consider when deploying your sensors?

13.

Which XML-based protocol does your sensor use to transfer event messages to other Cisco IPS devices?

14.

Which standard provides a product-independent standard for communicating security device events?

15.

What is a true negative?

16.

What is the Meta-Event Generator (MEG)?

17.

What is the main difference between intrusion detection and intrusion prevention?


Part II: Cisco IPS Configuration

 

Chapter 2 IPS Command-Line Interface

 

Chapter 3 Cisco IPS Device Manager (IDM)

 

Chapter 4 Basic Sensor Configuration

 

Chapter 5 Basic Cisco IPS Signature Configuration

 

Chapter 6 Cisco IPS Signature Engines

 

Chapter 7 Advanced Signature Configuration

 

Chapter 8 Sensor Tuning


Chapter 2. IPS Command-Line Interface

This chapter covers the following subjects:

  • Sensor Installation

  • Sensor Initialization

  • IPS Command-Line Interface

Each Cisco IPS sensor provides a robust command-line interface (CLI) that enables you to configure the operational characteristics of your sensor. This CLI operates in a way similar to the IOS CLI. You must understand this interface to appropriately install a sensor as well as to debug sensor problems.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 2-1 outlines the major topics discussed in this chapter and the corresponding "Do I Know This Already?" quiz questions.

Table 2-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Sensor Installation

1, 5, 10

Sensor Initialization

2, 6, 9

IPS CLI

3, 4, 7, 8


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

Which sensor CLI command should you use to update the sensor software from version 4.1 to 5.0 via the network?

  1. migrate

  2. update

  3. upgrade

  4. copy

  5. None of these

2.

Which command should you use to initialize a new sensor that you install on your network?

  1. setup

  2. initialize

  3. update

  4. configure

  5. None of these

3.

Which is the most privileged role that you can assign to a normal user account on the sensor?

  1. Root

  2. User

  3. Operator

  4. Administrator

  5. System

4.

Which is the least privileged role that you can assign to a user account on the sensor?

  1. Basic

  2. User

  3. Operator

  4. Admin

  5. Viewer

5.

What must you do before upgrading your sensor's software by using SCP?

  1. Add the Secure Shell (SSH) server's X.509 certificate to the sensor's authorized list.

  2. Add the SSH server key to the sensor's authorized list.

  3. Add the SSH key for the sensor to the SSH server.

  4. Add the sensor's X.509 certificate to the SSH server.

  5. Nothing.

6.

Which of the following cannot be configured by using the setup command?

  1. Web server port

  2. Sensor time settings

  3. Sensor default gateway

  4. TCP port that Telnet uses

  5. Sensor access list entries

7.

What should you type at the sensor CLI to get help?

  1. help

  2. ?

  3. show

  4. Either help or ?

  5. None of these

8.

Which account is used by the Technical Assistance Center (TAC) to troubleshoot problems with your sensor?

  1. Administrator

  2. TAC

  3. Service

  4. Operator

  5. Support

9.

Which of the following is true about the account configured with the Service role?

  1. It is a privileged sensor CLI account that TAC uses to troubleshoot sensor problems.

  2. It is an account made to enable end users to bypass the CLI.

  3. You can configure multiple accounts with the Service role.

  4. This account bypasses the sensor CLI.

  5. None of these.

10.

Which sensors provide no keyboard or mouse ports? (Choose 2.)

  1. IDS 4210

  2. IDS 4240

  3. IDS 4235

  4. IDS 4215

  5. IDS 4250

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score —Read the entire chapter, including the "Foundation and Supplemental Topics," "Foundation Summary," and Q&A sections.

  • 9 or 10 overall score —If you want more review on these topics, skip to the "Foundation Summary" section of this chapter. Then go to the Q&A section. Otherwise, move to the next chapter.