CCSP IPS Exam Certification Guide
Authors: Earl C.
 Published year: 2004
 Pages: 68-69/119
Buy this book on amazon.com >>

Q&A

You have two choices for review questions:

  • The questions that follow give you a bigger challenge than the exam itself by using an open -ended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.

  • For more practice with exam-like question formats, use the exam engine on the CD-ROM.

1.

Which sensor CLI command would you use to display the sensor uptime and previous sensor software version?

2.

What are the sections of the sensor configuration file output?

3.

What do the different sections of the sensor configuration file correspond to?

4.

Which sensor CLI command displays the Product Evolution Program (PEP) information for your sensor?

5.

What is the main difference between displaying sensor statistics via the CLI and displaying sensor statistics by using IDM?

6.

In the sensor CLI, which command displays events, and which types of events can you display?

7.

What are the three ways to specify the time frame for events when you use IDM to display events?

8.

Which sensor CLI command enables you to view the operational status of the interfaces on the sensor?

9.

Which CLI command captures network traffic to a tcpdump capture file?

10.

Which CLI command captures network traffic and displays it in the screen for all Gigabit Ethernet interfaces?

11.

Which sensor CLI command displays a comprehensive list of status and system information about your sensor?

12.

What does the diagnostic report in IDM provide?

13.

Which service notification option removes the size limit on SNMP traps?

14.

What does the error-filter option of the service notification command do?


Chapter 13. Cisco IDS Module (IDSM)

This chapter covers the following subjects:

  • Cisco IDS Module

  • IDSM-2 Configuration

  • IDSM-2 Ports

  • Catalyst 6500 Switch Configuration

  • IDSM-2 Administrative Tasks

  • Troubleshooting the IDSM-2

One of the advantages of Cisco IPS is the multiple locations at which you can deploy sensors throughout your network. The Cisco IDS Module (IDSM) enables you to deploy your sensor directly into your Catalyst 6500 switch via a switch-line card.

Besides tuning Cisco IPS to match your unique network requirements, you must also thoroughly understand the various locations throughout your network at which you can deploy IPS sensors. A key traffic- crossing point is your Catalyst 6500 family switches. Deploying an Intrusion Detection System Module 2 (IDSM-2) in your Catalyst 6500 switch enables you to efficiently and effectively monitor traffic traversing your network. Understanding the benefits and limitations of the IDSM-2 is crucial to monitoring a key location in your network infrastructure.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 13-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 13-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Cisco IDS Module

1, 2

IDSM-2 Configuration

5

IDSM-2 Ports

3, 4, 8

Catalyst 6500 Switch Configuration

9

IDSM-2 Administrative Tasks

10

Troubleshooting the IDSM-2

6, 7


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

What is the maximum amount of traffic that the IDSM-2 can monitor?

  1. 500 Mbps

  2. 450 Mbps

  3. 600 Mbps

  4. 250 Mbps

  5. 1000 Mbps

2.

Which of the following is false about the IDSM-2?

  1. It has the ability to monitor multiple VLANs.

  2. It impacts the switch performance.

  3. It runs the same code base as the appliance sensor.

  4. It supports improved management techniques (such as IDM).

3.

Which port on IDSM-2 is the command and control port?

  1. Port 1

  2. Port 7

  3. Port 8

  4. Port 2

4.

Which port on IDSM-2 is the TCP reset port?

  1. Port 1

  2. Port 2

  3. Port 7

  4. Port 8

5.

Which of the following IOS commands accesses an IDSM-2 located in slot 7?

  1. session 7

  2. telnet 2089

  3. session slot 7 processor 1

  4. session slot 7 processor 0

6.

Which switch command can you use to check the status of the IDSM-2 in slot 5?

  1. show slot 5

  2. show module 5

  3. show idsm status

  4. show card 5

7.

What does a red status light-emitting diode (LED) on the front of the IDSM-2 indicate ?

  1. The IDSM-2 is running through its boot and self-test diagnostic sequence.

  2. The IDSM-2 is disabled.

  3. A diagnostic other than an individual port test has failed.

  4. The IDSM-2 is in the shutdown state.

  5. The IDSM-2 is operational.

8.

Which of the following ports is an IDSM-2 monitoring port?

  1. 1

  2. 4

  3. 2

  4. 7

  5. 3

9.

Which IOS command changes the VLAN for a specific port on the switch?

  1. switchport access vlan

  2. set vlan

  3. set port

  4. set interface vlan

10.

Which command do you use from the IDSM-2 CLI to shut down the device?

  1. shutdown module

  2. reset powerdown

  3. reload module

  4. reboot module

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows :

  • 8 or less overall score —Read the entire chapter. This includes the "Foundation and Supplemental Topics" and "Foundation Summary" sections and the Q&A section.

  • 9 or 10 overall score —If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.

CCSP IPS Exam Certification Guide
Authors: Earl C.
 Published year: 2004
 Pages: 68-69/119
Buy this book on amazon.com >>

Similar books