Chapter 10

B

D

A

D

C

B

A

C

E

C

What are the five CiscoWorks user roles that are relevant to IDS MC and Security Monitor operations?

Answer: The CiscoWorks user roles that are relevant to IDS MC and Security Monitor are Help Desk, Approver, Network Operator, Network Administrator, and System Administrator.

What is the minimum amount of RAM and virtual memory recommended for a Windows server running Security Monitor?

Answer: The minimum amount of RAM recommended for the Security Monitor server is 1 GB, and the recommended minimum amount of virtual memory is 2 GB.

What is the minimum amount of RAM and virtual memory recommended for a Windows client system used to connect to Security Monitor?

Answer: The minimum amount of RAM recommended for a Security Monitor client is 256 MB, and the recommended minimum amount of virtual memory is 400 MB.

Which two browsers are supported for use by the Windows-based Security Monitor client systems?

Answer: The supported browsers for Windows-based Security Monitor client systems are Internet Explorer 6.0 with Service Pack 1 and Netscape Navigator 7.1.

What types of devices can you monitor with Security Monitor?

Answer: You can monitor the following devices with Security Monitor: Cisco IDS devices, Cisco IOS IDS/IPS devices, Cisco PIX/FWSM devices, Cisco Security Agent Management Centers, and Remote Cisco Security Monitors.

What are the two major protocols used to communicate between Security Monitor and IDS/IPS devices?

Answer: To communicate with IDS/IPS devices, Security Monitor uses both RDEP and PostOffice protocols.

Which parameters can you use to configure event rules?

Answer: When defining event rules, you can specify the following parameters: Originating Device, Originating Device Address, Attacker Address, Victim Address, Signature Name, Signature ID, and Severity.

What actions can an event rule initiate?

Answer: An event rule can initiate any of the following actions: send a notification via e-mail, log a console notification event, and execute a script.

What are the four tasks that you need to perform when adding an event rule?

Answer: When adding an event rule, you need assign a name to the event rule, define the event filter criteria, assign the event rule action, and define the event rule threshold and interval.

What device statistical categories can you view using Security Monitor?

Answer: Using Security Monitor, you can view the following device statistical categories: Analysis Engine, Authentication, Event Server, Event Store, Host, Logger, Network Access Controller, Transaction Server, Transaction Source, and Web Server.

What are your two options when deleting rows from the Event Viewer, and how are they different?

Answer: When deleting rows from the Event Viewer, you can choose Delete From This Grid (which removes the rows from only the current Event Viewer) or Delete From Database (which removes the events from all instances of the Event Viewer, both current and future).

What is the default expansion boundary?

Answer: The default expansion boundary specifies the default number of columns in which the cells of a new event are expanded. By default, only the first field of an event is expanded.

Which report template would you use to find out which systems have launched the most attacks against your network in a specified time period?

Answer: To identify the systems that have launched the most attacks against your network in a specified time period, you would use the IDS Top Sources Report template.

What icons are used to indicate alarm severity?

Answer: The icons used to display alarm severity are a red exclamation point for high severity alerts, a yellow flag for medium severity alerts, and no icon for low severity alerts.

What does the Blank Left check box do when configured as your cell preference?

Answer: The Blank Left check box causes the Event Viewer display to show blank columns (after the first row) in which multiple rows have the same value for that column.