| 1. | What are the common locations to deploy inline IPS? |
| [click here] | Answer: Some common locations at which to deploy inline IPS include between two routers, between a firewall and a router, between a switch and a router, and between a firewall and a router. |
| 2. | When do you need to construct an artificial VLAN boundary to use inline IPS? |
| [click here] | Answer: When dealing with devices (such as the MSFC and IDSM-2) that have virtual ports connected to your switch, you need to construct an artificial VLAN boundary to force traffic to go through the sensor for inline IPS to work correctly. |
| 3. | What are the three network devices commonly used to capture network traffic for processing by your sensor? |
| [click here] | Answer: The three devices commonly used to capture network traffic for processing by your sensor include hubs, network taps, and switches. |
| 4. | Which three switch mechanisms can you use to mirror traffic to your IPS sensors? |
| [click here] | Answer: To mirror traffic to your IPS sensors, you can use Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and VLAN Access Control Lists (VACLs). |
| 5. | How is SPAN different from RSPAN? |
| [click here] | Answer: RSPAN enables you to capture traffic from ports that are located on multiple switches. |
| 6. | Which IOS command is used to configure SPAN on your Catalyst 4500 and 6500 switches? |
| [click here] | Answer: Configuring SPAN (for IOS) involves using the monitor session command. |
| 7. | What are the steps involved in configuring a VACL on IOS? |
| [click here] | Answer: The steps involved in configuring a VACL when running IOS are (1) configure the ACL, (2) create a VLAN access map, (3) match the ACL to the access map, (4) define the action for the access map, (5) apply the access map to VLANs, and (6) configure capture ports. |
| 8. | Which command may impact your ability to capture traffic by using VACLs? |
| [click here] | Answer: If you apply the ip inspect IOS Firewall command on a specific VLAN interface, you cannot create a VACL for the same VLAN at the switch level. |
| 9. | When do you need to use the mls ip ids IOS command? |
| [click here] | Answer: When you apply the ip inspect IOS Firewall command on a specific VLAN interface, you need to use the mls ip ids command to designate which traffic will be captured for your VACL. |
| 10. | What steps are involved in using VACLs when you have the IOS Firewall on your Catalyst 6500 switch? |
| [click here] | Answer: The steps involved in using VACLs when you have the IOS Firewall on the Catalyst 6500 switch are (1) configure the extended ACL, (2) apply the ACL to an interface or VLAN, and (3) assign the capture port. |
| 11. | Which IOS command do you use to enable trunking on a switch port? |
| [click here] | Answer: To enable trunking on a switch port (for IOS), you use the switchport trunk encapsulation dot1q interface configuration command. |
| 12. | Which IOS command enables you to create a VLAN access map? |
| [click here] | Answer: To create a VLAN access map (when using IOS), you use the vlan access-map global configuration command. |
| 13. | Which action must you specify (when using VLAN access maps) to enable the traffic to pass to the destination hosts and not be denied? |
| [click here] | Answer: When specifying actions for the VLAN access map, you must specify the forward keyword to enable the packets that match the access map to be passed to the destination hosts. |
