Exam Prep Questions

[ LiB ]  
Question 1

Which of the following methods can a sensor use to communicate blocking instructions to a managed device such as an IOS Router or PIX Firewall?

  • A. RDEP

  • B. PostOffice Protocol

  • C. Telnet

  • D. HTTPS

  • E. SSH

A1:

Answers C and E are correct. A Sensor can communicate with a managed device using either Telnet or SSH. Answers A, B, and D are incorrect because you do not use RDEP, PostOffice Protocol, or HTTPS for communication between a Sensor and a managed device.

Question 2

Which statement is true about blocking?

  • A. You can configure a permanent block using the IDM.

  • B. The default duration of a manual block is 30 minutes.

  • C. Before the blocking event, the Sensor applies the pre-block ACLs to each interface/direction; after the blocking event, the managed devices are restored to the post-block ACLs.

  • D. None of the above.

A2:

Answer D is correct. Statements A, B, and C are false. Answer A is incorrect because you can only configure a permanent block from the CLI; you cannot configure a permanent block from the IDM. Answer B is incorrect because a manual block stays in effect until you manually de-activate it. (However, the default duration of an automatic block is 30 minutes.) Answer C is incorrect because pre-block and post-block ACLs refer to the position of ACEs relative to the blocking ACE, not the times before and after the blocking event.

Question 3

When using Telnet to communicate blocking instructions from a Sensor to a managed device, what do you need to configure?

  • A. Console password

  • B. VTY line password

  • C. Enable secret

  • D. Manual key exchange using the ssh host-key command

  • E. Telnet access from the managed device

A3:

Answer B is correct. To enable Telnet access between a Sensor and a managed device, you must configure the managed device with a VTY line password. Answer A is incorrect because a console password is not necessary. Answer C is incorrect because although an enable password is required, enable secret is not. Answer D is incorrect because no key exchange is required for Telnet. Answer E is incorrect because you must permit Telnet access from the Sensor to the managed device, not from the managed device.

Question 4

Which of the following do you use to communicate blocking instructions between a master blocking sensor and a forwarding blocking sensor? (Choose two.)

  • A. SSH

  • B. Telnet

  • C. RDEP

  • D. HTTPS

  • E. PostOffice

A4:

Answers C and E are correct. RDEP is used for communication between IDS version 4 sensors, whereas PostOffice is used for communications between IDS version 3.x sensors. Answers A, B, and D are incorrect because SSH, Telnet, and HTTPS are not used for communication between sensors. (You can use SSH and Telnet for communication between a sensor and a managed device but not between sensors.)

Question 5

What command will enable an SSH server and generate the public and private key pairs on a PIX Firewall?

  • A. crypto key generate rsa

  • B. crypto key generate ssh

  • C. ssh host-key

  • D. ca generate rsa key

  • E. ca generate ssh-key

A5:

Answer D is correct. You use the ca generate rsa key command to generate SSH keys on a PIX Firewall. Answer A is incorrect because it is an IOS command. Answer B is incorrect because the command does not exist. Answer C is a command you use on the sensor to retrieve SSH settings from the SSH server (whether a router or a firewall, etc.). Answer E is incorrect because the command does not exist.

Question 6

Which statement describes a pre-block ACL?

  • A. It is the active ACL when the sensor is not in blocking mode.

  • B. It is the active ACL before the sensor is in blocking mode.

  • C. It consists of the ACEs for the address to be blocked.

  • D. It consists of the ACEs that are positioned above the blocking ACEs.

A6:

Answer D is correct. A pre-block ACL consists of the ACEs that are positioned above the active ACL. Answers A and B are incorrect because a pre-block ACL is not the active ACL, whether or not the sensor is in blocking mode. Answer C is incorrect because the ACEs for the address to be blocked are a part of the blocking or active ACL and not the pre-block ACL.

Question 7

What command do you use on the sensor to retrieve SSH settings from an SSH server?

  • A. crypto key generate rsa

  • B. ca generate rsa key

  • C. ssh host-key

  • D. ssh generate rsa-key

A7:

Answer C is correct. Use the ssh host-key command on the sensor to retrieve SSH settings from an SSH server such as an IOS Router or PIX Firewall. Answer A is incorrect because it is an IOS command. Answer B is incorrect because it is a PIX command. Answer D is incorrect because the correct command is ssh host-key .

Question 8

Which statements are true about master blocking? (Choose two.)

  • A. You can only have one master blocking sensor but multiple forwarding blocking sensors.

  • B. You can have multiple master blocking sensors for each forwarding blocking sensor.

  • C. A forwarding blocking sensor can receive blocking instructions from one master blocking sensor only.

  • D. A master blocking sensor can forward blocking instructions to one forwarding blocking sensor only.

  • E. A forwarding blocking sensor can send blocking instructions to multiple master blocking sensors.

A8:

Answers B and E are correct. You can have multiple master blocking sensors for each forwarding blocking sensor, and a forwarding blocking sensor can send blocking instructions to multiple master blocking sensors. Answer A is incorrect because you can have more than one master blocking sensor. Answer C is incorrect because a forwarding blocking sensor can send blocking instructions to up to 10 master blocking sensors. Moreover, when a sensor is a forwarding blocking sensor, it sends rather than receives blocking instructions. Answer D is incorrect because when a sensor is a master blocking sensor, it receives blocking instructions but does not forward blocking them.

Question 9

What are the requirements for SSH communications between the Sensor and the managed device? (Choose two.)

  • A. Manual key exchange using the ca generate ssh key command

  • B. AES or 3DES encryption license

  • C. DES or 3DES encryption license

  • D. Manual key exchange using the ssh host-key command

  • E. SSH access permitted from the managed device to the Sensor

A9:

Answers C and D are correct. A license for DES or 3DES encryption and manual key exchange using the ssh host-key command are two requirements for blocking communications using SSH. Answer A is incorrect because there is no such command as ca generate ssh key . Answer B is incorrect because a license for Advanced Encryption Standard (AES) is not required for SSH communications. Answer E is incorrect because you must permit SSH access from the Sensor to the managed device, not from the managed device to the Sensor.

Question 10

Which statements are true regarding a post-block ACL? (Choose two.)

  • A. It is the active ACL when the sensor is not in blocking mode.

  • B. It is the active ACL after the sensor is in blocking mode.

  • C. It consists of the ACEs for never-block addresses.

  • D. It consists of the ACEs that are positioned below the blocking ACEs.

  • E. You can migrate existing ACEs to the post-block ACL.

A10:

Answers D and E are correct. A post-block ACL consists of the ACEs that are positioned below the blocking ACEs when blocking is in effect for a managed device. Also, the post-block ACL provides a suitable method of migrating existing manually configured ACLs to an interface that will become a managed interface. Answers A and B are incorrect because the post-block ACL is not the active ACL, whether or not the managed device is in blocking mode. Answer C is incorrect because the never-block addresses are not in the post-block ACL; you place them at the beginning of the dynamically created active ACL.

[ LiB ]  


CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net