[ LiB ] |
Question 1 | Which of the following methods can a sensor use to communicate blocking instructions to a managed device such as an IOS Router or PIX Firewall?
|
A1: | Answers C and E are correct. A Sensor can communicate with a managed device using either Telnet or SSH. Answers A, B, and D are incorrect because you do not use RDEP, PostOffice Protocol, or HTTPS for communication between a Sensor and a managed device. |
Question 2 | Which statement is true about blocking?
|
A2: | Answer D is correct. Statements A, B, and C are false. Answer A is incorrect because you can only configure a permanent block from the CLI; you cannot configure a permanent block from the IDM. Answer B is incorrect because a manual block stays in effect until you manually de-activate it. (However, the default duration of an automatic block is 30 minutes.) Answer C is incorrect because pre-block and post-block ACLs refer to the position of ACEs relative to the blocking ACE, not the times before and after the blocking event. |
Question 3 | When using Telnet to communicate blocking instructions from a Sensor to a managed device, what do you need to configure?
|
A3: | Answer B is correct. To enable Telnet access between a Sensor and a managed device, you must configure the managed device with a VTY line password. Answer A is incorrect because a console password is not necessary. Answer C is incorrect because although an enable password is required, enable secret is not. Answer D is incorrect because no key exchange is required for Telnet. Answer E is incorrect because you must permit Telnet access from the Sensor to the managed device, not from the managed device. |
Question 4 | Which of the following do you use to communicate blocking instructions between a master blocking sensor and a forwarding blocking sensor? (Choose two.)
|
A4: | Answers C and E are correct. RDEP is used for communication between IDS version 4 sensors, whereas PostOffice is used for communications between IDS version 3.x sensors. Answers A, B, and D are incorrect because SSH, Telnet, and HTTPS are not used for communication between sensors. (You can use SSH and Telnet for communication between a sensor and a managed device but not between sensors.) |
Question 5 | What command will enable an SSH server and generate the public and private key pairs on a PIX Firewall?
|
A5: | Answer D is correct. You use the ca generate rsa key command to generate SSH keys on a PIX Firewall. Answer A is incorrect because it is an IOS command. Answer B is incorrect because the command does not exist. Answer C is a command you use on the sensor to retrieve SSH settings from the SSH server (whether a router or a firewall, etc.). Answer E is incorrect because the command does not exist. |
Question 6 | Which statement describes a pre-block ACL?
|
A6: | Answer D is correct. A pre-block ACL consists of the ACEs that are positioned above the active ACL. Answers A and B are incorrect because a pre-block ACL is not the active ACL, whether or not the sensor is in blocking mode. Answer C is incorrect because the ACEs for the address to be blocked are a part of the blocking or active ACL and not the pre-block ACL. |
Question 7 | What command do you use on the sensor to retrieve SSH settings from an SSH server?
|
A7: | Answer C is correct. Use the ssh host-key command on the sensor to retrieve SSH settings from an SSH server such as an IOS Router or PIX Firewall. Answer A is incorrect because it is an IOS command. Answer B is incorrect because it is a PIX command. Answer D is incorrect because the correct command is ssh host-key . |
Question 8 | Which statements are true about master blocking? (Choose two.)
|
A8: | Answers B and E are correct. You can have multiple master blocking sensors for each forwarding blocking sensor, and a forwarding blocking sensor can send blocking instructions to multiple master blocking sensors. Answer A is incorrect because you can have more than one master blocking sensor. Answer C is incorrect because a forwarding blocking sensor can send blocking instructions to up to 10 master blocking sensors. Moreover, when a sensor is a forwarding blocking sensor, it sends rather than receives blocking instructions. Answer D is incorrect because when a sensor is a master blocking sensor, it receives blocking instructions but does not forward blocking them. |
Question 9 | What are the requirements for SSH communications between the Sensor and the managed device? (Choose two.)
|
A9: | Answers C and D are correct. A license for DES or 3DES encryption and manual key exchange using the ssh host-key command are two requirements for blocking communications using SSH. Answer A is incorrect because there is no such command as ca generate ssh key . Answer B is incorrect because a license for Advanced Encryption Standard (AES) is not required for SSH communications. Answer E is incorrect because you must permit SSH access from the Sensor to the managed device, not from the managed device to the Sensor. |
Question 10 | Which statements are true regarding a post-block ACL? (Choose two.)
|
A10: | Answers D and E are correct. A post-block ACL consists of the ACEs that are positioned below the blocking ACEs when blocking is in effect for a managed device. Also, the post-block ACL provides a suitable method of migrating existing manually configured ACLs to an interface that will become a managed interface. Answers A and B are incorrect because the post-block ACL is not the active ACL, whether or not the managed device is in blocking mode. Answer C is incorrect because the never-block addresses are not in the post-block ACL; you place them at the beginning of the dynamically created active ACL. |
[ LiB ] |