Chapter 18. Practice Exam 2

Which account can you use to perform all CLI functions on the sensor?

• A. Service account

• B. Administrator

• C. Operator

• D. Viewer

What CLI command do you use to download updates to the sensor?

• A. Download

• B. Upgrade

• C. Sync

• D. FTP

When a hacker is using the obfuscation method of attack, what statement best describes what the hacker is doing?

• A. Disguising an attack using AppleTalk

• B. Disguising an attack using control characters

• C. Disguising an attack using numbers

• D. Disguising an attack using colors

What type of IDS uses pattern matching of packets to detect malicious activity?

• A. Profile IDS

• B. Cable sensing IDS

• C. Signature-based IDS

• D. Traffic monitoring IDS

Which sequence is correct when you receive new updates?

• A. Update the sensor and then update IDS MC.

• B. Update the sensor and then update IDS IEV.

• C. Update the IDS MC and then update the sensor.

• D. Update the IDS MC and then update IDS IEV.

Which two are signature engine parameters? (Choose two.)

• A. Distant

• B. Local

• C. Global

• D. Master

Which two are methods of uploading service packs to a sensor? (Choose two.)

• A. IDS IEV

• B. IDS MC

• C. Sensor CLI

• D. IDS Sensor Upload Utility

Which browser is supported for IDSM?

• A. Opera version 3.1

• B. Explorer 5.0

• C. Netscape 4.79

• D. Sun Solaris Web Traveler

When installing IDS MC, what is the default Sybase database password?

• A. cisco

• B. netranger

• C. attack

• D. There is no default password.

What are the names of the two partitions on the sensor? (Choose two.)

• A. Application

• B. Active

• C. Backup

• D. Recovery

Which methods do you use to access the sensor? (Choose all that apply.)

• A. Console connection

• B. FTP

• C. Telnet

• D. SSH

Which four of the following are possible EventAction s?

• A. Record

• B. Log

• C. Restart

• D. Reset

• E. ShunHost

• F. ZERO

• G. Block

What does the IDS_Analyzer process do in the IDS MC?

• A. Generates all scheduled reports

• B. Receives IDS alarm and syslog security events and stores them in the database

• C. Retrieves notification requests from other subsystems and performs notification

• D. Defines event rules and requests user -specified notification

What does the IDS_Receiver process do in the IDS MC?

• A. Generates all scheduled reports

• B. Receives IDS alarm and syslog security events and stores them in the database

• C. Retrieves notification requests from other subsystems and performs notification

• D. Defines event rules and requests user-specified notification

Which signature engine parameter cannot be changed for default signatures but can be changed for custom signatures?

• A. Master

• B. Protected

• C. Unprotected

• D. Variable

Which statement is true about IDS log files?

• A. They can be imported into IDS MC.

• B. They can be imported into another sensor.

• C. They can be imported into IEV.

• D. They can be imported into IDM.

Monitoring Center for Security supports which of the following? (Choose all that apply.)

• A. Cisco IDS Sensors

• B. Cisco PIX Firewalls

• C. Cisco IOS Routers

• D. Cisco Catalyst RSM

On the IDS MC Server, which directory stores sensor updates?

• A. \MDC\updates

• B. \MDC\etc\ids

• C. \MDC\etc\updates

• D. \MDC\etc\ids\updates

On the IDS MC Server, which directory is the home directory?

• A. \MDC\ids

• B. \MDC\

• C. \ MC \

• D. \IDSMC\

On the IDS MC Server, in which directory is the Web server located?

• A. \MDC\WebServer

• B. \MDC\Apache

• C. \MDC\IIS

• D. \ISDMC\Apache

Hackers can use Unicode, hex, or control characters to replace characters to evade detection by pattern-matching IDS signatures. What is this process called?

• A. Hiding

• B. Evasive techniques

• C. Obfuscation

• D. Message covering

Which statement is incorrect about the IDSM-2 module?

• A. It supports the recovery partition.

• B. It does not support the recovery partition.

• C. It supports signature-based detection.

• D. It supports VLAN monitoring.

Which command adds host keys to the sensor?

• A. add host-key

• B. ssh add-host

• C. ssh host-key

• D. host-key

What port do you use when logging into the IDS MC?

• A. 1741

• B. 1714

• C. 443

• D. 80

What is the communication channel used between the sensor and IDS MC?

• A. Telnet

• B. SSH

• C. PostOffice

• D. RDEP

Which protocol is used between IEV and the IDS 4.0 sensor?

• A. Telnet

• B. SSH

• C. PostOffice

• D. RDEP

Which protocol is used between the Security Monitor and the sensor?

• A. Telnet

• B. SSH

• C. PostOffice

• D. RDEP

What features does the IDS MC provide? (Choose all that apply.)

• A. Configure IOS sensors.

• B. Upload alarms from sensors.

• C. Push signature updates to sensors.

• D. Import sensor configurations from other IDS management tools.

Which processes are part of the IDS MC? (Choose three.)

• A. IDS_Backup

• B. IDS_DeployDaemon

• C. IDS_Update

• D. IDS_Sensor

• E. IDS_WebServer

• F. IDS_ReportScheduler

What must you configure on managed devices? (Choose two.)

• A. HTTP access

• B. Telnet access

• C. Enable password

• D. FTP enabled

What command does an IDS sensor use to block traffic on a PIX Firewall?

• A. IP access-list

• B. Shut

• C. Block

• D. IP Shun

What signature engine can you use to detect attacks from BGP and EIGRP?

• A. Atomic.TCP

• B. String.TCP

• C. Atomic.L3.IP

• D. Atomic.ICMP

What are the four severity levels of a sensor? (Choose four.)

• A. Detected

• B. Warning

• C. Informational

• D. High

• E. Medium

• F. Low

Which signatures monitor OSI Layers 5, 6, and 7?

• A. Atomic

• B. Service

• C. State.String

• D. Flood

Which signature engine parameter must be defined for all signatures?

• A. Protected

• B. Mandatory

• C. Master

• D. Required

What two statements about StorageKey and SummaryKey are correct? (Choose two.)

• A. The StorageKey parameter is for pre-alarm counters.

• B. The StorageKey parameter is for post-alarm counters.

• C. The SummaryKey parameter is for pre-alarm counters.

• D. The SummaryKey parameter is for post-alarm counters.

What does the MaxProto parameter do in the Atomic.L3.IP signature engine?

• A. It defines the minimum IP protocol number.

• B. It defines the range of IP protocol numbers.

• C. It defines the maximum IP protocol number.

• D. It is not a valid parameter.

Which signature engine cannot be used to create custom signatures?

• A. Atomic.L3.IP

• B. String.TCP

• C. Service.Generic

• D. Trojan.UDP

Which of the following methods can you use to update files on the IDS? (Choose three.)

• A. HTTP/HTTPS

• B. Telnet

• C. SSH

• D. RDEP

• E. FTP

• F. SCP

What is the service pack level of IDS -K9-sp-4.0-2-S42.rpm.pkg ?

• A. 4.0

• B. 2

• C. S42

• D. 4.2

Which CLI command creates a self-signed certificate for the IDS sensor?

• A. generate cert

• B. generate-key

• C. host-key

• D. tls generate-key

What protocol is used between sensors and master blocking sensors?

• A. Telnet

• B. SSH

• C. RDEP

• D. SCP

Which of the following are valid signature actions? (Choose four.)

• A. Log

• B. Informational

• C. Reset

• D. Block Host

• E. FTP Reset

• F. Block Connection

Which statement is not true about master blocking sensors?

• A. Master blocking sensors can use other master blocking sensors to control other devices.

• B. Communication between sensors uses RDEP.

• C. Master blocking sensors can handle block requests from multiple sensors.

• D. Master blocking sensors can only be configured with IDS MC.

What tool can you use to create SSH keys in IDS MC?

• A. Sensors

• B. IDS MC key-gen

• C. PuTTyGen

• D. ssh host-key

Which of the following commands are correct when configuring a Catalyst 2900XL switch?

• A. mls ip config

• B. port monitor

• C. monitor session

• D. monitor ip

What technology allows sensors to monitor switches?

• A. Remote Session

• B. SPAN

• C. VSPAN

• D. RSMA

When configuring switches, what keyword will allow you to monitor both egress and ingress traffic?

• A. rx

• B. tx

• C. both

• D. rx-tx

In what order should you execute the following commands to configure a single sensor and switch to monitor traffic?

• A. A, D, C, B

• B. A, C, D, B

• C. B, C, D, A

• D. A, D, B, C

What is the command to restore the sensor partition from the recovery partition?

• A. Sensor(config)#recover application-partition

• B. Sensor(config)#recover recovery-partition

• C. Sensor(config)#recover back-partition

• D. Sensor(config)#recover active-partition