Chapter 4. Basic Sensor Configuration


This chapter covers the following subjects:

  • Sensor Host Configuration Tasks

  • Interface Configuration Tasks

  • Analysis Engine Configuration Tasks

For all Cisco IPS deployments, you need to perform certain basic sensor configuration tasks (such as defining the hosts allowed to connect to the sensor and creating new user accounts). Understanding how to perform basic sensor configuration tasks is vital to any successful Cisco IPS deployment.

You must correctly configure your sensors to protect your network. This chapter focuses on various basic sensor configuration tasks. Although you can configure your sensors via the command-line interface (CLI), the examples in the chapter use the Cisco IPS Device Manager (IDM) graphical user interface.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 4-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 4-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Sensor Host Configuration Tasks

1, 6, 7, 9

Interface Configuration Tasks

2, 3, 4, 8

Analysis Engine Configuration Tasks

5


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

Which of the following is a valid user role on the sensor?

  1. Operator

  2. Analyst

  3. Guest

  4. System

  5. Manager

2.

Which of the following parameters cannot be configured when you are editing a monitoring interface via IDM?

  1. Interface Duplex

  2. Interface Speed

  3. Alternate TCP Reset Interface

  4. Interface Description

  5. Interface Name

3.

When the inline software bypass is configured to Off, which of the following is true?

  1. Inline traffic continues to flow through the sensor if the analysis engine is stopped.

  2. Inline traffic stops flowing through the sensor if the analysis engine is stopped.

  3. Inline traffic is never inspected.

  4. Inline traffic stops flowing through the sensor if the analysis engine is running.

4.

Which of the following is not a configurable traffic-flow notification parameter?

  1. Missed Packet Threshold

  2. Notification Interval

  3. Interface Idle Threshold

  4. Maximum Packet Threshold

5.

Which of the following statements is true?

  1. You can assign promiscuous interfaces or inline interface pairs only to a virtual sensor but not both at the same time.

  2. You can assign both promiscuous interfaces and inline interface pairs to a virtual sensor, but only one can be enabled at a time.

  3. You can assign both promiscuous interfaces and inline interface pairs to a virtual sensor.

6.

When defining your summertime configuration, which of the following is false?

  1. You can specify a time zone for the summertime configuration.

  2. You can specify only the hour (0 to 24) at which the time change will occur.

  3. You can specify exact dates (such as October 23) on which the time change will occur.

  4. You can specify a recurring date (such as first Sunday in October).

7.

When making changes to the sensor's time configuration and clock setting, which of the following is true?

  1. Clicking on Apply saves your time configuration changes and updates the sensor's clock setting.

  2. Clicking on Apply save your time configuration changes, but then you must click on Apply Time to Sensor to save the changes to the sensor's clock setting.

  3. You must first click on Apply Time to Sensor to save the changes to the sensor's clock setting and then click on Apply to save the changes to the time configuration.

  4. The updates to the sensor's clock settings occur automatically, so you need to click only on Apply to save your configuration changes.

8.

Which parameter specifies the interval over which the missed packet percentage is calculated for traffic flow notification?

  1. Notification Interval

  2. Missed Packet Threshold

  3. Missed Packet Interval

  4. Interface Idle Threshold

  5. Interface Interval

9.

Which of the following is true?

  1. You can configure multiple keys for the Network Time Protocol (NTP) server.

  2. You can configure different time zones for the sensor as well as the summertime settings.

  3. You must choose a preconfigured time zone.

  4. The start time and the end time for your summertime settings must be the same.

10.

Configuring inline processing on your sensor uses how many interfaces?

  1. 1

  2. 3

  3. 2

  4. Either 1 or 2

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score Read the entire chapter, including the "Foundation and Supplemental Topics," "Foundation Summary," and Q&A sections.

  • 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net