The questions that follow give you a bigger challenge than the exam itself by using an open-ended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
What are the major groups that signature parameters fall into?
What do the Application Inspection and Control (AIC) signature engines provide, and which protocols are currently supported?
What signature types can you use for AIC HTTP signatures?
What are the atomic signature engines and the types of signatures they support?
What is the definition of an atomic signature?
What is the difference between the TCP Mask and TCP Flags parameters?
Which parameter do you use to specify that a regex string needs to be located at an exact location within the packet or stream?
Which Flood Net parameter defines how long the traffic must remain above the configured rate in order to trigger the signature?
What is a meta signatures?
What are the three inspection types available when you are creating signatures with the Service FTP signature engine?
What are the three inspection types available when you are creating signatures with the Service NTP signature engine?
What are the four inspection types available when you are creating signatures with the Service SNMP signature engine?
Cisco IPS supports what three state machines in the State signature engine?
What are the three String signature engines?
Which parameter determines how many connections it takes for a sweep signature to trigger?