The questions that follow give you a bigger challenge than the exam itself by using an open-ended question format. By reviewing now with this more difficult question format, you can exercise your memory better and prove your conceptual and factual knowledge of this chapter. The answers to these questions are found in the appendix.
For more practice with exam-like question formats, use the exam engine on the CD-ROM.
What are the three inline response actions?
What traffic does the Deny Connection Inline response action prevent?
What are the three logging options available in Cisco IPS version 5.0?
What two blocking actions can you configure to occur when a signature triggers?
What types of devices can Cisco IPS sensors use as managed devices?
What must you configure when implementing IP blocking on an interface that already has an ACL applied to it?
When do you need to configure a Master Blocking Sensor?
How many sensors can initiate IP blocking on a single managed device?
How can you protect the traffic from critical systems from accidentally being blocked by the IP blocking functionality?
What are the two steps for defining a router blocking device in IDM?
Which response actions can be manually configured via the IDM interface?
What response action uses the Simple Network Management Protocol (SNMP)?
How long does the Deny Attacker Inline action block traffic from the attacker's IP address?
Which parameter determines how long IP blocking actions remain in effect?
Which blocking mechanism enables you to restrict traffic between systems on the same network segment?