Chapter 10. Alarm Monitoring and Management


This chapter covers the following subjects:

  • CiscoWorks 2000

  • Security Monitor

  • Installing Security Monitor

  • Security Monitor Configuration

  • Security Monitor Event Viewer

  • Security Monitor Administration

  • Security Monitor Reports

When deploying a large number of Cisco IPS sensors, you need an efficient way to monitor the alerts from these devices. Security Monitor (a component of the CiscoWorks VPN/Security Management Solution [VMS] product) provides this functionality. Using Security Monitor, you can correlate and analyze events from multiple sensors deployed throughout your network through a graphical interface. Configuring Security Monitor correctly is crucial to efficiently identifying intrusive activity on your network.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 10-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 10-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

CiscoWorks 2000

-

Security Monitor

-

Installing Security Monitor

1, 2, 3

Security Monitor Configuration

4, 5, 6

Security Monitor Event Viewer

7, 8

Security Monitor Administration

10

Security Monitor Reports

9


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

What is the minimum recommended amount of RAM for the Security Monitor server?

  1. 2 GB

  2. 1 GB

  3. 512 MB

  4. 256 MB

  5. 1.5 GB

2.

What is the minimum recommended amount of RAM for the client systems that access Security Monitor?

  1. 2 GB

  2. 1 GB

  3. 512 MB

  4. 256 MB

  5. 1.5 GB

3.

What part of the Security Monitor interface provides a visual road map indicating where you are?

  1. Path bar

  2. Options bar

  3. Instruction box

  4. Content area

  5. Road map

4.

When you add a monitored device to Security Monitor, which of the following devices does not allow you to specify the protocol that the device uses to communicate with Security Monitor?

  1. RDEP device

  2. PostOffice device

  3. IPS 5.0 sensor

  4. PIX Firewall

  5. IDS 4.0 sensor

5.

Which of the following is not a characteristic that you can specify when configuring an event rule?

  1. Originating device

  2. Signature name

  3. Attacker port

  4. Severity

  5. Victim address

6.

Which of the following is not a category whose statistics you can view using Security Monitor?

  1. Network Access Controller

  2. Analysis Server

  3. Transaction Server

  4. Event Server

  5. Analysis Engine

7.

Which of the following items is not configurable when you change the Event Viewer display preferences?

  1. Columns displayed

  2. Event severity indicator type

  3. Default expansion boundary

  4. Time for Security Monitor-initiated blocks

  5. Maximum events per grid

8.

Which color is the background of the count field for medium-severity events?

  1. Red

  2. Orange

  3. Yellow

  4. Green

  5. White

9.

Which of the following is not a parameter that you can configure when customizing a report template?

  1. Source IP address

  2. Destination direction

  3. IDS devices

  4. IDS signatures

  5. Risk Rating

10.

Which of the following is not a parameter that you can configure when defining a database rule?

  1. Total IDS events in database exceed

  2. Total audit log events in database exceed

  3. Total PIX events in database exceed

  4. Database free space less than (megabytes)

  5. Repeat every

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score Read the entire chapter. This includes the "Foundation and Supplemental Topics" and "Foundation Summary" sections and the Q&A section.

  • 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net