Chapter 12. Verifying System Configuration


This chapter covers the following subjects:

  • Verifying System Configuration

  • Viewing Sensor Configuration

  • Viewing Sensor Statistics

  • Viewing Sensor Events

  • Debugging Sensor Operation

  • Sensor SNMP Access

The sensor's command-line interface (CLI) provides numerous commands to verify the operation of your IPS sensor. You can also check the status of your sensor through IDM. Being able to verify that your sensor is operating correctly and running the latest Cisco IPS software is vital to maintaining your Cisco IPS solution.

Checking the status and operation of your IPS sensors is important to maintaining a strong IPS solution. Verifying that your sensors have the latest signature releases and service packs ensures that your sensors have the latest signatures and IPS functionality. Understanding the sensor CLI commands enables you to efficiently check the status of your IPS sensors. Some functions can also be performed via IDM.

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 10-question quiz, derived from the major sections in the "Foundation and Supplemental Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 12-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 12-1. "Do I Know This Already?" Foundation and Supplemental Topics Mapping

Foundation or Supplemental Topic

Questions Covering This Topic

Viewing Sensor Configuration

1, 2

Viewing Sensor Statistics

4

Viewing Sensor Events

3, 5, 6

Debugging Sensor Operation

7, 8, 9

Sensor SNMP Access

10


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

Which of the following is not provided in the output of the show version sensor CLI command?

  1. Sensor uptime

  2. Recovery partition software version

  3. Sensor host name

  4. Current sensor software version

  5. Previous sensor software version

2.

Which of the following is not one of the sections of the sensor configuration output?

  1. event-action-rules

  2. signature-definition

  3. network-access

  4. trusted-certificates

  5. alarm-channel-configuration

3.

Which of the following is not a valid event type for the show events CLI command?

  1. error

  2. debug

  3. nac

  4. status

  5. log

4.

Which of the following is true about viewing sensor statistics?

  1. You can only use the sensor CLI to view sensor statistics.

  2. You can use the sensor CLI to selectively view statistics based on various categories.

  3. You can only use IDM to view sensor statistics.

  4. You can use IDM to selectively view statistics based on various categories.

5.

Which of the following is not a keyword used with the "|" symbol to limit the output of various sensor CLI commands?

  1. start

  2. begin

  3. include

  4. exclude

6.

When you are choosing events to display through IDM, which of the following is not a configuration option?

  1. Selecting all events in the Event Store

  2. Selecting all high-severity alerts that happened in the last 2 hours

  3. Selecting all informational alerts that happened between January 12, 2005, and January 14, 2005.

  4. Selecting all NAC events that happened in the last 30 minutes

  5. Selecting all log events that happened in the last 2 hours

7.

Which sensor CLI command captures traffic for the GigabitEthernet0/0 interface and saves it to a file?

  1. packet display GigabitEthernet0/0

  2. display packet GigabitEthernet0/0

  3. capture packet GigabitEthernet0/0

  4. packet capture GigabitEthernet0/0

8.

What does the password keyword do when added to the show tech-support CLI command?

  1. password is not a valid option for the show tech-support command.

  2. It removes sensitive information, such as passwords, from the tech-support output.

  3. It includes sensitive information, such as passwords, in the tech-support output.

  4. It is used with the destination keyword to specify login credentials for the destination system.

9.

What is the tech-support output called in IDM?

  1. Tech-support report

  2. System report

  3. Operational report

  4. Diagnostic report

  5. IDM does not provide tech-support output

10.

Which sensor CLI command would you use to configure SNMP parameters on your sensor?

  1. service snmp

  2. service notification

  3. service host

  4. service logger

  5. service network-access

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

  • 8 or less overall score Read the entire chapter. This includes the "Foundation and Supplemental Topics" and "Foundation Summary" sections and the Q&A section.

  • 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the Q&A section. Otherwise, move to the next chapter.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net