Chapter 6


"Do I Know This Already?" Quiz

1.

A

2.

D

3.

B

4.

C

5.

A

6.

D

7.

E

8.

B

9.

E

10.

C

Q&A

1.

What are the major groups that signature parameters fall into?

[click here]

Answer: The signature parameters fall into the following groups: basic signature fields, signature description fields, engine-specific fields, event counter fields, alert frequency fields, and status fields.

2.

What do the Application Inspection and Control (AIC) signature engines provide, and which protocols are currently supported?

[click here]

Answer: The AIC signature engines support signatures that provide deep-packet inspection from Layer 4 through Layer 7. The two protocols currently supported are HTTP and FTP.

3.

What signature types can you use for AIC HTTP signatures?

[click here]

Answer: The signature types available for AIC HTTP signatures are Content Types, Define Web Traffic Policy, Max Outstanding Requests Overrun, Msg Body Pattern, Request Methods, and Transfer Encodings.

4.

What are the atomic signature engines and the types of signatures they support?

[click here]

Answer: The Atomic ARP signature engine supports ARP signatures, and the Atomic IP signature engine supports ICMP, TCP, and UDP atomic signatures.

5.

What is the definition of an atomic signature?

[click here]

Answer: An atomic signature means that everything needed to check for a signature match is available in a single packet. These signatures do not require any state information to be saved.

6.

What is the difference between the TCP Mask and TCP Flags parameters?

[click here]

Answer: The TCP Flags parameter determines which flags you want set, and the TCP Mask parameter indicates the flags that you are interested in. Flags not included in the TCP Mask cannot impact whether the signature triggers.

7.

Which parameter do you use to specify that a regex string needs to be located at an exact location within the packet or stream?

[click here]

Answer: The Exact Match Offset parameter indicates that the regex string needs to occur at exactly the specified number of bytes from the beginning of the packet or stream.

8.

Which Flood Net parameter defines how long the traffic must remain above the configured rate in order to trigger the signature?

[click here]

Answer: The Peaks Flood Net parameter defines how long the traffic flood must remain above the configured rate in order to trigger the flood signature.

9.

What is a meta signatures?

[click here]

Answer: A meta signature is a signature that is composed of multiple individual signatures. After each of the component signatures trigger (within a specified time), the meta signature triggers.

10.

What are the three inspection types available when you are creating signatures with the Service FTP signature engine?

[click here]

Answer: When creating signatures with the Service FTP signature engine, you can create signatures using the following inspection types: Invalid Address in PORT Command, Invalid Port in PORT Command, and PASV Port Spoof.

11.

What are the three inspection types available when you are creating signatures with the Service NTP signature engine?

[click here]

Answer: When creating signatures with the Service NTP signature engine, you can create signatures using the following inspection types: Inspect NTP Packets, Is Invalid Data Packet, and Is Non NTP Traffic.

12.

What are the four inspection types available when you are creating signatures with the Service SNMP signature engine?

[click here]

Answer: When creating signatures with the Service SNMP signature engine, you can create signatures using the following inspection types: Brute Force Inspection, Invalid Packet Inspection, Non-SNMP Traffic Inspection, and SNMP Traffic Inspection.

13.

Cisco IPS supports what three state machines in the State signature engine?

[click here]

Answer: The State signature engine supports the following three state machines: Cisco Login, LPR Format String, and SMTP.

14.

What are the three String signature engines?

[click here]

Answer: The three String signature engines are String ICMP, String TCP, and String UDP.

15.

Which parameter determines how many connections it takes for a sweep signature to trigger?

[click here]

Answer: The Unique parameter determines how many connections it takes to trigger a sweep signature.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net