Chapter 9


"Do I Know This Already?" Quiz

1.

C

2.

B

3.

E

4.

D

5.

C

6.

A

7.

C

8.

C

9.

E

10.

C

Q&A

1.

What are the three inline response actions?

[click here]

Answer: The three inline response actions are Deny Packet Inline, Deny Connection Inline, and Deny Attacker Inline.

2.

What traffic does the Deny Connection Inline response action prevent?

[click here]

Answer: The Deny Connection Inline response action prevents traffic that matches the source IP address, source port, destination IP address, and destination port for the traffic that matches the traffic that triggered the signature.

3.

What are the three logging options available in Cisco IPS version 5.0?

[click here]

Answer: Cisco IPS version 5.0 provides the following three logging actions: Log Attacker Packets, Log Pair Packets, and Log Victim Packets.

4.

What two blocking actions can you configure to occur when a signature triggers?

[click here]

Answer: You can configure the following two blocking actions for signatures: Request Block Host and Request Block Connection.

5.

What types of devices can Cisco IPS sensors use as managed devices?

[click here]

Answer: Cisco IPS sensors can use IOS routers, Catalyst 6000 switches, and PIX Firewalls (and ASAs) as managed devices.

6.

What must you configure when implementing IP blocking on an interface that already has an ACL applied to it?

[click here]

Answer: To implement IP blocking on an interface that already has an ACL applied to it, you must configure a Pre-Block or Post-Block ACL (or both).

7.

When do you need to configure a Master Blocking Sensor?

[click here]

Answer: When configuring multiple sensors to perform IP blocking, you need to configure a Master Blocking Sensor to coordinate IP blocking between the multiple sensors.

8.

How many sensors can initiate IP blocking on a single managed device?

[click here]

Answer: Only one sensor can initiate IP blocking on a single managed device.

9.

How can you protect the traffic from critical systems from accidentally being blocked by the IP blocking functionality?

[click here]

Answer: To prevent IP blocking from impacting traffic from critical systems, you can configure a never-block address for the critical system.

10.

What are the two steps for defining a router blocking device in IDM?

[click here]

Answer: When defining a router blocking device using IDM, you need to first define the blocking device and then define and associate an interface to be used by the blocking device.

11.

Which response actions can be manually configured via the IDM interface?

[click here]

Answer: Using the IDM interface, you can manually configure IP logging, host blocks, and network blocks.

12.

What response action uses the Simple Network Management Protocol (SNMP)?

[click here]

Answer: The Request SNMP Trap action uses SNMP traps to indicate when a signature triggers.

13.

How long does the Deny Attacker Inline action block traffic from the attacker's IP address?

[click here]

Answer: The Deny Attacker Inline action remains in effect for the length of time specified by the Deny Attacker Duration parameter.

14.

Which parameter determines how long IP blocking actions remain in effect?

[click here]

Answer: The block action duration parameter specifies the length of time that IP blocking actions remain in effect.

15.

Which blocking mechanism enables you to restrict traffic between systems on the same network segment?

[click here]

Answer: VACLs enable you to restrict traffic between systems on the same network segment.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net