| 1. | Which sensor CLI command would you use to display the sensor uptime and previous sensor software version? |
| [click here] | Answer: The show version sensor CLI command displays information such as the sensor uptime, current and previous software versions, and recovery partition software version. |
| 2. | What are the sections of the sensor configuration file output? |
| [click here] | Answer: The sensor configuration file output is divided into the following sections: analysis-engine, authentication, event-action-rules, host, interface, logger, network-access, notification, signature-definition, ssh-known-hosts, trusted-certificates, and web-server. |
| 3. | What do the different sections of the sensor configuration file correspond to? |
| [click here] | Answer: The different sections of the configuration file correspond to the options available for the sensor service CLI configuration command. |
| 4. | Which sensor CLI command displays the Product Evolution Program (PEP) information for your sensor? |
| [click here] | Answer: The show inventory sensor CLI command displays the PEP inventory information. |
| 5. | What is the main difference between displaying sensor statistics via the CLI and displaying sensor statistics by using IDM? |
| [click here] | Answer: In IDM a single command displays all of the sensor statistics, whereas in the CLI you can choose one of 14 statistical categories, which allows you to display only a limited amount of statistical information. |
| 6. | In the sensor CLI, which command displays events, and which types of events can you display? |
| [click here] | Answer: Using the show events CLI command, you can display alert, error, log, NAC, and status events. |
| 7. | What are the three ways to specify the time frame for events when you use IDM to display events? |
| [click here] | Answer: When using IDM to display events, you can specify the time frame for events by a number of minutes or hours in the past, events within a date range, and all events in the Event Store. |
| 8. | Which sensor CLI command enables you to view the operational status of the interfaces on the sensor? |
| [click here] | Answer: The show interfaces CLI command enables you to view the operational status of interfaces on the sensor. |
| 9. | Which CLI command captures network traffic to a tcpdump capture file? |
| [click here] | Answer: The packet capture CLI command captures network traffic to a tcpdump capture file. |
| 10. | Which CLI command captures network traffic and displays it in the screen for all Gigabit Ethernet interfaces? |
| [click here] | Answer: The packet display GigabitEthernet command displays capture traffic from all of the Gigabit Ethernet interfaces on the sensor. |
| 11. | Which sensor CLI command displays a comprehensive list of status and system information about your sensor? |
| [click here] | Answer: The show tech-support CLI command displays a comprehensive list of status and system information about your sensor. |
| 12. | What does the diagnostic report in IDM provide? |
| [click here] | Answer: The diagnostic report in IDM provides a comprehensive list of status and system information about your sensor. This is the same information as the CLI command show tech-support. |
| 13. | Which service notification option removes the size limit on SNMP traps? |
| [click here] | Answer: The enable-detail-traps option removes the size limits on traps sent, as opposed to those in sparse mode (fewer than 484 bytes). |
| 14. | What does the error-filter option of the service notification command do? |
| [click here] | Answer: The error-filter option of the service notification command enables you to determine which errors generate SNMP traps (options are warning, error, and fatal). |
