Chapter 14


"Do I Know This Already?" Quiz

1.

B

2.

B

3.

E

4.

C, D

5.

D

6.

C

7.

D

8.

B

9.

D

10.

A

Q&A

1.

How many NM-CIDS devices can you have in a single access router?

[click here]

Answer: You can have only one NM-CIDS installed in each access router.

2.

How much traffic can an NM-CIDS monitor?

[click here]

Answer: An NM-CIDS can examine a maximum of 45 Mbps of traffic.

3.

NM-CIDS is supported on which router platforms?

[click here]

Answer: The NM-CIDS is supported on the following router platforms: 2600XM Series 2691, 3660, 3725, and 3745.

4.

What does the "EN" LED on the NM-CIDS front panel indicate?

[click here]

Answer: The "EN" LED on the NM-CIDS front panel indicates that the NM-CIDS has passed the self-test and is available to the router.

5.

Which IOS forwarding features impact the operations of the NM-CIDS?

[click here]

Answer: The following IOS forwarding features impact the operation of the NM-IDS: Access Control Lists (ACLs), encryption, Network Address Translation (NAT), IP multicast, UDP flooding, IP broadcast, and GRE tunnels.

6.

Are packets dropped by ACLs forwarded to NM-CIDS for examination?

[click here]

Answer: Packets dropped by input ACLs are not forwarded to NM-CIDS (to avoid duplicate packets), but packets dropped by output ACLs are forwarded to NM-CIDS for examination.

7.

Which type of encrypted traffic can NM-CIDS analyze?

[click here]

Answer: NM-CIDS can examine encrypted traffic for IPSec tunnels terminated on the router, but it cannot analyze encrypted traffic passing through the router.

8.

When you use inside NAT, which IP addresses are forwarded to NM-CIDS?

[click here]

Answer: With inside NAT, only the inside IP addresses are sent to the NM-CIDS.

9.

Which types of packets are not forwarded to NM-CIDS for analysis?

[click here]

Answer: Address Resolution Protocol (ARP) packets are not forwarded to NM-CIDS for examination. Packets in which an IP header field contains an error, such as an irregularity in a field, are not forwarded to NM-CIDS for examination.

10.

Should you run Cisco IOS-IDS in conjunction with NM-CIDS?

[click here]

Answer: No. Running Cisco IOS-IDS in conjunction with NM-CIDS can adversely impact the operation of your access router.

11.

What is the preferred clock configuration on NM-CIDS?

[click here]

Answer: The preferred clock configuration for NM-CIDS is to use NTP mode on the NM-CIDS.

12.

What is the least-preferred clock configuration on NM-CIDS?

[click here]

Answer: The least-preferred clock configuration on NM-CIDS is to run Cisco IOS clock mode on the NM-CIDS and set the Cisco IOS time zone to the local time zone.

13.

When you are using Cisco IOS clock mode, accurate NM-CIDS time depends on what factors?

[click here]

Answer: When you are using Cisco IOS clock mode, accurate NM-CIDS time depends on the router's local time, the router's time zone offset, and the router's summer time mode and offset, as well as the NM-CIDS's time zone offset and the NM-CIDS's summer time mode and offset.

14.

What are the two methods for accessing the console on the NM-CIDS?

[click here]

Answer: The Cisco IOS software performs a reverse Telnet that enables you to access the NM-CIDS console via Telnet or the service-module command.

15.

What is the formula for calculating the port number to Telnet to when you are accessing NM-CIDS via Telnet?

[click here]

Answer: The formula for calculating the Telnet port is (32 x slot number) + 2001.

16.

Which command enables you to shut down the NM-CIDS from the router CLI?

[click here]

Answer: The command to shut down the NM-CIDS from the router CLI is service-module ids-sensor slot/0 shutdown.



CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net