|[ LiB ]|
|Question 1|| |
Which of the following is not a valid event rule action?
Answer C is correct. You cannot configure an event action to issue a TCP reset when the event rule is triggered. However, you can configure an event action to notify via email, execute a script, or log a console notification event. Therefore, Answers A, B, and D are incorrect.
|Question 2|| |
Which of the following tasks do you need to complete to update network IDS signatures from Security Monitor?
Answer B is correct. To update signatures through Security Monitor, download the latest signature updates from the Cisco Web site. You do not use an update server with Security Monitor; therefore, Answer A is incorrect. There is no Admin option in the Devices tab sheet; the correct navigation path is Admin, System Configuration, Update Network IDS Signatures. Therefore, Answer C is incorrect. You do not copy files to the Security Monitor database, which stores events and not update files. Therefore, Answer D is incorrect.
|Question 3|| |
Refer to the steps listed here. Which answer shows the correct sequence to create an event rule?
Answer A is correct. The correct sequence to create an event rule is to assign a name, define the filter criteria, assign the action, assign the threshold and interval, and activate the event rule. Therefore, Answers B, C, and D are incorrect.
|Question 4|| |
When will Security Monitor begin to prune its syslog database by default?
Answer D is correct. Security Monitor will, by default, prune the syslog database when the number of syslog events reaches 2,000,000. Therefore, Answers A through C are incorrect. Note: A custom database rule will automatically trigger the database action when the number of syslog events reaches 500,000; this feature is distinct from the default pruning, so be sure not to confuse the two numbers .
|Question 5|| |
Which of the following is not a requirement for the server where you install Security Monitor?
Answer D is correct. You do not need 17GB minimum of free hard drive space for the Security Monitor installation; you need a minimum of 9GB of free hard drive space. All other answers are valid requirements for the Security Monitor installation. Therefore, Answers A, B, C, and E are incorrect.
|Question 6|| |
Which of the following devices cannot be monitored for IDS events by Security Monitor?
Answer C is correct. Catalyst switches are not Cisco IDS-capable devices without an IDSM and therefore are not monitored by Security Monitor. PIX Firewalls, IOS Routers, sensor appliances, and IDSMs are all IDS-capable devices that can be monitored by Security Monitor. Therefore, Answers A, B, D, and E are incorrect.
|Question 7|| |
Which of the following would you use to log in to CiscoWorks?
Answer C is correct. Logging in to CiscoWorks uses HTTP on port 1741. HTTPS communication between CiscoWorks and a client browser uses port 1742, so Answers B and D are incorrect. You would not use port 443, so Answers A and B are incorrect.
|Question 8|| |
Which of the following IDS devices can be monitored by Security Monitor? (Choose all that apply.)
Answers A, B, D, F, and G are correct. You can use Security Monitor to monitor host, PIX, IOS, PostOffice, and RDEP IDS devices. SPAN is a Switched Port Analyzer, a port mirroring technology on Cisco switches that allows you to capture traffic for IDS analysis; however, there is no such thing as a SPAN IDS device, so Answer C is incorrect. You can also configure Catalyst OS switches to capture traffic for IDS analysis, but there is no such thing as a Catalyst OS IDS device, so Answer E is incorrect.
|Question 9|| |
You want to keep an eye on the status of the Security Monitor database. For which of the following ways can you set up a notification?
Answer E is correct. Security Monitor provides you with the flexibility to configure a database rule to be triggered based on any of these criteria. Because all are valid triggers for a database rule, Answers A through D are incomplete.
|Question 10|| |
Which of the following is the default username/password combination for logging in to CiscoWorks?
Answer A is correct. The default username/password combination for logging in to CiscoWorks is admin , admin . (It is highly recommended that you change both the username and password!) Therefore, Answers B through E are incorrect.
|[ LiB ]|