Chapter 16. Practice Exam 1

How do you enable TCP resets on the SPAN port of a Catalyst 4000 Switch?

• A. Use the inpkts enable option of the span command.

• B. Use the tcpreset enable option of the span command.

• C. Set the tcpreset command.

• D. TCP resets are not supported.

When a hacker is trying to disguise commands by using control characters , the hacker is using which technique?

• A. Cover and concealment

• B. Obfuscation

• C. Masking

• D. Multicoding

Which intrusion detection technique detects matching patterns of malicious activity?

• A. Profile based

• B. Traffic monitoring

• C. Protocol analysis

• D. Signature based

What servlets are part of the cidWebServer ? (Choose four.)

• A. Transaction Server

• B. sensorApp

• C. IDM

• D. IEV

• E. Event Server

• F. mainApp

• G. IP Log Server

Which internal component initiates shun commands to managed devices?

• A. mainApp

• B. sensorApp

• C. NAC

• D. logApp

Which application controls the starting and stopping of all other IDS applications?

• A. mainApp

• B. sensorApp

• C. NAC

• D. logApp

What is the maximum size the EventStore can reach before overwriting previous events?

• A. 1GB

• B. 2GB

• C. 4GB

• D. 8GB

On IDS 4.0, what communication protocol do the Transaction Server, Event Server, and IP Log Server use?

• A. PostOffice

• B. SSH

• C. RDEP

• D. IDAPI

Which privilege levels are available on the IDS 4.0 sensor? (Choose four.)

• A. Service

• B. Maintenance

• C. Administrator

• D. Viewer

• E. Observer

• F. Operator

• G. Operations

Which privilege levels allow you to download the IP log files? (Choose all that apply.)

• A. Maintenance

• B. Administrator

• C. Viewer

• D. Observer

• E. Operator

• F. Operations

Which privilege levels allow you to copy the current-config file to the backup-config file? (Choose all that apply.)

• A. Maintenance

• B. Administrator

• C. Viewer

• D. Observer

• E. Operator

• F. Operations

What protocol does IEV use to communicate with the IDS 4.0 sensor?

• A. SSH

• B. Telnet

• C. RDEP

• D. PostOffice

Which type of attack disguises itself inside other applications and is often used as a backdoor?

• A. Virus

• B. Trojan

• C. Worm

• D. DoS

What is a false positive?

• A. A situation in which normal traffic fires off a signature event

• B. A situation in which attack traffic fires off a signature event

• C. A situation in which normal traffic does not fire off a signature event

• D. A situation in which attack traffic does not fire off a signature event

Which level of client browser do you need to access the sensor's IDM?

• A. Internet Explorer 3.0 and higher

• B. Netscape Navigator 4.79 or higher

• C. Linux, Windows, or Solaris

• D. Linux

What does IEV use to provide detailed signature and vulnerability information?

• A. TAC access

• B. CCO account with Cisco

• C. Web Security Information Services

• D. NSDB

What is the default username and password of the IDS 4.0 sensor?

• A. admin, admin

• B. admin, attack

• C. cisco, cisco

• D. cisco, attack

What service pack update is IDS -K9-sp-4.0-2-S42.rpm.pkg ?

• A. 4.0

• B. 42

• C. 2

• D. 4.0.2.42

Which methods can you use to upgrade a sensor? (Choose all that apply.)

• A. IDS MC

• B. recovery command

• C. update command

• D. IEV

What two partitions does the recover command work with? (Choose two.)

• A. Operating system partition

• B. Application partition

• C. Update partition

• D. Recovery partition

What communication protocol is used to communicate with an IDS 4.0 forward blocking sensor and a master blocking sensor?

• A. Telnet

• B. SSH

• C. PostOffice

• D. RDEP

What prerequisite must your system have before you install Management Center for Security?

• A. IDS MC

• B. IEV

• C. NSDB

• D. None of the above

What IDS systems can the Security Monitor manage?

• A. Cisco IDS Sensor only

• B. PIX IDS only

• C. IOS IDS only

• D. PIX IDS, IOS IDS

• E. Cisco IDS Sensor, PIX IDS

• F. Cisco IDS Sensor, PIX IDS, IOS IDS

Which signature engine does not enable the user to make custom signatures?

• A. String

• B. State.String

• C. Atomic.TCP

• D. Trojan.TCP

When searching in a string for the words "newman" and " Newman ," what would be the smallest regular expression syntax you could use?

• A. nNewman

• B. [Nn]ewman

• C. [Nn][Ee][Ww][Mm][Aa][Nn]

• D. n<>N[ewman]

What command would you use to copy the current-config to an FTP server?

• A. copy backup-config current-config

• B. copy ftp://192.168.1.1/files/backup-config current-config

• C. copy current-config ftp://192.168.1.1/files/backup-config

• D. copy current-config backup-config

What ports are scanned when the Atomic.TCP PortRange parameter is set to ?

• A. No ports are scanned.

• B. All ports are scanned.

• C. Ports equal to 0 are scanned.

• D. Ports 1024 and above are scanned.

Which signature engine do you use to detect DoS attacks?

• A. Sweep

• B. Service

• C. Atomic

• D. Flood

What URL address would you use to log in to IDS MC?

• A. http://192.168.1.1:443

• B. https ://192.168.1.1:443

• C. http://192.168.1.1:1741

• D. https://192.168.1.1:1741

Which of the following describes a false negative?

• A. A situation in which normal traffic fires off a signature event

• B. A situation in which attack traffic fires off a signature event

• C. A situation in which normal traffic does not fire off a signature event

• D. A situation in which attack traffic does not fire off a signature event

What four signature responses are available?

• A. Alarms

• B. TCP reset

• C. IP log

• D. Triggers

• E. Block connections

• F. Block host

What is true about a signature engine's protected parameters?

• A. You cannot change them for default or custom signatures.

• B. You cannot change them for default signatures, but you can change them for custom signatures.

• C. You cannot change them for custom signatures, but you can change them for default signatures.

• D. You can change them for default and custom signatures.

What two types of communications are available for IOS Routers and PIX Firewalls with the IDS 4.0 sensor? (Choose two.)

• A. RDEP

• B. SSH

• C. Telnet

• D. HTTPS

Which parameters are common among most signature engines?

• A. required

• B. protected

• C. local

• D. master

Order the list of steps used to create an event notification in the Security Monitor:

• A. D, C, A, E, B

• B. D, B, E, C, A

• C. B, A, D, C, E

• D. B, C, E, D, A

In the master signature parameters, what does the EventAction value of ZERO represent?

• A. Enable EventAction .

• B. Do nothing.

• C. IP log only.

• D. TCP reset only.

Which statement is true regarding required signature parameters?

• A. Values are not required for custom or default signatures.

• B. Values are required only for custom signatures, not default signatures.

• C. Values are required for default signatures, not custom signatures.

• D. You must define them for all signatures, both default and custom.

What statement is true about service signatures?

• A. They are divided into groups for each operating system.

• B. They are operating system dependent.

• C. They are operating system independent.

• D. They work at Layers 2, 3, and 4.

Which signature engine detects reconnaissance attacks?

• A. Sweep

• B. Service

• C. Atomic

• D. Flood

Which command gives the host of 192.168.1.1 access to the command and control interface?

• A. sensor(config-host-net)#accessList 192.168.1.1

• B. sensor(config)#accessList 192.168.1.1

• C. sensor(config-host)#accessList 192.168.1.1

• D. sensor(config)#accessList https://192.168.1.1

Which ACLs are placed ahead of the blocking ACL submitted by an IDS 4.0?

• A. Post-Block

• B. Never-Block

• C. Pre-Block

• D. Before-Block

Which command enables you to add an IP address to the sensor?

• A. sensor(config)#interface sensor

• B. sensor(config)#interface command-control

• C. sensor(config)#interface group

• D. sensor(config)#interface monitor

What is the default username and password when logging into IDS MC?

• A. cisco, cisco

• B. cisco, attack

• C. admin, admin

• D. admin, attack

What do Post-Block ACLs do?

• A. They are placed ahead of any blocking ACL sent to a managed device.

• B. They are placed at the end of any blocking ACL sent to a managed device.

• C. They provide a list of IP addresses and ports that should never be blocked.

• D. They do not exist.

With the IDS MC, what do you use to generate SSH keys?

• A. PuTTyutil

• B. PuTTygen

• C. IDS MC key generation screen

• D. IDS MC PuTTy add-in key generation screen

Which command adds to the currently logged-in user account a public key for SSH?

• A. ssh add-key

• B. ssh authorized-key

• C. ssh host-key

• D. ssh user-key

Which command adds an SSH key of a managed device to the host table?

• A. ssh add-key

• B. ssh authorized-key

• C. ssh host-key

• D. ssh user-key

What kind of attack is used to access a Windows shared folder?

• A. Reconnaissance

• B. DoS

• C. Usage

• D. Access

Which type of parameter is only specific to a particular signature engine?

• A. Master

• B. Protected

• C. Local

• D. Unprotected

What option on IDS MC allows you to use the sensors keys for SSH?

• A. Import a device.

• B. Use existing SSH keys.

• C. Import SSH keys from a device.

• D. Autoconfigure.