[ LiB ] |
All Cisco exams are difficult and require a broad working knowledge of the subject, as indicated by the competencies for that exam. The exam questions are rarely precise, and students should take note of the following considerations when choosing an answer:
All choices can be correct. Choose the most correct.
All choices can be incorrect. Choose the least incorrect.
After choosing an answer, apply the answer back to the question. The answer must answer the question. This tip might sound redundant, but often, when applying what at first glance appears to be the correct answer back to the question, you realize that the answer is not correct for the question the way it is written.
Questions and answers usually apply to the default behavior of Cisco products, not to workarounds or very advanced configurations, unless specified in the question and answer.
Look for similar questions or questions that relate to the same topic. Sometimes, one question might provide hints for answering another question.
Read all questions carefully because a word such as must or not can make a huge difference in the correct answer.
The following questions and answers are for Exam 642-531, Cisco IDS. The questions cover the core competencies required for this exam and are similar to the questions you will encounter when taking the exam. Each question has at least four possible answers. Read each of the choices and choose the one that best answers the question. Remember that in the real exam, you will not have a chance to review previous questions; see Chapter 1, "Introduction to Cisco Certification," for more details.
Question 1 | How do you enable TCP resets on the SPAN port of a Catalyst 4000 Switch?
|
Question 2 | When a hacker is trying to disguise commands by using control characters , the hacker is using which technique?
|
Question 3 | Which intrusion detection technique detects matching patterns of malicious activity?
|
Question 4 | What servlets are part of the cidWebServer ? (Choose four.)
|
Question 5 | Which internal component initiates shun commands to managed devices?
|
Question 6 | Which application controls the starting and stopping of all other IDS applications?
|
Question 7 | What is the maximum size the EventStore can reach before overwriting previous events?
|
Question 8 | On IDS 4.0, what communication protocol do the Transaction Server, Event Server, and IP Log Server use?
|
Question 9 | Which privilege levels are available on the IDS 4.0 sensor? (Choose four.)
|
Question 10 | Which privilege levels allow you to download the IP log files? (Choose all that apply.)
|
Question 11 | Which privilege levels allow you to copy the current-config file to the backup-config file? (Choose all that apply.)
|
Question 12 | What protocol does IEV use to communicate with the IDS 4.0 sensor?
|
Question 13 | Which type of attack disguises itself inside other applications and is often used as a backdoor?
|
Question 14 | What is a false positive?
|
Question 15 | Which level of client browser do you need to access the sensor's IDM?
|
Question 16 | What does IEV use to provide detailed signature and vulnerability information?
|
Question 17 | What is the default username and password of the IDS 4.0 sensor?
|
Question 18 | What service pack update is IDS -K9-sp-4.0-2-S42.rpm.pkg ?
|
Question 19 | Which methods can you use to upgrade a sensor? (Choose all that apply.)
|
Question 20 | What two partitions does the recover command work with? (Choose two.)
|
Question 21 | What communication protocol is used to communicate with an IDS 4.0 forward blocking sensor and a master blocking sensor?
|
Question 22 | What prerequisite must your system have before you install Management Center for Security?
|
Question 23 | What IDS systems can the Security Monitor manage?
|
Question 24 | Which signature engine does not enable the user to make custom signatures?
|
Question 25 | When searching in a string for the words "newman" and " Newman ," what would be the smallest regular expression syntax you could use?
|
Question 26 | What command would you use to copy the current-config to an FTP server?
|
Question 27 | What ports are scanned when the Atomic.TCP PortRange parameter is set to ?
|
Question 28 | Which signature engine do you use to detect DoS attacks?
|
Question 29 | What URL address would you use to log in to IDS MC?
|
Question 30 | Which of the following describes a false negative?
|
Question 31 | What four signature responses are available?
|
Question 32 | What is true about a signature engine's protected parameters?
|
Question 33 | What two types of communications are available for IOS Routers and PIX Firewalls with the IDS 4.0 sensor? (Choose two.)
|
Question 34 | Which parameters are common among most signature engines?
|
Question 35 | Order the list of steps used to create an event notification in the Security Monitor:
|
Question 36 | In the master signature parameters, what does the EventAction value of ZERO represent?
|
Question 37 | Which statement is true regarding required signature parameters?
|
Question 38 | What statement is true about service signatures?
|
Question 39 | Which signature engine detects reconnaissance attacks?
|
Question 40 | Which command gives the host of 192.168.1.1 access to the command and control interface?
|
Question 41 | Which ACLs are placed ahead of the blocking ACL submitted by an IDS 4.0?
|
Question 42 | Which command enables you to add an IP address to the sensor?
|
Question 43 | What is the default username and password when logging into IDS MC?
|
Question 44 | What do Post-Block ACLs do?
|
Question 45 | With the IDS MC, what do you use to generate SSH keys?
|
Question 46 | Which command adds to the currently logged-in user account a public key for SSH?
|
Question 47 | Which command adds an SSH key of a managed device to the host table?
|
Question 48 | What kind of attack is used to access a Windows shared folder?
|
Question 49 | Which type of parameter is only specific to a particular signature engine?
|
Question 50 | What option on IDS MC allows you to use the sensors keys for SSH?
|
[ LiB ] |