[ LiB ] |
Question 1 | A network administrator is testing a new monitoring application that uses multiple Internet Control Message Protocol (ICMP) messages to host systems. The application is reported on IEV as a network attack. This alarm is referred to as a
|
A1: | Answer A is correct. Because it was not an actual malicious attack but resulted in the generation of an alarm, this alarm is referred to as a false positive. A false negative occurs when an actual attack is not reported; therefore, Answer B is incorrect. True positives occur when real attacks are successfully detected and reported; therefore, Answer C is incorrect. True negatives happen when no attack occurred and no alarm was generated. Therefore, Answer D is incorrect. |
Question 2 | Which three of the following methodologies are valid methodologies employed by IDS signatures to detect network attacks?
|
A2: | Answers A, B, and D are correct. Heuristic analysis, signature-based detection, and pattern matching are all valid methodologies used by signatures to detect intrusions. Although IDS components can be host-based, such as the Security Agent, host-based is not a methodology employed by signatures. Therefore, Answer C is incorrect. Flood decode analysis does not exist, and obfuscation is an IDS evasive technique commonly used by attackers . Therefore, Answers E and F are incorrect. |
Question 3 | Which of the following IDS components were designed for lower-risk network environments? (Choose two.)
|
A3: | Answers B and E are correct. The Router Sensor IOS IDS and the Firewall Sensor PIX IDS contain a subset of the Sensor appliance IDS signatures and were designed for lower-risk environments. The 4200 Series Sensor Appliances provide a robust platform for intrusion detection and are designed for high-risk environments; therefore, Answer A is incorrect. Cisco Security Agent, and the host agent IDS product, is agent software that resides on hosts , and it is not designed for network intrusion detection; Answers C and F are therefore incorrect. The IDSM2 is a high-performance switching module designed for high-throughput intrusion detection with no impact on switch performance. It was not designed for lower-risk environments, so Answer D is incorrect. |
Question 4 | Which of the following are methods used to evade IDSs? (Choose three.)
|
A4: | Answers B, D, and E are correct. Fragmentation, obfuscation, and encryption are all evasive techniques used by attackers to dodge IDS detection. Denial-of-service and access attacks are forms of attacks performed by hackers but are not directly used to compromise IDSs. Answers A and F are therefore incorrect. Pattern matching is a methodology used by signatures to detect an intrusion, not an evasive technique. Therefore, Answer C is incorrect. |
Question 5 | Which of the following is a component that is included with Cisco IEV?
|
A5: | Answer C is correct. Cisco's IEV, available from http://www.cisco.com, includes the Network Security Database, a reference of detailed signature and vulnerability information. CCO is a Cisco Connection Online account and is required to access the online version of NSDB. CSEC, the Cisco Secure Encyclopedia, is the online version of NSDB. Answers A and B are therefore incorrect. C-CRT is the Cisco Countermeasures Research Team, which provides support for active updates but has no relationship to IEV. Therefore, Answer D is incorrect. |
Question 6 | Which of the following are enhancements that the IDSM2 offers over the IDSM? (Choose three.)
|
A6: | Answers B, E, and F are correct. The IDSM2 offers 600Mbps instead of the IDSM's 120, uses the same code as the version 4 sensor appliances, and supports both blocking and TCP resets in response to attack detection. The IDSM supports only 120Mbps of performance and not 200Mbps; therefore, Answer A is incorrect. The IDSM also supports SPAN, RSPAN, and VACL capture; therefore, Answers C and D are incorrect. |
Question 7 | IEV version 4 can support the monitoring and reporting of up to how many sensor devices?
|
A7: | Answer C is correct. IEV version 4 can support the monitoring and reporting of up to five sensor devices. IEV version 3 supports up to three sensor devices, but the question specifically refers to IEV version 4. Answers A, B, and D are therefore incorrect. |
Question 8 | Management Center for the Cisco Security Agent (CSA MC) supports deployment for up to how many host agents ?
|
A8: | Answer D is correct. The CSA MC supports management for up to 5000 host Security Agents. Therefore, Answers A, B, and C are incorrect. |
Question 9 | The PostOffice protocol uses which of the following ports?
|
A9: | Answer F is correct. The PostOffice protocol uses UDP port 45000 for communications. Therefore, Answers A through E are incorrect. |
Question 10 | When using RDEP, when are alarms overwritten?
|
A10: | Answer C is correct. A Sensor process called sensorApp begins to overwrite alarms when the threshold of 4GB is reached. Therefore, Answers A, B, D and E are incorrect. |
[ LiB ] |