Exam Prep Questions

What four servlets are managed by the cidWebServer ?

• A. IDM

• B. NAC

• C. mainApp server

• D. Event Server

• E. Transaction Server

• F. sensorApp server

• G. IP Log Server

Answers A, D, E, and G are correct. The cidWebServer hosts four main servlets: the IDM, Event Server, Transaction Server, and IP Log Server. The IDM is for local device management. The Event Server provides an RDEP connection for the IEV and Security Monitor to pull events. The Transaction Server provides interfacing ability to other management systems such as IDS MC to control and configure the sensor. The IP Log Server presents IP logs to external systems such as Security Monitor using RDEP. Answer B is incorrect because you use the NAC to send shunning and ACLs to managed devices such as PIX Firewalls and IOS-based Cisco Routers. Answer C is incorrect because the mainApp application starts up and shuts down all other applications. Answer F is incorrect because you use the sensorApp to monitor traffic for attacks.

What part of the IDS 4.0 software is responsible for starting and stopping other applications?

• A. sensorApp

• B. IDAPI

• C. mainApp

• D. controlApp

Answer C is correct. The mainApp application is the first application started, and it is responsible for starting and stopping all other IDS 4.0 applications. Answer A, sensorApp , is responsible for monitoring traffic. Answer B, IDAPI, is responsible for managing communications between applications, not starting and stopping them. Answer D, controlApp , does not exists.

What communication protocol do Event Server, Transaction Server, and IP Log Server use?

• A. Telnet

• B. PostOffice

• C. RDEP

• D. SSH

Answer C is correct. The Event Server, Transaction Server, and IP Log Server all use the RDEP. The RDEP is encrypted by HTTPS (TLS/SSL). Therefore, Answers A, B, and D are incorrect.

Which process is responsible for sending block commands to managed devices?

• A. mainApp

• B. NAC

• C. sensorApp

• D. cidWebServer

Answer B is correct. The NAC is responsible for connecting to the IOS Router and PIX Firewall by using either Telnet or SSH. Answer A is incorrect because the mainApp is responsible for starting and stopping applications. Answer C is incorrect because the sensorApp is responsible for monitoring traffic. Answer D is incorrect because the cidWebServer is responsible for communicating with directors and monitoring stations , not managed devices.

What process is responsible for writing alert events to the EventStore ?

• A. sensorApp

• B. LogApp

• C. IP Log Server

• D. MessageApp

Answer A is correct. The sensorApp application is responsible for writing alerts and events to the EventStore . Answer B is incorrect because the LogApp is responsible for writing log messages, not alerts, to the EventStore . Answer C is incorrect because the IP Log Server is responsible for giving IP log files to requesting programs such as the IEV and Security Monitor. Answer D is incorrect because MessageApp does not exist

Therefore, Answers B, C, and D are incorrect.

Which PostOffice parameters must be unique?

• A. Host name

• B. Host ID

• C. Organization name

• D. Organization ID

Answer B and D are correct. In the PostOffice Protocol, the host ID and organization ID must be unique to identify a station or device. You use Answer A, the host name, to display a friendly name for the device. Answer C is incorrect because the organization name is just a friendly name to identity the organization ID.

When using the RDEP, which query type updates real-time event applications?

• A. Real-time query

• B. Query

• C. Subscription

• D. Fast push query

Answer C is correct. When using the RDEP, the uri-es-request uses the subscription query type to pull information from the sensor for live-event feeds. Answer A is incorrect because the real-time query does not exist. Answer B is incorrect because the uri-es-request queries retrieve events stored on the sensor, not real-time events. Answer D is incorrect because the fast push query does not exist.

How many virtual sensors does the IDS 4.0 currently support?

• A. None, there is no virtual sensor

• B. 1

• C. 2

• D. Unlimited

Answer B is correct. The Cisco IDS 4.0 sensors support only a single virtual sensor called VirtualSensor . However, the system is designed to handle more virtual sensors, but again, version 4.0 is limited to work with only a single sensor. Therefore, Answers A, C, and D are incorrect.

What type of user account do you need to configure all settings in the CLI interface?

• A. Service

• B. Viewer

• C. Administrator

• D. Operator

Answer C is correct. The administrator account is responsible for configuring and maintaining all CLI configuration settings. Answer A is incorrect because you should use the service account only when working with the TAC and attempting to repair the OS files. Answer B is incorrect because the viewer account can only view information, not configure the sensor. Answer D is incorrect because the operator can view information and change some configuration settings, but not on the level that the administrator can.

Which account should you never create unless told to do so by Cisco technical support?

• A. Administrator

• B. Root

• C. su

• D. Service

Answer D is correct. The service account is disabled by default but can be created to provide OS shell access for technical-support issues. Therefore, Answers A, B, and C are incorrect.

What command would you use to display all users configured on the sensor when you have the operator privilege level?

• A. show all users

• B. show users

• C. more current-config

• D. show users all

Answer D is correct. The show users all command displays all users logged in and configured within the sensor. The privilege level of administrator or operator is required to execute this command. Answer A is not a valid command. Answer B, show users , only displays currently logged-in users. Answer C, more current-config , displays configuration settings but not user accounts. Therefore, Answers A, B, and C are incorrect.