Exam Prep Questions

[ LiB ]  
Question 1

What versions of SSH are supported on the IDS 4.0 sensor?

  • A. SSH v1 only

  • B. SSH v2 only

  • C. SSH v1 and SSH v2

  • D. SSH v1, SSH v2, and SSH v3

A1:

Answer C is correct. SSH versions 1 and 2 are both supported on the IDS version 4.0 sensors. Answer A is incorrect; SSH v1 is supported but SSH v2 is also, making this not the best choice. Answer B is not the most correct answer. Answer D is incorrect because there is no such thing as SSH version 3 yet. Therefore, Answers A, B, and D are incorrect.

Question 2

Which prompt allows you to configure the IP address of the command and control interface in networkParams mode?

  • A. sensor(config-host)#

  • B. sensor(config-net)#

  • C. sensor(config-host-net)#

  • D. sensor(config-host-networkParams)#

A2:

Answer C is correct. The sensor(config-host-net)# prompt is the location that offers the ipaddress command, used to configure the command and control interface. Answer A is incorrect because this location allows you to enter the networkParams command but does not allow support for the ipaddress command. To support the ipaddress command, you need to first enter the command networkParams , which gives you access to the sensor(config-host-net) prompt. Answers B and D are incorrect because they do not exist.

Question 3

Which command and location will reset String.TCP back to default settings?

  • A. sensor(config-vsc)#

    reset-signature STRING. TCP all

  • B. sensor(config-virtual)#

    reset-signature STRING.TCP all

  • C. sensor(config-vsc)#

    reset-signature STRING.TCP default

  • D. sensor(config-virtual)#

    reset-signature STRING.TCP default

A3:

Answer A is correct. To reset a signature engine back to the default settings, you must locate yourself at the sensor(config-vsc)# prompt and use the command reset-signature STRING.TCP all . Answer B is incorrect because its location does not exist. Answer C is incorrect because the option default does not exist. Answer D is incorrect because the prompt location is incorrect and the option default does not exist.

Question 4

Which program do you use to create RSA keys for an SSH connection?

  • A. SSH Client

  • B. PuTTYGen

  • C. PuTTY Configuration

  • D. PuTTY RSAGen

A4:

Answer B is correct. PuTTYGen, also known as PuTTY Key Generation, is a utility that you can use to create SSH v1 and SSH v2 RSA keys for secure connections. Answer A is incorrect because SSH client is a generic term that doesn't specifically create keys. Answer C is incorrect because PuTTY Configuration is an SSH or Telnet client program, not a key generation tool. Answer D is incorrect because PuTTY RSAGen does not exist.

Question 5

What items are required to allow an IDS Sensor to control a managed device? (Choose four.)

  • A. Enable password should be set.

  • B. Set a VTY line password.

  • C. Enable HTTP on the managed device.

  • D. Enable Telnet on the managed device.

  • E. Enable remote control on the managed device.

  • F. Add the sensor to the Telnet access list.

  • G. Add the managed device to the Telnet access list.

A5:

Answers A, B, D, and F are correct. So a sensor can send shun or ACL commands to a managed device, the device must have an enable password, a VTY line password, Telnet enabled, and the sensor added to the trusted Telnet access list on the managed device. Note that you can also connect to a managed device by using SSH. Answer C is incorrect because you cannot control managed devices by using HTTP. Answer E is incorrect because the feature "remote control" does not exist. Answer G is incorrect because it would allow the managed device to Telnet into the Sensor, not the other way around. Therefore, Answers C, E, and G are incorrect.

Question 6

What port does the Web interface use by default to allow access to the sensor?

  • A. 1741

  • B. 1471

  • C. 443

  • D. 80

A6:

Answer C is correct. The default Web access port is 443 with SSL and TLS enabled by default. You can change this port if needed. Answer A lists the port number for CiscoWorks and is therefore incorrect. Answers B and D are incorrect default port numbers .

Question 7

What is the default name for the only configurable virtual sensor?

  • A. virtual sensor

  • B. virtualSensor

  • C. virtSensor

  • D. vsc

A7:

Answer B is correct. The only configurable virtual sensor is called virtualSensor. In later releases, you will be able to create your own. Therefore, Answers A, C, and D are incorrect.

Question 8

Which IP address is the default address on the command and control interface?

  • A. 172.31.8.69

  • B. 172.25.1.70

  • C. 10.9.1.201

  • D. 10.1.9.201

A8:

Answer D is correct. The default IP address on the command and control interface is 10.1.9.201 . You can change it if needed. Therefore, Answers A, B, and C are incorrect.

Question 9

Which service contains eventFilters?

  • A. sensor(config)# service host

  • B. sensor(config)# service alarm-channel-config

  • C. sensor(config)# service logger

  • D. sensor(config)# virtual-sensor-config

A9:

Answer B is correct. The sensor(config)# service alarm-channel-config allows you to configure eventFilters. EventFilters give you the ability to prevent alarms and alerts from being logged by the sensor. Answer A is incorrect because you use service host to configure the sensor time and command and control interface settings. Answer C is incorrect because you use service logger for debug logging. Answer D is incorrect because you use service virtual-sensor-config to configure and tune signatures.

Question 10

What command allows the IP address of 172.26.1.70 to SSH into the sensor?

  • A. sensor(config-Host)# accessList ipaddress 172.26.1.70 netmask 255.255.255.255

  • B. sensor(config-Host)# accessList ipaddress 172.26.1.70 netmask 255.255.255.0

  • C. sensor(config-Host-net)# accessList ipaddress 172.26.1.70 netmask 255.255.255.255

  • D. sensor(config-Host-net)# accessList ipaddress 172.26.1.70 netmask 255.255.255.0

A10:

Answer C is correct. The accessList command is in the networkParams location of the sensor. Also, using the mask of 255.255.255.255 defines an exact match of all four octets. Answer A is incorrect because the location (prompt) is incorrect. Answer B is incorrect because the location and the mask are incorrect. Answer D is incorrect because the mask would give all IP addresses that start with 172.26.1.0 access to the sensor.

[ LiB ]  


CSIDS Exam Cram 2 (Exam 642-531)
CSIDS Exam Cram 2 (Exam 642-531)
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 213

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net