• No results found

CCNA Security Module 5

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CCNA Security Module 5"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

CCNAS Module 5 100%

CCNAS Module 5 100%

1

1 Which type of intrusion detection triggers an action if excessive activity occurs beyond a specified threshWhich type of intrusion detection triggers an action if excessive activity occurs beyond a specified thresh normal activity? normal activity? pattern-based detection pattern-based detection anomaly-based detection anomaly-based detection policy-based detection policy-based detection honey pot-based detection honey pot-based detection

2

2 An IPS sensor has detected the stringAn IPS sensor has detected the string confidentialsignature trigger and signature type does this describe?signature trigger and signature type does this describe?confidential across multiple packets in a TCP session. Which typacross multiple packets in a TCP session. Which typ Trigger: Anomaly-based detection

Trigger: Anomaly-based detection Type: Atomic signature

Type: Atomic signature

Trigger: Anomaly-based detection Trigger: Anomaly-based detection Type: Composite signature

Type: Composite signature Trigger: Pattern-based detection Trigger: Pattern-based detection Type: Atomic signature

Type: Atomic signature

Trigger: Pattern-based detection Trigger: Pattern-based detection Type: Composite signature Type: Composite signature Trigger: Policy-based detection Trigger: Policy-based detection Type: Atomic signature

Type: Atomic signature

Trigger: Policy-based detection Trigger: Policy-based detection Type: Composite signature Type: Composite signature

3 3

Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1? Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?

A named ACL determines the traffic to be inspected. A named ACL determines the traffic to be inspected.

A numbered ACL is applied to S0/0/0 in the outbound direction. A numbered ACL is applied to S0/0/0 in the outbound direction.

All traffic that is denied by the ACL is subject to inspection by the IPS. All traffic that is denied by the ACL is subject to inspection by the IPS. All traffic that is permitted by the ACL is subject to inspection by the IPS. All traffic that is permitted by the ACL is subject to inspection by the IPS.

4 4

What are two major drawbacks to using HIPS? (Choose two.) What are two major drawbacks to using HIPS? (Choose two.)

HIPS has difficulty constructing an accurate network picture or coordinating the events happening ac HIPS has difficulty constructing an accurate network picture or coordinating the events happening ac the entire network.

the entire network.

HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks. HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks.

With HIPS, the network administor must verify support for all the different operating systems used in With HIPS, the network administor must verify support for all the different operating systems used in network.

network.

If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic. If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic.

(2)

With HIPS, the success or failure of an attack cannot be readily determined. With HIPS, the success or failure of an attack cannot be readily determined.

5 5

Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and signatures associated with those threats?

signatures associated with those threats? Create IPS Create IPS Edit IPS Edit IPS Security Dashboard Security Dashboard IPS Migration IPS Migration 6 6

Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.) Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.)

logging on logging on ip ips notify log ip ips notify log ip http server  ip http server  ip ips notify sdee ip ips notify sdee ip sdee events 500 ip sdee events 500

7

7 Which two statements characterize a network-based IPS implementation? (Choose two.)Which two statements characterize a network-based IPS implementation? (Choose two.) It makes hosts visible to attackers.

It makes hosts visible to attackers. It is unable to examine encrypted traffic. It is unable to examine encrypted traffic. It monitors to see if an attack was successful. It monitors to see if an attack was successful. It provides application-level encryption protection. It provides application-level encryption protection. It is independent of the operating system on hosts. It is independent of the operating system on hosts.

8

8 Which type of IPS signature detection is used to distract and confuse attackers?Which type of IPS signature detection is used to distract and confuse attackers?pattern-based detectionpattern-based detection anomaly-based detection

anomaly-based detection policy-based detection policy-based detection honey pot-based detection honey pot-based detection

(3)

9

9 A network administrator tunes a signature to detect abnormal activity that might be malicious and likely tA network administrator tunes a signature to detect abnormal activity that might be malicious and likely t immediate threat. What is the perceived severity of the signature?

immediate threat. What is the perceived severity of the signature? high high medium medium low low informational informational 10 10

Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose t Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose t

IOS-Sxxx-CLI.bin IOS-Sxxx-CLI.bin IOS-Sxxx-CLI.pkg IOS-Sxxx-CLI.pkg IOS-Sxxx-CLI.sdf  IOS-Sxxx-CLI.sdf  realm-cisco.priv.key.txt realm-cisco.priv.key.txt realm-cisco.pub.key.txt realm-cisco.pub.key.txt 11

11 When editing IPS signatures with SDM, which action drops all future packets from a TCP flow?When editing IPS signatures with SDM, which action drops all future packets from a TCP flow? Deny Packet Inline

Deny Packet Inline Deny TCP Connection Deny TCP Connection Deny Attacker Inline Deny Attacker Inline Deny Connection Inline Deny Connection Inline

12

12 Why is a network that deploys only IDS particularly vulnerable to an atomic attack?Why is a network that deploys only IDS particularly vulnerable to an atomic attack?The IDS must track the three-way handshake of established TCP connections.The IDS must track the three-way handshake of established TCP connections. The IDS must track the three-way handshake of established UDP connections. The IDS must track the three-way handshake of established UDP connections. The IDS permits malicious single packets into the network.

The IDS permits malicious single packets into the network.

The IDS requires significant router resources to maintain the event horizon. The IDS requires significant router resources to maintain the event horizon.

The stateful properties of atomic attacks usually require the IDS to have several pieces of data to m The stateful properties of atomic attacks usually require the IDS to have several pieces of data to m attack signature.

attack signature.

13

13 What are two IPS configuration best practices that can help improve IPS efficiency in a network? (ChoosWhat are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choos Configure all sensors to check the server for new signature packs at the same time to ensure that th Configure all sensors to check the server for new signature packs at the same time to ensure that th all synchronized.

all synchronized.

Configure the sensors to simultaneously check the FTP server for new signature packs. Configure the sensors to simultaneously check the FTP server for new signature packs.

Ensure that signature levels that are supported on the management console are synchronized with t Ensure that signature levels that are supported on the management console are synchronized with t signature packs on the sensors.

signature packs on the sensors.

Update signature packs manually rather than automatically to maintain close control when setting up Update signature packs manually rather than automatically to maintain close control when setting up large deployment of sensors.

large deployment of sensors.

Place signature packs on a dedicated FTP server within the management network. Place signature packs on a dedicated FTP server within the management network.

14 14

Which Cisco IOS configuration option instructs the IPS to compile a signature category named

Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ipsios_ips ii memory and use it to scan traffic?

memory and use it to scan traffic? R1(config)#

R1(config)# ip ips signature-categoryip ips signature-category R1(config-ips-category)#

(4)

R1(config-ips-category-action)#

R1(config-ips-category-action)# retired falseretired false R1(config)#

R1(config)# ip ips signature-categoryip ips signature-category R1(config-ips-category)#

R1(config-ips-category)# category ios_ips basiccategory ios_ips basic R1(config-ips-category-action)#

R1(config-ips-category-action)# retired falseretired false R1(config)#

R1(config)# ip ips signature-categoryip ips signature-category R1(config-ips-category)#

R1(config-ips-category)# category allcategory all R1(config-ips-category-action)#

R1(config-ips-category-action)# enabled trueenabled true R1(config)#

R1(config)# ip ips signature-categoryip ips signature-category R1(config-ips-category)#

R1(config-ips-category)# category ios_ips basiccategory ios_ips basic R1(config-ips-category-action)#

R1(config-ips-category-action)# enabled trueenabled true

15 15

Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected create an ACL that denies all traffic from the IP address that is considered the source of the attack and d create an ACL that denies all traffic from the IP address that is considered the source of the attack and d the packet and all future packets from the TCP flow? (Choose two.)

the packet and all future packets from the TCP flow? (Choose two.) Deny Attacker Inline

Deny Attacker Inline Deny Connection Inline Deny Connection Inline Deny Packet Inline Deny Packet Inline Produce Alert Produce Alert

Reset TCP Connection Reset TCP Connection

(5)

16 16

Refer to the exhibit. What is the significance of the number 10 in the

Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10signature 6130 10 command?command? It is the alert severity.

It is the alert severity. It is the signature number. It is the signature number. It is the signature version. It is the signature version. It is the subsignature ID. It is the subsignature ID.

It is the signature fidelity rating. It is the signature fidelity rating.

17 17

(6)

Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog bo Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog bo shown. Which default action is taken by CSA if the user does not respond within 4 minutes and 20 secon shown. Which default action is taken by CSA if the user does not respond within 4 minutes and 20 secon

The action is allowed, and a log entry is recorded. The action is allowed, and a log entry is recorded.

The action is allowed, and CSA does not prompt the user again. The action is allowed, and CSA does not prompt the user again. The action is denied, and a log entry is recorded.

The action is denied, and a log entry is recorded.

The action is denied, and the FlashPlayerUpdate.exe application is terminated. The action is denied, and the FlashPlayerUpdate.exe application is terminated.

18 18

Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray? Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray?

Cisco Security Agent is installed but inactive. Cisco Security Agent is installed but inactive.

Network-based IPS is active and has detected a potential security problem. Network-based IPS is active and has detected a potential security problem. Cisco Security Agent is active and has detected a potential security problem. Cisco Security Agent is active and has detected a potential security problem.

A network-based IPS sensor has pushed an alert to a host running Cisco Security Agent. A network-based IPS sensor has pushed an alert to a host running Cisco Security Agent.

19 19

Which type of intrusion prevention technology is primarily used by Cisco IPS security appliances? Which type of intrusion prevention technology is primarily used by Cisco IPS security appliances?

rule-based rule-based profile-based profile-based signature-based signature-based

(7)

NetFlow anomaly-based NetFlow anomaly-based protocol analysis-based protocol analysis-based

20

20 Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature formWhich two benefits does the IPS version 5.x signature format provide over the version 4.x signature form (Choose two.)

(Choose two.)

addition of signature micro engines addition of signature micro engines support for IPX and AppleTalk protocols support for IPX and AppleTalk protocols addition of a signature risk rating

addition of a signature risk rating

support for comma-delimited data import support for comma-delimited data import support for encrypted signature parameters support for encrypted signature parameters

References

Download now ( PDF - 7 Page - 251.24 KB )

Related documents

Implementation of qualified electronic signatures in. documentation The experiences of member countries of the ECEC- January 28 th 2016

certified professional Engineers SHOULD all have their personal digital signature in order have their personal digital signature in order to conduct their own professional

EFFECTS OF OWN BODY EXERCISES AND PLYOMETRIC TRAINING ON SELECTED SPEED AND BREATHHOLD TIME OF BADMINTON PLAYERS

It was concluded that 12 weeks own body weight exercises and plyometric training significantly improved cardio respiratory fitness variable, such as, breath holding time

Spatial-temporal Variability Of Uv-absorbing Aerosol Index Over Egypt

Some researchers have studied thresholds in order to reduce possible bias in the analysis of AI data and determine dust sources underestimate the importance of sources on the

Impact of illegal dumping sites on the groundwater of Ljubljansko polje

This article is the result of the Cadastre Elaboration and Suggestion of Priority Remediation of Dumping sites on the Water Catchment Area of the Jarški prod Pumping Station and

Unsupervised gene network inference with decision trees and Random forests

4 AUPRs (blue circles) and running times (orange triangles) of GENIE3, when varying the values of the parameters K (number of randomly chosen candidate regulators at each split node

HOT Blogging: A Framework for Blogging to Promote Higher Order Thinking. Lisa Zawilinski University of Connecticut

Learning from the examples of successful blogs by elementary teachers, four common types of classroom blogs with accompanying examples are shared: Classroom News Blogs, Mirror Blogs,

Memory Modules c,d Megabytes Usable Installed Memory

HP psc 2200 Series on USB001 Microboards G Series on USB003 Microsoft Shared Fax Driver on SHRFAX: Microsoft XPS Document Writer on XPSPort: Nuance Image. Printer Driver