7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 1/7
Cisco CCNA
Questions and a
1. An IPS sensor has detect
session. Which type of s
Trigger: Anomal
Type: Atomic si
Trigger: Anomal
Type: Composit
Trigger: Pattern-
Type: Atomic si
Trigger: Pattern-
Type: CompositTrigger: Policy-
Type: Atomic si
Trigger: Policy-
Type: Composit
2. A network administrator
malicious and likely to b
signature?
high
medium
low
informational
3. What are two major dra
HIPS has difficulty c
events happening acr
HIPS installations ar
With HIPS, the netw
operating systems usIf the network traffic
forms of the traffic.
With HIPS, the succe
4. Which type of intrusion
beyond a specified thres
pattern-based dete
anomaly-based de
policy-based detec
honey pot-based d
Security, chapter 5
swers 100% correct.
ed the string confidential across multiple pa
gnature trigger and signature type does this
y-based detection
nature
y-based detection
signature
ased detection
nature
ased detection
signatureased detection
nature
ased detection
signature
tunes a signature to detect abnormal activity
e an immediate threat. What is the perceived
backs to using HIPS? (Choose two.)
onstructing an accurate network picture or c
oss the entire network.
vulnerable to fragmentation attacks or varia
rk administor must verify support for all the
d in the network.stream is encrypted, HIPS is unable to acces
ss or failure of an attack cannot be readily d
etection triggers an action if excessive activ
old of normal activity?
tion
ection
tion
tection
xam.
kets in a TCP
escribe?
that might be
severity of the
ordinating the
ble TTL attacks.
different
unencrypted
termined.
ity occurs
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 2/7
5. Which two statements c
two.)
It makes hosts visi
It is unable to exa
It monitors to see i
It provides applicat
It is independent o
6. What information is pro
command?
detailed IPS signa
alarms that were s
the number of pac
the default action
7. When editing IPS signat
TCP flow?
Deny Packet Inline
Deny TCP Connec
Deny Attacker Inli
Deny Connection I
8.
Refer to the exhibit. A u
displayed the dialog box
does not respond within
aracterize a network-based IPS implementat
le to attackers.
ine encrypted traffic.
an attack was successful.
ion-level encryption protection.
the operating system on hosts.
ided by the show ip ips configuration confi
tures
ent since the last reset
kets that are audited
for attack signatures
res with SDM, which action drops all future
ion
e
nline
er was installing a Flash Player upgrade wh
shown. Which default action is taken by CS
minutes and 20 seconds?
ion? (Choose
guration
packets from a
n the CSA
if the user
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 3/7
The action is allo
The action is allo
The action is deni
The action is deni
9.
Refer to the exhibit. Wh
should be selected to cre
considered the source of
the TCP flow? (Choose
Deny Attacker Inli
Deny Connection
Deny Packet Inlin
Produce AlertReset TCP Conne
ed, and a log entry is recorded.
ed, and CSA does not prompt the user agai
d, and a log entry is recorded.
d, and the FlashPlayerUpdate.exe applicatio
n modifying an IPS signature action, which
ate an ACL that denies all traffic from the IP
the attack and drops the packet and all futur
wo.)
ne
nline
tion
.
n is terminated.
two check boxes
address that is
packets from
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 4/7
10.
Refer to the exhibit. W
6130 10 command?
It is the alert seve
It is the signatureIt is the signature
It is the subsignat
It is the signature
11. What is a disadvantage
Network-based IPS
Network-based IPS
Network-based IPS
Network-based IPS
12. Which two files could
signatures? (Choose tw
IOS-Sxxx-CLI.bi
IOS-Sxxx-CLI.p
IOS-Sxxx-CLI.sd
realm-cisco.priv.
realm-cisco.pub.
13. Why is a network that
The IDS must track
The IDS must track
The IDS permits m
The IDS requires si
The stateful propert
pieces of data to ma
at is the significance of the number 10 in th
ity.
number.version.
re ID.
fidelity rating.
of network-based IPS as compared to host-b
is less cost-effective.
cannot examine encrypted traffic.
does not detect lower level network events.
should not be used with multiple operating s
e used to implement Cisco IOS IPS with ver
o.)
n
g
f
ey.txt
ey.txt
eploys only IDS particularly vulnerable to a
the three-way handshake of established TCP
the three-way handshake of established UD
licious single packets into the network.
nificant router resources to maintain the eve
es of atomic attacks usually require the IDS
tch an attack signature.
signature
ased IPS?
ystems.
sion 5.x format
atomic attack?
connections.
connections.
nt horizon.
to have several
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 5/7
14.
Refer to the exhibit. Ba
signature take if an attaReset the TCP
Drop the packet
Generate an ala
Drop the packet
Create an ACL
15. Which two Cisco IOS c
logging? (Choose two.)
logging on ip ips notify log
ip http server
ip ips notify sde
ip sdee events 50
16.
Refer to the exhibit. W
Top Threats table and d
Create IPS
Edit IPS
Security DashboaIPS Migration
sed on the SDM screen shown, which two ac
k is detected? (Choose two.)onnection to terminate the TCP flow.
and all future packets from this TCP flow.
m message that can be sent to a syslog serve
and permit remaining packets from this TC
that denies traffic from the attacker IP addre
ommands are required to enable IPS SDEE
0
ich option tab on the SDM IPS screen is use
eploy signatures associated with those threat
d
tions will the
r.
flow.
s.
essage
d to view the
s?
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 6/7
17. Which Cisco IOS confi
category named ios_ip
R1(config)# ip i
R1(config-ips-ca
R1(config-ips-ca
R1(config)# ip i
R1(config-ips-ca
R1(config-ips-ca
R1(config)# ip i
R1(config-ips-ca
R1(config-ips-ca
R1(config)# ip i
R1(config-ips-ca
R1(config-ips-ca
18.
Refer to the exhibit. W
router R1?
A named ACL dete
A numbered ACL iAll traffic that is de
All traffic that is pe
19. What are two IPS confi
in a network? (Choose
Configure all senso
time to ensure that t
Configure the senso
packs.
Ensure that signatur
synchronized with t
Update signature pa
control when settin
Place signature pac
network.
20.
Refer to the exhibit. W
Windows system tray?
guration option instructs the IPS to compile
into memory and use it to scan traffic?
s signature-category
tegory)# category all
tegory-action)# retired false
s signature-category
tegory)# category ios_ips basic
tegory-action)# retired false
s signature-category
tegory)# category all
tegory-action)# enabled true
s signature-category
tegory)# category ios_ips basic
tegory-action)# enabled true
at is the result of issuing the Cisco IOS IPS
rmines the traffic to be inspected.
s applied to S0/0/0 in the outbound direction.nied by the ACL is subject to inspection by t
rmitted by the ACL is subject to inspection
guration best practices that can help improve
two.)
s to check the server for new signature packs
hey are all synchronized.
rs to simultaneously check the FTP server fo
e levels that are supported on the manageme
e signature packs on the sensors.
cks manually rather than automatically to m
up a large deployment of sensors.
s on a dedicated FTP server within the mana
at is the significance of the small red flag w
signature
ommands on
he IPS.
y the IPS.
IPS efficiency
at the same
r new signature
t console are
intain close
gement
ving in the
7/22/2019 Cisco CCNA Security Chapter 5 Exam
http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 7/7
Cisco Security Age
Network-based IPS
Cisco Security Age
A network-based I
Agent.
21. Which two benefits do
version 4.x signature fo
addition of signa
support for IPX
addition of a sign
support for com
support for encry
nt is installed but inactive.
is active and has detected a potential securit
nt is active and has detected a potential secur
S sensor has pushed an alert to a host runnin
s the IPS version 5.x signature format provi
rmat? (Choose two.)
ure micro engines
nd AppleTalk protocols
ature risk rating
a-delimited data import
pted signature parameters
problem.
ity problem.
g Cisco Security
e over the