Cisco CCNA Security Chapter 5 Exam

7/22/2019 Cisco CCNA Security Chapter 5 Exam

http://slidepdf.com/reader/full/cisco-ccna-security-chapter-5-exam 1/7

Cisco CCNA

Questions and a

1. An IPS sensor has detect

session. Which type of s

Trigger: Anomal

Type: Atomic si

Trigger: Anomal

Type: Composit

Trigger: Pattern-

Type: Atomic si

Trigger: Pattern-

Type: CompositTrigger: Policy-

Type: Atomic si

Trigger: Policy-

Type: Composit

2. A network administrator

malicious and likely to b

signature?

high

medium

low

informational

3. What are two major dra

HIPS has difficulty c

events happening acr

HIPS installations ar

With HIPS, the netw

operating systems usIf the network traffic

forms of the traffic.

With HIPS, the succe

4. Which type of intrusion

beyond a specified thres

pattern-based dete

anomaly-based de

policy-based detec

honey pot-based d

Security, chapter 5

swers 100% correct.

ed the string confidential across multiple pa

gnature trigger and signature type does this

y-based detection

nature

y-based detection

signature

ased detection

nature

ased detection

signatureased detection

nature

ased detection

signature

tunes a signature to detect abnormal activity

e an immediate threat. What is the perceived

backs to using HIPS? (Choose two.)

onstructing an accurate network picture or c

oss the entire network.

vulnerable to fragmentation attacks or varia

rk administor must verify support for all the

d in the network.stream is encrypted, HIPS is unable to acces

ss or failure of an attack cannot be readily d

etection triggers an action if excessive activ

old of normal activity?

tion

ection

tion

tection

xam.

kets in a TCP

escribe?

that might be

severity of the

ordinating the

ble TTL attacks.

different

unencrypted

termined.

ity occurs



5. Which two statements c

two.)

It makes hosts visi

It is unable to exa

It monitors to see i

It provides applicat

It is independent o

6. What information is pro

command?

detailed IPS signa

alarms that were s

the number of pac

the default action

7. When editing IPS signat

TCP flow?

Deny Packet Inline

Deny TCP Connec

Deny Attacker Inli

Deny Connection I

8.

Refer to the exhibit. A u

displayed the dialog box

does not respond within

aracterize a network-based IPS implementat

le to attackers.

ine encrypted traffic.

an attack was successful.

ion-level encryption protection.

the operating system on hosts.

ided by the show ip ips configuration confi

tures

ent since the last reset

kets that are audited

for attack signatures

res with SDM, which action drops all future

ion

e

nline

er was installing a Flash Player upgrade wh

shown. Which default action is taken by CS

minutes and 20 seconds?

ion? (Choose

guration

packets from a

n the CSA

if the user



The action is allo

The action is allo

The action is deni

The action is deni

9.

Refer to the exhibit. Wh

should be selected to cre

considered the source of

the TCP flow? (Choose

Deny Attacker Inli

Deny Connection

Deny Packet Inlin

Produce AlertReset TCP Conne

ed, and a log entry is recorded.

ed, and CSA does not prompt the user agai

d, and a log entry is recorded.

d, and the FlashPlayerUpdate.exe applicatio

n modifying an IPS signature action, which

ate an ACL that denies all traffic from the IP

the attack and drops the packet and all futur

wo.)

ne

nline

tion

.

n is terminated.

two check boxes

address that is

packets from



10.

Refer to the exhibit. W

6130 10 command?

It is the alert seve

It is the signatureIt is the signature

It is the subsignat

It is the signature

11. What is a disadvantage

Network-based IPS

Network-based IPS

Network-based IPS

Network-based IPS

12. Which two files could

signatures? (Choose tw

IOS-Sxxx-CLI.bi

IOS-Sxxx-CLI.p

IOS-Sxxx-CLI.sd

realm-cisco.priv.

realm-cisco.pub.

13. Why is a network that

The IDS must track

The IDS must track

The IDS permits m

The IDS requires si

The stateful propert

pieces of data to ma

at is the significance of the number 10 in th

ity.

number.version.

re ID.

fidelity rating.

of network-based IPS as compared to host-b

is less cost-effective.

cannot examine encrypted traffic.

does not detect lower level network events.

should not be used with multiple operating s

e used to implement Cisco IOS IPS with ver

o.)

n

g

f

ey.txt

ey.txt

eploys only IDS particularly vulnerable to a

the three-way handshake of established TCP

the three-way handshake of established UD

licious single packets into the network.

nificant router resources to maintain the eve

es of atomic attacks usually require the IDS

tch an attack signature.

signature

ased IPS?

ystems.

sion 5.x format

atomic attack?

connections.

connections.

nt horizon.

to have several



14.

Refer to the exhibit. Ba

signature take if an attaReset the TCP

Drop the packet

Generate an ala

Drop the packet

Create an ACL

15. Which two Cisco IOS c

logging? (Choose two.)

logging on ip ips notify log

ip http server

ip ips notify sde

ip sdee events 50

16.


Top Threats table and d

Create IPS

Edit IPS

Security DashboaIPS Migration

sed on the SDM screen shown, which two ac

k is detected? (Choose two.)onnection to terminate the TCP flow.

and all future packets from this TCP flow.

m message that can be sent to a syslog serve

and permit remaining packets from this TC

that denies traffic from the attacker IP addre

ommands are required to enable IPS SDEE

0

ich option tab on the SDM IPS screen is use

eploy signatures associated with those threat

d

tions will the

r.

flow.

s.

essage

d to view the

s?



17. Which Cisco IOS confi

category named ios_ip

R1(config)# ip i

R1(config-ips-ca

R1(config-ips-ca

R1(config)# ip i

R1(config-ips-ca

R1(config-ips-ca

R1(config)# ip i

R1(config-ips-ca

R1(config-ips-ca

R1(config)# ip i

R1(config-ips-ca

R1(config-ips-ca

18.


router R1?

A named ACL dete

A numbered ACL iAll traffic that is de

All traffic that is pe

19. What are two IPS confi

in a network? (Choose

Configure all senso

time to ensure that t

Configure the senso

packs.

Ensure that signatur

synchronized with t

Update signature pa

control when settin

Place signature pac

network.

20.


Windows system tray?

guration option instructs the IPS to compile

into memory and use it to scan traffic?

s signature-category

tegory)# category all

tegory-action)# retired false


tegory)# category ios_ips basic

tegory-action)# retired false


tegory)# category all

tegory-action)# enabled true


tegory)# category ios_ips basic

tegory-action)# enabled true

at is the result of issuing the Cisco IOS IPS

rmines the traffic to be inspected.

s applied to S0/0/0 in the outbound direction.nied by the ACL is subject to inspection by t

rmitted by the ACL is subject to inspection

guration best practices that can help improve

two.)

s to check the server for new signature packs

hey are all synchronized.

rs to simultaneously check the FTP server fo

e levels that are supported on the manageme

e signature packs on the sensors.

cks manually rather than automatically to m

up a large deployment of sensors.

s on a dedicated FTP server within the mana

at is the significance of the small red flag w

signature

ommands on

he IPS.

y the IPS.

IPS efficiency

at the same

r new signature

t console are

intain close

gement

ving in the



Cisco Security Age

Network-based IPS

Cisco Security Age

A network-based I

Agent.

21. Which two benefits do

version 4.x signature fo

addition of signa

support for IPX

addition of a sign

support for com

support for encry

nt is installed but inactive.

is active and has detected a potential securit

nt is active and has detected a potential secur

S sensor has pushed an alert to a host runnin

s the IPS version 5.x signature format provi

rmat? (Choose two.)

ure micro engines

nd AppleTalk protocols

ature risk rating

a-delimited data import

pted signature parameters

problem.

ity problem.

g Cisco Security

e over the

Documents

Cisco CCNA Security Chapter 5 Exam