CCNP Secure FAQ: Implementing and Configuring IOS Intrusion Prevention System (IPS)

CCNP Secure FAQ: Implementing and Configuring IOS Intrusion Prevention System (IPS)

ccnp-secure-faq-implementing-configuring-ios-intrusion-prevention-system-ips

Figure: Configuration Scenario

Q1. What types of security controls are capable of monitoring traffic to detect problems in the network?
a. Intrusion prevention systems (IPS)
b. Protocol analyzers
c. Intrusion detection systems (IDS)
d. Security policy

Answer: C

Q2. What security controls are capable of monitoring traffic to detect and prevent problems in the network?
a. Intrusion detection systems (IDS)
b. Wireless sniffers
c. Intrusion prevention systems (IPS)
d. None of these answers are correct.

Answer: C

Q3. The software-based IPS can support which of the same analysis features as the hardware IPS appliances?
a. Some
b. All
c. None
d. Most

Answer: D

Q4. It is highly recommended to deploy all selected signatures initially without putting which type of action in place to permit tuning the sensor for a particular environment to minimize false positive and false negative events?
a. Remote
b. Passive
c. Preventative
d. All of these answers are correct.

Answer: C

Q5. What is an indication of confidence in a signature’s performance given the environment in which it is deployed?
a. Attack Severity Rating (ASR)
b. Signature Fidelity Rating (SFR)
c. Target Value Rating (TVR)
d. Event Risk Rating (ERR)

Answer: B

Q6. If a license on a router expires, it will no longer be able to do what after the license expiration date?
a. Apply any signatures created
b. Analyze traffic
c. Take preventative action when a signature is matched
d. None of these answers are correct.

Answer: A

Q7. SDEE uses what kind of communication model for event messages?
a. Pull
b. Push
c. Manual
d. None of these answers are correct.

Answer: A

Q8. What is one of the common issues found when deploying Cisco IOS Software IPS sensors to accommodate the signature database?
a. Lack of router memory
b. Insufficient router processor speed
c. Insufficient interface throughput
d. None of these answers are correct.

Answer: A

Q9. When a signature is matched, the Cisco IOS IPS sensors can _____, _____, or _____.

Answer:  send an alarm, drop the packet, or reset the connection.

Q10. A _____ signature is present in router memory and can be enabled without recompiling the signature database.

Answer: disabled

Q11. SDEE uses a pull mechanism to pull alerts from IPS sensors over a/an _____ connection.

Answer:  HTTPS

Q12. The signature update license is configured on the router using the _____ command.

Answer:  license install

Q13. When Cisco SDEE notification is enabled, by default, _____ events can be stored in the local event store. This number can be increased to hold a maximum of _____.

Answer:  200, 1000

Q14. The _____ command can be used to view the events that are written to the local SDEE event store.

Answer:  show ip sdee alerts

Q15. The _____ command displays all interfaces on which IPS is enabled.

Answer: The show ip ips interfaces

Q16. The Cisco IOS IPS router can send IPS alerts through _____ and can have the _____ feature enabled at the same time.

Answer:  syslog , SDEE notification

 

More Resources

About the author

Prasanna

Leave a Comment