CCNP Secure IPS FAQ: Alarm Monitoring and Management

CCNP Secure IPS FAQ: Alarm Monitoring and Management

Q1. What is the minimum recommended amount of RAM for the Security Monitor server?
A. 2 GB
B. 1 GB
C. 512 MB
D. 256 MB
E. 1.5 GB

Answer: B

Q2. What is the minimum recommended amount of RAM for the client systems that access Security Monitor?
A. 2 GB
B. 1 GB
C. 512 MB
D. 256 MB
E. 1.5 GB

Answer: D

Q3. What part of the Security Monitor interface provides a visual road map indicating where you are?
A. Path bar
B. Options bar
C. Instruction box
D. Content area
E. Road map

Answer: A

Q4. When you add a monitored device to Security Monitor, which of the following devices does not allow you to specify the protocol that the device uses to communicate with Security Monitor?
A. RDEP device
B. PostOffice device
C. IPS 5.0 sensor
D. PIX Firewall
E. IDS 4.0 sensor

Answer: D

Q5. Which of the following is not a characteristic that you can specify when configuring an event rule?
A. Originating device
B. Signature name
C. Attacker port
D. Severity
E. Victim address

Answer: C

Q6. Which of the following is not a category whose statistics you can view using Security Monitor?
A. Network Access Controller
B. Analysis Server
C. Transaction Server
D. Event Server
E. Analysis Engine

Answer: B

Q7. Which of the following items is not configurable when you change the Event Viewer display preferences?
A. Columns displayed
B. Event severity indicator type
C. Default expansion boundary
D. Time for Security Monitor-initiated blocks
E. Maximum events per grid

Answer: A

Q8. Which color is the background of the count field for medium-severity events?
A. Red
B. Orange
C. Yellow
D. Green
E. White

Answer: C

Q9. Which of the following is not a parameter that you can configure when customizing a report template?
A. Source IP address
B. Destination direction
C. IDS devices
D. IDS signatures
E. Risk Rating

Answer: E

Q10. Which of the following is not a parameter that you can configure when defining a database rule?
A. Total IDS events in database exceed
B. Total audit log events in database exceed
C. Total PIX events in database exceed
D. Database free space less than (megabytes)
E. Repeat every

Answer: C

Q11. What are the five CiscoWorks user roles that are relevant to IDS MC and Security Monitor operations?

Answer: The CiscoWorks user roles that are relevant to IDS MC and Security Monitor are Help Desk, Approver, Network Operator, Network Administrator, and System Administrator.

Q12. What is the minimum amount of RAM and virtual memory recommended for a Windows server running Security Monitor?

Answer: The minimum amount of RAM recommended for the Security Monitor server is 1 GB, and the recommended minimum amount of virtual memory is 2 GB.

Q13. What is the minimum amount of RAM and virtual memory recommended for a Windows client system used to connect to Security Monitor?

Answer: The minimum amount of RAM recommended for a Security Monitor client is 256 MB, and the recommended minimum amount of virtual memory is 400 MB.

Q14. Which two browsers are supported for use by the Windows-based Security Monitor client systems?

Answer: The supported browsers for Windows-based Security Monitor client systems are Internet Explorer 6.0 with Service Pack 1 and Netscape Navigator 7.1.

Q15. What types of devices can you monitor with Security Monitor?

Answer: You can monitor the following devices with Security Monitor: Cisco IDS devices, Cisco IOS IDS/IPS devices, Cisco PIX/FWSM devices, Cisco Security Agent Management Centers, and Remote Cisco Security Monitors.

Q16. What are the two major protocols used to communicate between Security Monitor and IDS/IPS devices?

Answer: To communicate with IDS/IPS devices, Security Monitor uses both RDEP and PostOffice protocols.

Q17. Which parameters can you use to configure event rules?

Answer: When defining event rules, you can specify the following parameters: Originating Device, Originating Device Address, Attacker Address, Victim Address, Signature Name, Signature ID, and Severity.

Q18. What actions can an event rule initiate?

Answer: An event rule can initiate any of the following actions: send a notification via e-mail, log a console notification event, and execute a script.

Q19. What are the four tasks that you need to perform when adding an event rule?

Answer: When adding an event rule, you need assign a name to the event rule, define the event filter criteria, assign the event rule action, and define the event rule threshold and interval.

Q20. What device statistical categories can you view using Security Monitor?

Answer: Using Security Monitor, you can view the following device statistical categories: Analysis Engine, Authentication, Event Server, Event Store, Host, Logger, Network Access Controller, Transaction Server, Transaction Source, and Web Server.

Q21. What are your two options when deleting rows from the Event Viewer, and how are they different?

Answer: When deleting rows from the Event Viewer, you can choose Delete From This Grid (which removes the rows from only the current Event Viewer) or Delete From Database (which removes the events from all instances of the Event Viewer, both current and future).

Q22. What is the default expansion boundary?

Answer: The default expansion boundary specifies the default number of columns in which the cells of a new event are expanded. By default, only the first field of an event is expanded.

Q23. Which report template would you use to find out which systems have launched the most attacks against your network in a specified time period?

Answer: To identify the systems that have launched the most attacks against your network in a specified time period, you would use the IDS Top Sources Report template.

Q24. What icons are used to indicate alarm severity?

Answer: The icons used to display alarm severity are a red exclamation point for high severity alerts, a yellow flag for medium severity alerts, and no icon for low severity alerts.

Q25. What does the Blank Left check box do when configured as your cell preference?

Answer: The Blank Left check box causes the Event Viewer display to show blank columns (after the first row) in which multiple rows have the same value for that column.

About the author

Scott

Leave a Comment