CCNP Secure IPS FAQ: Capturing Network Traffic

CCNP Secure IPS FAQ: Capturing Network Traffic

Q1. Operating in inline mode requires how many sensor interfaces?
A. Two
B. One
C. Three
D. One or two
E. None of the above

Answer: A

Q2. Which infrastructure device(s) enables your sensor to capture traffic by default?
A. Switch
B. Router
C. Hub
D. Firewall
E. Switch and hub

Answer: C

Q3. Which switch capture mechanism enables you to capture traffic from multiple Cisco switches?
A. SPAN
B. RSPAN
C. Network tap
D. VACLs

Answer: B

Q4. Which switch capture mechanism requires special consideration when you use IOS Firewall functionality?
A. VACLs
B. SPAN
C. RSPAN
D. SPAN and RSPAN
E. VACLs, SPAN, and RSPAN

Answer: A

Q5. Which IOS command enables you to configure SPAN to capture network traffic?
A. set span
B. monitor session
C. switchport trunk
D. switchport span
E. monitor span

Answer: B

Q6. Which of the following is not a step in creating VACLs for IOS?
A. Configure an ACL
B. Commit VACL to memory
C. Create a VLAN access map
D. Configure capture ports
E. Apply the access map to VLANs

Answer: B

Q7. Which of the following is not a step in creating VACLs when you use IOS Firewall?
A. Configure the extended ACL
B. Assign the capture port
C. Apply ACL to an interface or VLAN
D. Apply the access map to VLANs

Answer: D

Q8. Where do you need to create an artificial VLAN boundary to use inline mode?
A. Between devices with virtual switch ports
B. Between a router and a firewall
C. Between a switch and a router
D. Between a switch and a firewall e. Between two routers

Answer: A

Q9. Which switch traffic capture mechanism uses ACLs to specify interesting traffic?
A. SPAN
B. RSPAN
C. VACL
D. SPAN and VACL
E. SPAN, RSPAN, and VACL

Answer: C

Q10. Which IOS command specifies the interface to receive the traffic from the VACL?
A. switchport trunk
B. switchport capture
C. set security acl
D. switchport acl
E. set security capture

Answer: B

Q11. What are the common locations to deploy inline IPS?

Answer: Some common locations at which to deploy inline IPS include between two routers, between a firewall and a router, between a switch and a router, and between a firewall and a router.

Q12. When do you need to construct an artificial VLAN boundary to use inline IPS?

Answer: When dealing with devices (such as the MSFC and IDSM-2) that have virtual ports connected to your switch, you need to construct an artificial VLAN boundary to force traffic to go through the sensor for inline IPS to work correctly

Q13. What are the three network devices commonly used to capture network traffic for processing by your sensor?

Answer: The three devices commonly used to capture network traffic for processing by your sensor include hubs, network taps, and switches.

Q14. Which three switch mechanisms can you use to mirror traffic to your IPS sensors?

Answer: To mirror traffic to your IPS sensors, you can use Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and VLAN Access Control Lists (VACLs).

Q15. How is SPAN different from RSPAN?

Answer: RSPAN enables you to capture traffic from ports that are located on multiple switches.

Q16. Which IOS command is used to configure SPAN on your Catalyst 4500 and 6500 switches?

Answer: Configuring SPAN (for IOS) involves using the monitor session command.

Q17. What are the steps involved in configuring a VACL on IOS?

Answer: The steps involved in configuring a VACL when running IOS are (1) configure the ACL, (2) create a VLAN access map, (3) match the ACL to the access map, (4) define the action for the access map, (5) apply the access map to VLANs, and (6) configure capture ports.

Q18. Which command may impact your ability to capture traffic by using VACLs?

Answer: If you apply the ip inspect IOS Firewall command on a specific VLAN interface, you cannot create a VACL for the same VLAN at the switch level.

Q19. When do you need to use the mls ip ids IOS command?

Answer: When you apply the ip inspect IOS Firewall command on a specific VLAN interface, you need to use the mls ip ids command to designate which traffic will be captured for your VACL.

Q20. What steps are involved in using VACLs when you have the IOS Firewall on your Catalyst 6500 switch?

Answer: The steps involved in using VACLs when you have the IOS Firewall on the Catalyst 6500 switch are (1) configure the extended ACL, (2) apply the ACL to an interface or VLAN, and (3) assign the capture port.

Q21. Which IOS command do you use to enable trunking on a switch port?

Answer: To enable trunking on a switch port (for IOS), you use the switchport trunk encapsulation dot1q interface configuration command.

Q22. Which IOS command enables you to create a VLAN access map?

Answer: To create a VLAN access map (when using IOS), you use the vlan access-map global configuration command.

Q23. Which action must you specify (when using VLAN access maps) to enable the traffic to pass to the destination hosts and not be denied?

Answer: When specifying actions for the VLAN access map, you must specify the forward keyword to enable the packets that match the access map to be passed to the destination hosts.

About the author

Scott

Leave a Comment