CCNP Secure IPS FAQ: IPS Command-Line Interface

CCNP Secure IPS FAQ: IPS Command-Line Interface

Q1. Which sensor CLI command should you use to update the sensor software from version 4.1 to 5.0 via the network?
A. migrate
B. update
C. upgrade
D. copy
E. None of these

Answer: C

Q2. Which command should you use to initialize a new sensor that you install on your network?
A. setup
B. initialize
C. update
D. configure
E. None of these

Answer: A

Q3. Which is the most privileged role that you can assign to a normal user account on the sensor?
A. Root
B. User
C. Operator
D. Administrator
E. System

Answer: D

Q4. Which is the least privileged role that you can assign to a user account on the sensor?
A. Basic
B. User
C. Operator
D. Admin
E. Viewer

Answer: E

Q5. What must you do before upgrading your sensor’s software by using SCP?
A. Add the Secure Shell (SSH) server’s X.509 certificate to the sensor’s authorized list.
B. Add the SSH server key to the sensor’s authorized list.
C. Add the SSH key for the sensor to the SSH server.
D. Add the sensor’s X.509 certificate to the SSH server.
E. Nothing.

Answer: B

Q6. Which of the following cannot be configured by using the setup command?
A. Web server port
B. Sensor time settings
C. Sensor default gateway
D. TCP port that Telnet uses
E. Sensor access list entries

Answer: D

Q7. What should you type at the sensor CLI to get help?
A. help
B. ?
C. show
D. Either help or ?
E. None of these

Answer: B

Q8. Which account is used by the Technical Assistance Center (TAC) to troubleshoot problems with your sensor?
A. Administrator
B. TAC
C. Service
D. Operator
E. Support

Answer: C

Q9. Which of the following is true about the account configured with the Service role?
A. It is a privileged sensor CLI account that TAC uses to troubleshoot sensor problems.
B. It is an account made to enable end users to bypass the CLI.
C. You can configure multiple accounts with the Service role.
D. This account bypasses the sensor CLI.
E. None of these.

Answer: D

Q10. Which sensors provide no keyboard or mouse ports? (Choose 2.)
A. IDS 4210
B. IDS 4240
C. IDS 4235
D. IDS 4215
E. IDS 4250

Answer: B, D

Q11. What character do you use to obtain help via the appliance CLI, and what are the two ways you can use it to obtain help?

Answer: To obtain help, you type the ? character. This character will show you all of the valid options when used by itself or all of the options that match your partial specification.

Q12. What command enables you to allow a host or all of the hosts on a network to connect to the sensor?

Answer: The service host > network-settings command enables you to allow a host or network to access the sensor.

Q13. How many different user roles are available to assign to accounts on your sensor?

Answer: The sensor software provides four different user roles: Administrator, Operator, Viewer, and Service.

Q14. What is the most privileged user role that you can assign to a CLI user?

Answer: The Administrator role is the most privileged user role for the CLI. It provides access to all CLI operations.

Q15. Which user role provides the user with the ability to examine the sensor’s events and configuration but does not allow the user to change the configuration?

Answer: The Viewer role provides the user with the ability to look at the configuration of the sensor and monitor events but not to change the configuration.

Q16. What parameters can you configure by using the setup CLI command?

Answer: When you run the setup command, you can configure the basic sensor characteristics, including the host name, IP address, network mask, default gateway, access list entries, time settings, Telnet enablement, and web server port.

Q17. What is the purpose of the Service user role?

Answer: The Service user role enables you to configure an account that bypasses the CLI. This account assists the TAC in troubleshooting problems with your sensor.

Q18. What command do you use on the CLI to enter Global Configuration mode?

Answer: As in IOS, you enter the command configure terminal to enter Global Configuration mode.

Q19. How many Service accounts can you have on your sensor?

Answer: You can assign the Service role to just one account on you sensor.

Q20. What user role would you usually assign to the account that you use to enable your monitoring applications to retrieve information from your sensor?

Answer: You would normally assign the Viewer role to your monitoring application since it only needs to be able to retrieve information from the sensor, not to change the configuration.

Q21. What character do you use on the CLI to cause your sensor to automatically expand the rest of a command for you?

Answer: When you press the Tab key after entering a command at the CLI, the system will automatically expand the command if only one command matches the partial command that you entered. Otherwise, all of the commands that could match your entry are shown, and your partial command is redisplayed

Q22. When a CLI command’s output extends beyond a single screen, what character do you use to show the next screen of information?

Answer: When the output of a CLI command extends beyond a single screen, the output stops at one screen’s worth and displays the –more– prompt. To show the next screen of information, press the Space key

Q23. When a CLI command’s output extends beyond a single screen, what character do you use to see just the next line of output?

Answer: When the output of a CLI command extends beyond a single screen, the output stops at one screen’s worth and displays the –more– prompt. To scroll the output by a single line, press the Enter key.

Q24. Which sensors cannot be upgraded with a recovery CD and why?

Answer: The diskless sensors (IDS 4215, 4240, and 4255) cannot be upgraded with a recovery CD since they do not come with a CD-ROM drive.

Q25. What are the transfer options available for upgrading appliance sensors through the network?

Answer: To upgrade diskless appliance sensors, you can use SCP, FTP, HTTP, or HTTPS to retrieve the new software image.

Q26. Before you can use SCP to retrieve a new image file or signature update, what must you do on the sensor?

Answer: Before you retrieve a new image file or signature update via SCP, you must first add the SSH server key for the system where the software is located (using the ssh host global configuration command).

About the author

Scott

Leave a Comment