CCNP Secure IPS FAQ: Verifying System Configuration

CCNP Secure IPS FAQ: Verifying System Configuration

Q1. Which of the following is not provided in the output of the show version sensor CLI command?
A. Sensor uptime
B. Recovery partition software version
C. Sensor host name
D. Current sensor software version
E. Previous sensor software version

Answer: C

Q2. Which of the following is not one of the sections of the sensor configuration output?
A. event-action-rules
B. signature-definition
C. network-access
D. trusted-certificates
E. alarm-channel-configuration

Answer: E

Q3. Which of the following is not a valid event type for the show events CLI command?
A. error
B. debug
C. nac
D. status
E. log

Answer: B

Q4. Which of the following is true about viewing sensor statistics?
A. You can only use the sensor CLI to view sensor statistics.

B. You can use the sensor CLI to selectively view statistics based on various categories.

C. You can only use IDM to view sensor statistics.

D. You can use IDM to selectively view statistics based on various categories.

Answer: B

Q5. Which of the following is not a keyword used with the “|” symbol to limit the output of various sensor CLI commands?
A. start
B. begin
C. include
D. exclude

Answer: A

Q6. When you are choosing events to display through IDM, which of the following is not a configuration option?
A. Selecting all events in the Event Store

B. Selecting all high-severity alerts that happened in the last 2 hours

C. Selecting all informational alerts that happened between January 12, 2005, and January 14, 2005.

D. Selecting all NAC events that happened in the last 30 minutes

E. Selecting all log events that happened in the last 2 hours

Answer: E

Q7. Which sensor CLI command captures traffic for the GigabitEthernet0/0 interface and saves it to a file?
A. packet display GigabitEthernet0/0
B. display packet GigabitEthernet0/0
C. capture packet GigabitEthernet0/0
D. packet capture GigabitEthernet0/0

Answer: D

Q8. What does the password keyword do when added to the show tech-support CLI command?
A. password is not a valid option for the show tech-support command.

B. It removes sensitive information, such as passwords, from the tech-support output.

C. It includes sensitive information, such as passwords, in the tech-support output.

D. It is used with the destination keyword to specify login credentials for the destination system.

Answer: C

Q9. What is the tech-support output called in IDM?
A. Tech-support report
B. System report
C. Operational report
D. Diagnostic report
E. IDM does not provide tech-support output

Answer: D

Q10. Which sensor CLI command would you use to configure SNMP parameters on your sensor?
A. service snmp
B. service notification
C. service host
D. service logger
E. service network-access

Answer: B

Q11. Which sensor CLI command would you use to display the sensor uptime and previous sensor software version?

Answer: The show version sensor CLI command displays information such as the sensor uptime, current and previous software versions, and recovery partition software version.

Q12. What are the sections of the sensor configuration file output?

Answer: The sensor configuration file output is divided into the following sections: analysisengine, authentication, event-action-rules, host, interface, logger, network-access, notification, signature-definition, ssh-known-hosts, trusted-certificates, and web-server.

Q13. What do the different sections of the sensor configuration file correspond to?

Answer: The different sections of the configuration file correspond to the options available for the sensor service CLI configuration command.

Q14. Which sensor CLI command displays the Product Evolution Program (PEP) information for your sensor?

Answer: The show inventory sensor CLI command displays the PEP inventory information.

Q15. What is the main difference between displaying sensor statistics via the CLI and displaying sensor statistics by using IDM?

Answer: In IDM a single command displays all of the sensor statistics, whereas in the CLI you can choose one of 14 statistical categories, which allows you to display only a limited amount of statistical information.

Q16. In the sensor CLI, which command displays events, and which types of events can you display?

Answer: Using the show events CLI command, you can display alert, error, log, NAC, and status events.

Q17. What are the three ways to specify the time frame for events when you use IDM to display events?

Answer: When using IDM to display events, you can specify the time frame for events by a number of minutes or hours in the past, events within a date range, and all events in the Event Store.

Q18. Which sensor CLI command enables you to view the operational status of the interfaces on the sensor?

Answer: The show interfaces CLI command enables you to view the operational status of interfaces on the sensor.

Q19. Which CLI command captures network traffic to a tcpdump capture file?

Answer: The packet capture CLI command captures network traffic to a tcpdump capture file.

Q20. Which CLI command captures network traffic and displays it in the screen for all Gigabit Ethernet interfaces?

Answer: The packet display GigabitEthernet command displays capture traffic from all of the Gigabit Ethernet interfaces on the sensor.

Q21. Which sensor CLI command displays a comprehensive list of status and system information about your sensor?

Answer: The show tech-support CLI command displays a comprehensive list of status and system information about your sensor.

Q22. What does the diagnostic report in IDM provide?

Answer: The diagnostic report in IDM provides a comprehensive list of status and system information about your sensor. This is the same information as the CLI command show techsupport.

Q23. Which service notification option removes the size limit on SNMP traps?

Answer: The enable-detail-traps option removes the size limits on traps sent, as opposed to those in sparse mode (fewer than 484 bytes).

Q24. What does the error-filter option of the service notification command do?

Answer: The error-filter option of the service notification command enables you to determine which errors generate SNMP traps (options are warning, error, and fatal).

About the author

Scott

Leave a Comment