CCSP SECUR FAQ : Intrusion Detection and the Cisco IOS Firewall

CCSP SECUR FAQ : Intrusion Detection and the Cisco IOS Firewall

Q1. What advantages does the Cisco IOS firewall IDS provide security administrators? (Choose two.)
A. Detect malicious activity
B. Combine features of routing and switching
C. Work well with syslog servers
D. Can respond to potential threats
E. None of the above

Answer: A, D

Q2. The Cisco IOS firewall IDS is a(n) .
A. integrated appliance.
B. package that runs on Windows 2000.
C. software-based feature set for 500 series routers.
D. system that runs on the PIX firewall.
E. software-based feature set developed for mid-range to high-end routers.

Answer: E

Q3. How does the Cisco IOS firewall IDS identify potential attacks?
A. It scans the network.
B. It matches packets against signatures.
C. It matches audit rules.
D. It scans packet headers.
E. It scans for potential viruses.

Answer: B

Q4. How does the Cisco IOS firewall IDS operate with CBAC?
A. It doesn’t.
B. They can run in concert or be applied to different interfaces.
C. It must be applied to different interfaces.
D. They must be applied to the same interface.
E. None of the above.

Answer: B

Q5. What configuration mode must you be in to configure “notification types”?
A. Notification configuration mode
B. Privilege EXEC mode
C. Interface configuration mode
D. Global configuration mode
E. IOS configuration mode

Answer: D

Q6. What are you configuring with the ip audit notify command?
A. E-mail address for attack notification
B. Where to send alerts if the router fails
C. What server to log to
D. IDS routing protocols
E. Defines the alert format if a signature match occurs

Answer: E

Q7. What is the default port for the POP?
A. TCP 4500
B. UDP 45000
C. TCP 45000
D. UDP 4500
E. TCP 3021

Answer: B

Q8. Why should you define a “protected network”?
A. So you know who is attacking your network.
B. To protect yourself from disgruntled employees.
C. The signatures only apply to the protected network.
D. It is a requirement to make the IDS function work.
E. None of the above.

Answer: E

Q9. What is the difference between an atomic signature and a compound signature?
A. Atomic signatures are really bad.
B. Compound signatures require more memory.
C. Atomic signatures only see oversized packets.
D. Atomic signatures can overload your router.
E. None of the above.

Answer: B

Q10. What command is used to reset statistics?
A. reset ip audit statistics
B. clear ip audit statistics
C. delete ip audit statistics
D. no statistics
E. disable ip audit statistics

Answer: B

Q11. How are signatures listed in the Cisco IOS firewall?

Answer: By number

Q12. How does the Cisco IOS firewall IDS operate?

Answer: As an in-line IDS

Q13. What are the three actions that are performed by the IOS firewall IDS when malicious traffic is discovered?

Answer: Alarm, drop, reset

Q14. Why would you want to disable some signatures?

Answer: To reduce the number of false positives

Q15. What is POP?

Answer: A Cisco proprietary protocol that allows the IDS and management to communicate

Q16. What are the four steps to configuring the firewall IDS?

Answer: Initialize the Cisco IOS firewall IDS on the router, configure attack signatures, create and apply audit rules, and add the Cisco IOS firewall IDS to the centralized management.

Q17. What must match for POP to work?

Answer: Both the IDS and manager must have the same organization ID.

Q18. In the command ip audit po remote . . . timeout, what timeout are you configuring?

Answer: The heartbeat between the IDS and the Director

Q19. When you configure ip audit po protected, are you configuring a subnet or address range?

Answer: Address range

Q20. Why should you configure a maximum queue for alarms?

Answer: To keep from taxing your memory

Q21. Which signatures create a greater load on the router performance?

Answer: Compound

Q22. How do you exclude a signature?

Answer: Use the ip audit signature command.

Q23. What is the first step to creating an audit rule?

Answer: Configure the default actions.

More Resources

About the author

Scott

Leave a Comment