CCNP Secure FAQ: Implementing and Configuring IOS Intrusion Prevention System (IPS)
Figure: Configuration Scenario
Q1. What types of security controls are capable of monitoring traffic to detect problems in the network?
a. Intrusion prevention systems (IPS)
b. Protocol analyzers
c. Intrusion detection systems (IDS)
d. Security policy
Q2. What security controls are capable of monitoring traffic to detect and prevent problems in the network?
a. Intrusion detection systems (IDS)
b. Wireless sniffers
c. Intrusion prevention systems (IPS)
d. None of these answers are correct.
Q3. The software-based IPS can support which of the same analysis features as the hardware IPS appliances?
a. Some
b. All
c. None
d. Most
Q4. It is highly recommended to deploy all selected signatures initially without putting which type of action in place to permit tuning the sensor for a particular environment to minimize false positive and false negative events?
a. Remote
b. Passive
c. Preventative
d. All of these answers are correct.
Q5. What is an indication of confidence in a signature’s performance given the environment in which it is deployed?
a. Attack Severity Rating (ASR)
b. Signature Fidelity Rating (SFR)
c. Target Value Rating (TVR)
d. Event Risk Rating (ERR)
Q6. If a license on a router expires, it will no longer be able to do what after the license expiration date?
a. Apply any signatures created
b. Analyze traffic
c. Take preventative action when a signature is matched
d. None of these answers are correct.
Q7. SDEE uses what kind of communication model for event messages?
a. Pull
b. Push
c. Manual
d. None of these answers are correct.
Q8. What is one of the common issues found when deploying Cisco IOS Software IPS sensors to accommodate the signature database?
a. Lack of router memory
b. Insufficient router processor speed
c. Insufficient interface throughput
d. None of these answers are correct.
Q9. When a signature is matched, the Cisco IOS IPS sensors can _____, _____, or _____.
Q10. A _____ signature is present in router memory and can be enabled without recompiling the signature database.
Q11. SDEE uses a pull mechanism to pull alerts from IPS sensors over a/an _____ connection.
Q12. The signature update license is configured on the router using the _____ command.
Q13. When Cisco SDEE notification is enabled, by default, _____ events can be stored in the local event store. This number can be increased to hold a maximum of _____.
Q14. The _____ command can be used to view the events that are written to the local SDEE event store.
Q15. The _____ command displays all interfaces on which IPS is enabled.
Q16. The Cisco IOS IPS router can send IPS alerts through _____ and can have the _____ feature enabled at the same time.
More Resources