CCNP Secure IPS FAQ: Basic Cisco IPS Signature Configuration
Q1. Which of the following is not a valid IDM signature group?
B. Operating System
D. Signature Release
E. Policy Violation
Q2. Which of the following is not a valid signature response option?
A. Deny Victim Inline
B. Deny Attacker Inline
C. Produce Alert
D. Request SNMP Trap
E. Log Pair Packets
Q3. Which of the following is not a valid summary key?
A. Attacker address
B. Attacker address and victim port
C. Victim address and attacker port
D. Attacker and victim addresses
E. Attacker and victim addresses and ports
Q4. Which of the following is not a valid alarm summary mode?
A. Fire Once
C. Global Summary
D. Fire All
E. Fire Global
Q5. Which parameter determines when alarm summary mode takes effect?
A. Global Summary Threshold
B. Summary Threshold
C. Choke Threshold
D. Throttle Interval
E. None of these
Q6. Which of the following is not a valid service signature group?
B. General Service
E. File Sharing
Q7. Which of the following is not a field on the Network Security Database (NSDB) signature information page for version 5.0?
B. Benign Trigger(s)
C. Recommended Signature Filter
D. Related Threats
E. Related Vulnerabilities
Q8. Which button activates a signature that has been disabled?
D. No Disable
E. None of these
Q9. Which button activates a signature that has been retired?
E. You cannot retire signatures
Q10. When you create a custom signature, which option starts with the settings for an existing signature?
Q11. In IDM, which signature groups can you use to view signatures?
Q12. In IDM, which types of attacks can you view signatures by?
Q13. In IDM, what field is searched when you display signatures by signature name?
Q14. What summary-key values can you specify for a signature?
Q15. What is the difference between Fire All and Fire Once alarm summary modes?
Q16. What is the difference between Summary and Global Summary alarm summary modes?
Q17. What does the Benign Trigger(s) field on the NSDB signature page provide?
Q18. What are the two methods (via IDM) that you can use to create new custom signatures?
Q19. Using IDM, how can you remove a signature from a signature engine?
Q20. What signature responses (actions) are unique to inline mode?
Q21. Which signature response (action) uses SNMP?
Q22. Besides using the Select All button, how can you select multiple signatures on the Signature Configuration screen?