CCNP Secure IPS FAQ: Capturing Network Traffic
Q1. Operating in inline mode requires how many sensor interfaces?
A. Two
B. One
C. Three
D. One or two
E. None of the above
Q2. Which infrastructure device(s) enables your sensor to capture traffic by default?
A. Switch
B. Router
C. Hub
D. Firewall
E. Switch and hub
Q3. Which switch capture mechanism enables you to capture traffic from multiple Cisco switches?
A. SPAN
B. RSPAN
C. Network tap
D. VACLs
Q4. Which switch capture mechanism requires special consideration when you use IOS Firewall functionality?
A. VACLs
B. SPAN
C. RSPAN
D. SPAN and RSPAN
E. VACLs, SPAN, and RSPAN
Q5. Which IOS command enables you to configure SPAN to capture network traffic?
A. set span
B. monitor session
C. switchport trunk
D. switchport span
E. monitor span
Q6. Which of the following is not a step in creating VACLs for IOS?
A. Configure an ACL
B. Commit VACL to memory
C. Create a VLAN access map
D. Configure capture ports
E. Apply the access map to VLANs
Q7. Which of the following is not a step in creating VACLs when you use IOS Firewall?
A. Configure the extended ACL
B. Assign the capture port
C. Apply ACL to an interface or VLAN
D. Apply the access map to VLANs
Q8. Where do you need to create an artificial VLAN boundary to use inline mode?
A. Between devices with virtual switch ports
B. Between a router and a firewall
C. Between a switch and a router
D. Between a switch and a firewall e. Between two routers
Q9. Which switch traffic capture mechanism uses ACLs to specify interesting traffic?
A. SPAN
B. RSPAN
C. VACL
D. SPAN and VACL
E. SPAN, RSPAN, and VACL
Q10. Which IOS command specifies the interface to receive the traffic from the VACL?
A. switchport trunk
B. switchport capture
C. set security acl
D. switchport acl
E. set security capture
Q11. What are the common locations to deploy inline IPS?
Q12. When do you need to construct an artificial VLAN boundary to use inline IPS?
Q13. What are the three network devices commonly used to capture network traffic for processing by your sensor?
Q14. Which three switch mechanisms can you use to mirror traffic to your IPS sensors?
Q15. How is SPAN different from RSPAN?
Q16. Which IOS command is used to configure SPAN on your Catalyst 4500 and 6500 switches?
Q17. What are the steps involved in configuring a VACL on IOS?
Q18. Which command may impact your ability to capture traffic by using VACLs?
Q19. When do you need to use the mls ip ids IOS command?
Q20. What steps are involved in using VACLs when you have the IOS Firewall on your Catalyst 6500 switch?
Q21. Which IOS command do you use to enable trunking on a switch port?
Q22. Which IOS command enables you to create a VLAN access map?
Q23. Which action must you specify (when using VLAN access maps) to enable the traffic to pass to the destination hosts and not be denied?