CCNP Secure IPS FAQ: Cisco Intrusion Prevention System (IPS) Overview
Q1. What do you call a signature that does not fire after observing normal user traffic?
A. False positive
B. True negative
C. False negative
D. True positive
Q2. Which of the following is a valid risk rating?
A. High
B. Severe
C. 80
D. Critical
E. Catastrophic
Q3. Which of the following sensors does not support inline mode?
A. IDS 4215
B. IDS 4255
C. IDS 4240
D. IDS Network Module
E. IDS 4235
Q4. Which software bypass mode causes the sensor to stop passing traffic if the analysis engine stops running?
A. Auto
B. Off
C. On
D. Fail open
E. None of these
Q5. In which processing mode does your sensor passively monitor network traffic as it looks for intrusive activity? How many interfaces does it require?
A. Promiscuous, 1 interface
B. Inline, 1 interface
C. Promiscuous, 2 interfaces
D. Inline, 2 interfaces
Q6. Which of the following appliance sensors is diskless so that it can provide greater reliability?
A. IDS 4215
B. IDS 4235
C. IDS 4240
D. IDS 4250
E. IDS 4210
Q7. Which standard defines a product independent standard for communicating security device events?
A. SDEE
B. LDAP
C. RDEP
D. TLS
E. IDIOM
Q8. Which communication protocol does your sensor use to communicate event messages to other Cisco IPS devices on the network?
A. IDIOM
B. SMTP
C. RDEP
D. SDEE
E. None of these
Q9. What is the name of the boundary between your network and your business partner’s network?
A. Internet boundary
B. Extranet boundary
C. Intranet boundary
D. Remote-access boundary
Q10. Which of the following are internal boundaries that separate network segments within a network?
A. Intranet boundaries
B. Internet boundaries
C. Extranet boundaries
D. Segment boundaries
E. None of these
Q11. What is a false positive?
Q12. What is a true positive?
Q13. If your sensor has only two monitoring interfaces, can you operate in promiscuous and inline modes simultaneously?
Q14. What factors are use to calculate the risk rating?
Q15. How is the asset value of a target configured?
Q16. Which appliance sensors support the inline mode of operation?
Q17. Which appliance sensors are diskless?
Q18. Which appliance sensor comes with dual 1 Gb monitoring interfaces?
Q19. What are the three modes that you can configure for software bypass when using inline mode?
Q20. If you want the sensor to fail close when operating in inline mode, what software bypass mode would you use?
Q21. What are the four network boundaries that you need to consider when deploying sensors on your network?
Q22. What factors (besides network boundaries) must you consider when deploying your sensors?
Q23. Which XML-based protocol does your sensor use to transfer event messages to other Cisco IPS devices?
Q24. Which standard provides a product-independent standard for communicating security device events?
Q25. What is a true negative?
Q26. What is the Meta-Event Generator (MEG)?
Q27. What is the main difference between intrusion detection and intrusion prevention?