CCNP Secure IPS FAQ: Cisco IPS Response Configuration
Q1. The Deny Connection Inline action stops traffic that matches which of the following descriptions (where “source” and “destination” refer to the traffic that caused the signature to trigger)?
A. Source IP address and destination port
B. Source IP address and destination IP address
C. Source IP address, destination IP addresses, source port, and destination port
D. Source IP address, destination IP address, and destination port
Q2. When you manually configure IP logging, which parameter is not a valid parameter that you can configure with IDM?
A. Maximum Number of Packets
B. Duration (in seconds)
C. Maximum Number of Bytes
D. All of these answers are valid parameters
Q3. Which of the following is not a valid Cisco IPS response action?
A. Request SNMP Trap
B. Produce Verbose Alert
C. Modify Packet Inline
D. Deny Packet Inline
E. Request Block Packet
Q4. What is a major difference between Access Control Lists (ACLs) and VLAN Access Control Lists (VACLs)?
A. ACLs are available only on routers.
B. ACLs apply to traffic either entering or leaving an interface.
C. ACLs are directionless.
D. VACLs are directionless.
E. VACLs apply to traffic either entering or leaving an interface.
Q5. When is a Master Blocking Sensor necessary?
A. When your managed devices are PIX™ Firewalls
B. When one sensor manages multiple managed devices
C. When multiple sensors are configured for IP blocking
D. When one sensor manages both PIX Firewalls and Cisco IOS® routers
Q6. What is the default logging duration when you manually configure IP logging?
A. 10 minutes
B. 15 minutes
C. 20 minutes
D. 30 minutes
E. 60 minutes
Q7. Which of the following is true about the Deny Attacker Duration parameter?
A. It is measured in minutes.
B. The default is 90 minutes.
C. The default is 3600 seconds.
D. It is measured in minutes, and the default is 90 minutes.
Q8. By default, which of the following is true about configuring never-block addresses?
A. You must configure a never-block address to prevent the sensor from being blocked.
B. The sensor can never block itself.
C. By default, the sensor will not block its own address.
Q9. Which of the following is not a consideration for implementing IP blocking?
A. Antispoofing mechanisms
B. Critical hosts
C. Blocking duration
D. Interface ACL requirements
E. Frequency of attack traffic
Q10. By default, what is the maximum number of entries allowed in the blocking ACL?
A. 100
B. 200
C. 250
D. 500
E. 1000
Q11. What are the three inline response actions?
Q12. What traffic does the Deny Connection Inline response action prevent?
Q13. What are the three logging options available in Cisco IPS version 5.0?
Q14. What two blocking actions can you configure to occur when a signature triggers?
Q15. What types of devices can Cisco IPS sensors use as managed devices?
Q16. What must you configure when implementing IP blocking on an interface that already has an ACL applied to it?
Q17. When do you need to configure a Master Blocking Sensor?
Q18. How many sensors can initiate IP blocking on a single managed device?
Q19. How can you protect the traffic from critical systems from accidentally being blocked by the IP blocking functionality?
Q20. What are the two steps for defining a router blocking device in IDM?
Q21. Which response actions can be manually configured via the IDM interface?
Q22. What response action uses the Simple Network Management Protocol (SNMP)?
Q23. How long does the Deny Attacker Inline action block traffic from the attacker’s IP address?
Q24. Which parameter determines how long IP blocking actions remain in effect?
Q25. Which blocking mechanism enables you to restrict traffic between systems on the same network segment?