CCNP Secure IPS FAQ: Cisco IPS Signature Engines
Q1. Which signature engine would you use to create a signature that searches for the pattern “Confidential” in a single packet?
A. Atomic IP
B. String TCP
C. Meta
D. AIC FTP
E. Service Generic
Q2. Which signature engine would you use to create a signature that will trigger when the following three HTTP signatures occur: 3202, 3209, and 3217?
A. AIC HTTP
B. Service HTTP
C. Normalizer
D. Meta
E. State
Q3. Which parameter do you configure when creating a TCP port sweep signature that you do not configure for a TCP host sweep signature?
A. TCP Mask
B. Port Range
C. Unique
D. Swap Attacker Victim
E. Storage Key
Q4. Which signature engine can you use to create a signature that verifies that no application is using port 80 for any traffic except for HTTP?
A. Service Generic
B. Service HTTP
C. AIC HTTP
D. Normalizer
E. State
Q5. Which parameter would you use to require a regex match to be at least 20 bytes when you are creating an Atomic TCP signature?
A. Min Match Length
B. Min Match Offset
C. Max Match Offset
D. Min Regex Size
E. Exact Match Offset
Q6. What is in the Component Count field in a meta signatures?
A. The number of component signatures in the meta signatures
B. The number of times a meta signatures triggers
C. The number of component signatures that have triggered for a meta signature
D. The number of times a component signature must be detected for the component signature entry to match
Q7. Which of the following is not a valid signature type for the AIC HTTP signature engine?
A. Max Outstanding Requests Overrun
B. Request Methods
C. Define Web Traffic Policy
D. Content Types
E. URL Link Pattern
Q8. Which of the following is not a valid option for the FTP Command parameter of the AIC FTP signature engine?
A. site
B. anon
C. retr
D. pwd
E. stor
Q9. Which of the following fields is not a valid regex field for the Service HTTP signature engine?
A. Uri Regex
B. Arg Name Regex
C. Arg Value Regex
D. Header Regex
E. Body Regex
Q10. Which of the following is not a state machine supported by the State signature engine?
A. Cisco Login
B. SMTP
C. SNMP
D. LPR Format String
Q11. What are the major groups that signature parameters fall into?
Q12. What do the Application Inspection and Control (AIC) signature engines provide, and which protocols are currently supported?
Q13. What signature types can you use for AIC HTTP signatures?
Q14. What are the atomic signature engines and the types of signatures they support?
Q15. What is the definition of an atomic signature?
Q16. What is the difference between the TCP Mask and TCP Flags parameters?
Q17. Which parameter do you use to specify that a regex string needs to be located at an exact location within the packet or stream?
Q18. Which Flood Net parameter defines how long the traffic must remain above the configured rate in order to trigger the signature?
Q19. What is a meta signatures?
Q20. What are the three inspection types available when you are creating signatures with the Service FTP signature engine?
Q21. What are the three inspection types available when you are creating signatures with the Service NTP signature engine?
Answer When creating signatures with the Service NTP signature engine, you can create signatures using the following inspection types: Inspect NTP Packets, Is Invalid Data Packet, and Is Non NTP Traffic.
Q22. What are the four inspection types available when you are creating signatures with the Service SNMP signature engine?
Q23. Cisco IPS supports what three state machines in the State signature engine?
Q24. What are the three String signature engines?
Q25. Which parameter determines how many connections it takes for a sweep signature to trigger?