CCNP Security FAQ : IPS and Advanced Protocol Handling
Q1. What does the ICMP inspection feature on the Security Appliance do?
A. It prevents the Security Appliance from being flooded with water.
B. It protects the inside network from being engulfed by rain.
C. It protects against SYN flood attacks.
D. It protects against AAA attacks.
Q2. Which Security Appliance feature mitigates a DoS attack that uses port 53?
A. Floodguard
B. Incomplete guard
C. Fragguard
D. DNS inspection
Q3. Which of the following multimedia application(s) is(are) supported by Security Appliance?
A. MGCP
B. RTSP
C. H323
D. All of these answers are correct
Q4. Which is the default port that Security Appliance inspects for H.323 traffic?
A. 1628
B. 1722
C. 1720
D. 1408
Q5. Which of the following describes how the mail inspection works on the Security Appliance?
A. It lets all mail in except for mail described by an access list.
B. It restricts SMTP requests to seven commands and eight ESTMP commands, as well as concealing the SMTP banner.
C. It revokes mail messages that contain attacks.
D. It performs virus checks on each mail message.
6. Which of the following statements about DNS inspection is true?
A. It is disabled by default.
B. It allows only a single DNS response for outgoing requests.
C. It monitors the DNS servers for suspicious activities.
D. It is enabled by default.
Q7. Which of the following are Security Appliance attack mitigation features?
A. DNS inspection
B. ICMP inspection
C. Remote guard
D. Mail inspection
E. Webguard
Q8. Which command installs the Security Appliance IPS Software?
A. copy tftp flash
B. upgrade AIP-SSM software
C. hw-module 1 recover boot
D. hw-module 1 upgrade system
Q9. What does the reset action do in the Security Appliance IPS configuration?
A. Warns the source of the offending packet before it drops the packet
B. Drops the offending packet and closes the connection if it is part of an active connection with a TCP RST
C. Waits 2000 offending packets, and then permanently bans the connection to the source host
D. Reports the incident to the syslog server and waits for more offending packets from the same source to arrive
Q10. Which PIX feature mitigates a DoS attack using a rewritten ICMP datagram?
Q11. On which port does the Security Appliance inspect for H.323 traffic by default?
Q12. How do you enable the Security Appliance Mail inspection feature?
Q13. What are some of the Security Appliance limitations on CTIQBE application inspection?
Q14. How do you install a new IPS image on an AIP-SSM module?
Q15. Which policies are available in the Cisco Security IPS configuration?
Q16. How does DNS inspection on the Cisco Security Appliance prevent DoS attacks that exploit DNS?
Q17. What basic configurations are required to fully enable IPS features on a Security Appliance?
Q18. How does the Mail inspection feature prevent SMTP-related attacks?
Q19. How do you enable MGCP application inspection for call agents and gateways using the default ports?
More Resources