CCSP SECUR FAQ : Intrusion Detection and the Cisco IOS Firewall
Q1. What advantages does the Cisco IOS firewall IDS provide security administrators? (Choose two.)
A. Detect malicious activity
B. Combine features of routing and switching
C. Work well with syslog servers
D. Can respond to potential threats
E. None of the above
Q2. The Cisco IOS firewall IDS is a(n) .
A. integrated appliance.
B. package that runs on Windows 2000.
C. software-based feature set for 500 series routers.
D. system that runs on the PIX firewall.
E. software-based feature set developed for mid-range to high-end routers.
Q3. How does the Cisco IOS firewall IDS identify potential attacks?
A. It scans the network.
B. It matches packets against signatures.
C. It matches audit rules.
D. It scans packet headers.
E. It scans for potential viruses.
Q4. How does the Cisco IOS firewall IDS operate with CBAC?
A. It doesn’t.
B. They can run in concert or be applied to different interfaces.
C. It must be applied to different interfaces.
D. They must be applied to the same interface.
E. None of the above.
Q5. What configuration mode must you be in to configure “notification types”?
A. Notification configuration mode
B. Privilege EXEC mode
C. Interface configuration mode
D. Global configuration mode
E. IOS configuration mode
Q6. What are you configuring with the ip audit notify command?
A. E-mail address for attack notification
B. Where to send alerts if the router fails
C. What server to log to
D. IDS routing protocols
E. Defines the alert format if a signature match occurs
Q7. What is the default port for the POP?
A. TCP 4500
B. UDP 45000
C. TCP 45000
D. UDP 4500
E. TCP 3021
Q8. Why should you define a “protected network”?
A. So you know who is attacking your network.
B. To protect yourself from disgruntled employees.
C. The signatures only apply to the protected network.
D. It is a requirement to make the IDS function work.
E. None of the above.
Q9. What is the difference between an atomic signature and a compound signature?
A. Atomic signatures are really bad.
B. Compound signatures require more memory.
C. Atomic signatures only see oversized packets.
D. Atomic signatures can overload your router.
E. None of the above.
Q10. What command is used to reset statistics?
A. reset ip audit statistics
B. clear ip audit statistics
C. delete ip audit statistics
D. no statistics
E. disable ip audit statistics
Q11. How are signatures listed in the Cisco IOS firewall?
Q12. How does the Cisco IOS firewall IDS operate?
Q13. What are the three actions that are performed by the IOS firewall IDS when malicious traffic is discovered?
Q14. Why would you want to disable some signatures?
Q15. What is POP?
Q16. What are the four steps to configuring the firewall IDS?
Q17. What must match for POP to work?
Q18. In the command ip audit po remote . . . timeout, what timeout are you configuring?
Q19. When you configure ip audit po protected, are you configuring a subnet or address range?
Q20. Why should you configure a maximum queue for alarms?
Q21. Which signatures create a greater load on the router performance?
Q22. How do you exclude a signature?
Q23. What is the first step to creating an audit rule?
More Resources