What is a characteristic of an IDS? It often requires assistance from other network devices to respond to an attack. It is installed inline with the network traffic flow. It can be configured to drop trigger packets that are associated with a connection. It often requires assistance from other network devices to respond to an attack. What are two characteristics of an IPS operating in promiscuous mode? (Choose two.) It sits directly in the path of the traffic flow. It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic. It sends alerts and drops any malicious packets. It requires the assistance of another network device to respond to an attack. It does not impact the flow of packets in forwarded traffic. What are two characteristics of both IPS and IDS sensors? (Choose two.) both use signatures to detect patterns What is an advantage of using an IPS? It can stop trigger packets. Which tool can
perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks? Snort Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org? Snort rule set pull What is a minimum system requirement to activate Snort IPS functionality on a Cisco router? K9 license What is PulledPork? an open source network IPS that performs real-time traffic analysis and generates alerts when threats are detected on IP networks a centralized management tool to push the rule sets based on preconfigured policy, to Cisco routers a virtual service container that runs on the Cisco ISR router operating system a rule management application that can be used to automatically download Snort rule updates a rule management application that can be used to automatically download Snort rule updates What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.) disable the link reconverge the network drop or prevent the activity allow the activity restart the infected device drop or prevent the activity ... Which IPS signature trigger category uses a decoy server to divert attacks away from production devices? honey pot-based detection policy-based detection pattern-based detection anomaly-based detection honey pot-based detection What situation will generate a true negative IPS alarm type? normal traffic that generates a false alarm a verified security incident that is detected a known attack that is not detected normal traffic that is correctly being ignored and forwarded normal traffic that is correctly being ignored and forwarded What is provided by the fail open and close functionality of Snort IPS? provides the ability to automatically disable problematic signatures that routinely cause false positives and pass traffic blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure keeps Snort current with the latest threat protection and term-based subscriptions keeps track of the health of the Snort engine that is running in the service container blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure What is a characteristic of the Community Rule Set type of Snort term-based subscriptions? it has 60-day delayed access to updated signatures it uses Cisco Talos to provide coverage in advance of exploits it is fully supported by Cisco it is available for free it is available for free What is a characteristic of the connectivity policy setting when configuring Snort threat protection? it attempts to balance network security with network performance it prioritizes security over connectivity it provides the lowest level of protection it enables the highest number of signatures to be verified it provides the lowest level of protection What is contained in an OVA file? an installable version of a virtual machine a list of atomic and composite signatures a set of rules for an IDS or IPS to detect intrusion activity an installable version of a virtual machine What is a network tap? a Cisco technology that provides statistics on packets flowing through a router or multilayer switch a technology used to provide real-time reporting and long-term analysis of security events a feature supported on Cisco switches that enables the switch to copy frames and forward them to an analysis device a passive device that forwards all traffic and physical layer errors to an analysis device a passive device that forwards all traffic and physical layer errors to an analysis device Which statement describes the function of the SPAN tool used in a Cisco switch? It is a secure channel for a switch to send logging to a syslog server It provides interconnection between VLANs over multiple switches. It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device. It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device. A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert? false negative false positive hat is an advantage of HIPS that is not provided by IDS? HIPS deploys sensors at network entry points and protects critical network segments. HIPS monitors network processes and protects critical files. HIPS protects critical system resources and monitors operating system processes. HIPS protects critical system resources and monitors operating system processes. What information must an IPS track in order to detect attacks matching a composite signature? the total number of packets in the attack the state of packets related to the attack the attacking period used by the attacker the network bandwidth consumed by all packets the state of packets related to the attack ... |