Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Fiche technique

642-531 QUESTION 1 Which of the following types of attacks is typical of an intruder who is targeting networks of systems in an effort to retrieve da

642-531 A. Sensor processor speed B. Server performance C. Network throughput D. Intrusion detection analysis performance. Answer: D Explanation:

642-531 E. by Sensor F. by address Answer: C, D Page 16-58 CSIDS Courseware under Event-Viewer - Creating Graph Two types of graphs: - By Child (Dis

642-531 E) SSL Wrong . The test is not specifying the version 3.X that means version 4.X the right answer is B CiscoPress CSIDS Self-Study Second Edi

642-531 QUESTION 238 Which protocol does theMonitoring Center for Security use to monitor alarms on an IDS v3x Sensor? A. SSL B. SSH C. RDEP D. HTTP

642-531 Answer: A, D, E Explanation: The Security Monitor enables you to launch a notification, trigger a script, or sent an e-mail when a databas

642-531 Answer: Explanation: login: Certkiller password: Certkiller 1636 sensor# 1.sensor# copy current-config ftp://[email protected]/ Certkil

642-531 a. Enter configure terminal mode: sensor# configure terminal b. Enter host configuration mode: sensor(config)# service host c. Enter network

642-531 system's parameters to a known baseline by performing the following actions: 1)Create a backup of the running configuration to a remote

642-531 5.sensor(config)#service virtual-sensor-configuration virtualSensor sensor(config-vsc)#reset-signatures string.tcp QUESTION 244 You work as

642-531 QUESTION 245 Exhibit/simulation: Certkiller .com has recently hired you as a security administrator at theirToronto office. You are required

642-531 3. sensor# config terminal sensor(config)#no username service (service is the username for service account) 4.sensor(config)# privilege user

642-531 E. e1/1 Answer: D The Sensor is on the same network, so that means the only possibly answer is the Ethernet01 interface. Ethernet0/2 is usin

642-531 sensor(config-Host-net)# show settings networkParams ------------------------ ipAddress: 10.10.10.200 netmask: 255.255.255.0 default: 255.255

642-531 Assignment: Click on the picture of the host connected to an IDS Sensor by a serial console cable shown in the diagram as a dotted line. Sel

642-531 Answer: Explanation: Reference:Cisco Courseware 6-4 QUESTION 249 Starting and stopping all IDS applications is the task of which of th

642-531 Create the shared system components-EventStore and IDAPI. 4. Open status event subscription. 5. Start the IDS applications (the order is spec

642-531 QUESTION 252 Which types of packets are not forwarded to the NM-CIDS? (Choose two.) A. GRE encapsulated packets B. TCP packets C. UDP packe

642-531 A. ip cef B. ip inspect C. service-module D. ip cef linecard ipc memory Answer: A QUESTION 257 Select the true statement regarding Sensor

642-531 Explanation: Answer A. Show who:Shows active administrative Telnet sessions on the PIXFirewall. Cisco Secure Policy Manager does not genera

642-531 specified in the global statement, that address is port translated. The PIX allows one port translation per interface and that translation su

642-531 Answer: C Explanation: The fixup protocol commands let you view, change, enable, or disable the use of a service or protocol through the PI

642-531 A. 501 B. 506 C. 515 D. 1100 Answer: C Reference: Cisco Secure PIX Firewall QUESTION 268 Which common command are you going to use to clea

642-531 - Merged switching and security into a single chasis - Ability to monitor multiple VLANs - Does not impact switch performance - Attacks and s

642-531 B. Use the static and access-list commands. C. Set the Eth1/0 interface to auto. D. Use the nat and global commands. Answer: B Explanation:

642-531 B. The Conduit is where the data travels on the Bus. C. It controls what QoS the packets get when going through Eth1. D. Controls connections

642-531 C. Show Config D. Show pix Answer: B Explanation: Write terminal displays current configuration on the terminal. Reference: Cisco PIX Fire

642-531 *HyperText Transport Protocol (HTTP) *Internet Control Message Protocol (ICMP) *Internet Protocol (IP) *NetBIOS over IP (Microsoft Networking

642-531 Answer: A Note: In the IDSM chapter I did not come across anything that stated this. In fact there is not much listed in the IDSM chapter. T

642-531 According to the exhibit, Server Certkiller 4 is in VLAN 8. The Catalyst 6500 is running Catalyst OS. Which of the following commands would

642-531 ----------------------------------- filter keyword in set rspan command ---> [Catalyst OS using remote SPAN] Cisco Courseware 5-25 -------

642-531 Which command represents a valid configuration step to permit Sensor IDS6 to monitor traffic sent to Server Certkiller 7? A. 4000>(enable

642-531 traffic sent to and from VLAN3, VLAN4, and VLAN5? A. 6500(config)# monitor session 1 source vlan 3, 4, 5 both B. 6500(config)# monitor sessi

642-531 A. rx B. both C. ingress D. tcp-rst accept E. inpkts enable F. This feature is not supported in this configuration Answer: E IDS course 4.0

642-531 Answer: B, D Page 146 Cisco Press CCSP Chapter 6 Capturing Network Traffic Step 1: Define a security ACL Step 2: Commit the VACL to memory St

642-531 Access Attacks Access is a broad term used to describe any attack that requires the intruder to gain unauthorized access to a secure system w

642-531 Explanation: We must agree with the conclusion that this is nonsense, but E must be the correct answer since a hub a layer 2 device meaning

642-531 5) Apply the VLAN access-map to the specified VLANs 6) Select an interface. 7) Enable the capture function on the interface. Cisco Courseware

642-531 A. because you want to monitor receive traffic from the server. It is not C. because the port monitor fastEthernet 0/5command should be done

642-531 Answer: Explanation: * Ingress SPAN copies network traffic received by the source ports for analysis at the destination port. * Egress

642-531 A. You can have simultaneous protection of multiple network subnets, which is like having multiple Sensors in a single appliance. B. You can

642-531 F. session Answer: D Page 8-8 CSIDS Courseware under IDSM2 and Switch Configuration Tasks - Initialize the IDSM2. This includes completing t

642-531 D. Ciscoidsm E. Ciscoids Answer: E Explanation: The default user login user name for the Cisco IDS Module is Ciscoids, and the default pas

642-531 Sensor output exhibit: ***MISSING*** Note: Use the sensors command line interface to obtain information so that you can answer the question.

642-531 Sensor output exhibit: ***MISSING*** The user name is Jag. Note: Use the sensors command line interface to obtain information so that you ca

642-531 C. BlockingACL D. RouterACL Answer: A QUESTION 67 Exhibit: Given the output of the idsstatus Sensor command. What function is the Sensor p

642-531 A. a means of network access B. prior access to the target C. previously installed root kit D. username and password Answer: A DOS attacks a

642-531 C. Not logging alarms, errors, and commands. D. Generating e-mails for alarms. E. Not capturing network traffic. F. Loading alarms into a use

642-531 NRS-2FE IDS 3.0 and IDS 3.1 NRS-TR IDS 3.0 and IDS 3.1 NRS-SFDDI IDS 3.0 and IDS 3.1 NRS-DFDDI IDS 3.0 and IDS 3.1 IDS-4210 IDS

642-531 QUESTION 72 Which of the following represents the recommended procedure when upgrading a Cisco IDS appliance which is prior to version 4.x?

642-531 With postoffice-based CiscoIntrusionDetectionSystem Sensors (sensors running sensor software version 3.x) you can discover postoffice setting

642-531 three) A. IDS Device Manager B. IDS Event Viewer C. Remote Shell D. Secure Shell E. Telnet F. Trivial File Transfer Protocol Answer: A, D,

642-531 C. IDS Device Manager D. IDS Event Viewer E. Session command F. IDS Management Center Answer: A, E Explanation: The Catalyst 6000 family s

642-531 Answer: C Explanation: The interface sensing configuration mode is a third level of the CLI. It enables you to enable or disable the sensin

642-531 QUESTION 86 Match the Cisco IDS Sensor command with its function. Answer: Explanation: * idsstop - Executing this script stops the Cisc

642-531 Answer: D Explanation: User Roles The CLI for IDS version 4.0 supports three user roles: Administrator, Operator, and Viewer. The privilege

642-531 added. Reference:Cisco Courseware 7-24 QUESTION 89 What is the default privilege level that is set when creating a user account on a Cisco I

642-531 referred to as read-write access). SNMP agents listen on UDP port 161. Reference: SAFE Blueprint for Small, Midsize, and Remote-User Networks

642-531 Page 9-33 CSIDS Courseware under Generating an X.509 Certificate Use the tls generate-key command to generate the self-signed X.509 certifica

642-531 copy Use the copy command to copy iplogs and configuration files. copy [/erase]source-url destination-url copy iploglog-id destination-url Sy

642-531 c. Save the private key. We recommend the name sensorname.key for the private key and we use it in this example. Reference:Cisco Courseware 1

642-531 QUESTION 98 Which of the following represents the methods for adding devices in the Management Center for IDS Sensors using the GUI interfac

642-531 Answer: B, E Page 12-13 CSIDS Courseware under Devices-Sensor Group Note: When you create subgroups, the subgroup inherits the properties of

642-531 2) Download the IP log files via IDM. After retrieving the IP log files, you can use a network protocol analyzer to examine the data. Not B:A

642-531 creating custom signatures with IDS MC? (Choose two.) A. SubSigID B. signature name C. engine description D. engine name E. signature string

642-531 Answer: D Explanation: Select the TCP three way handshake if you want the sensor to tack only those sessions for which the three-way hands

642-531 Page 14-7 CSIDS Courseware under Signature Actions You can configure signatures to cause the Sensor to take action when the signature is trig

642-531 whether it is an inclusive or exclusive filter. Reference: CiscoWorks Management Center for IDS Sensors - Tuning Sensor Configurations QUEST

642-531 Explanation: True positive - is when an IDS generates an alarm for known intrusive activity. False negative - is when an IDS fails to genera

642-531 QUESTION 114 Select the three phases of sensor tuning (Choose three.) A. Prep Phase. B. eployment Phase C. Setup Phase D. Tuning Phase E. Ma

642-531 D. SSH E. serial console Answer: B, D Page 379 Cisco Press CCSP CSIDS 2nd edition under IP Blocking Devices-Cisco Routers To manipulate the

642-531 D. 100 interface/directions maximum per devices E. 10 interface (both directions) across all devices Answer: A Page 383 Cisco Press CCSP CSI

642-531 C. They are considered critical hosts and should not be blocked. D. They provide a method for the Sensor to route through the subnet to the m

642-531 B. ACL applied to the internal (trusted) interface of a managed device C. ACL applied to a managed interface prior to an attack being detecte

642-531 QUESTION 127 Which of the following represents the best description of a post-block ACL on an IDS blocking device? A. ACL applied to a mana

642-531 QUESTION 130 A Cisco IDS Sensor has been configured to perform IP Blocking. Which Cisco IDS service must be running on the Sensor? A. Logged

642-531 command. Reference:Cisco Courseware B-11 QUESTION 132 Which of the following statements regarding the IDS Sensor communications is valid? A

642-531 A. Configure the Blocking Forwarding Sensor's IP address. B. Configure the Blocking Forwarding Sensor's SSH public key. C. Configur

642-531 Blocking Sensor controls blocking on devices at the request of the NAC's running on Blocking Forwarding sensors. page 15-30 ids 4.0 uses

642-531 C. Rootkit D. Exposure Answer: B Explanation: Exploits activity-Indicative of someone attempting to gain access or compromise systems on y

642-531 C. SERVICE engine signatures on a Cisco IDS Sensor include signatures based on network attacks. D. SERVICE engine signatures on a Cisco IDS S

642-531 A. String signatures B. HTTP signatures C. TCP connection signatures D. FTP connection signatures E. ICMP signatures Answer: C Explanation:

642-531 Reference:Cisco Secure Intrusion Detection System (Ciscopress) page 628-629 QUESTION 145 Which of the following represents a type of signat

642-531 C. ATOMIC.IP.ROUTING D. OTHER E. ATOMIC.IPOPTIONS Answer: B Explanation: ATOMIC.L3.IPis a general-purpose Layer 3 inspector. It can handle

642-531 QUESTION 148 Which of the following signature descriptions best describes a service signature engine? A. Inspects multiple transport protoc

642-531 QUESTION 151 Which statement is true when creating custom signatures on a Cisco IDS Sensor in IDS MC? A. All parameter fields must be entere

642-531 Answer: D Microsoft Exchange Server for SMTP is based on the protocol TCP no UDP QUESTION 154 Which of the following statements represents

642-531 A. SIG 20001 AlarmThrottle FireEvery ChokeThreshold 100 ThrottleInterval 120 B. SIG 20002 AlarmThrottle FireAll ChokeThreshold 60 ThrottleIn

642-531 communications, choose the STRING.TCP signature engine to create the custom signature. Which of the following parameters must be configured s

642-531 Answer: C E Explanation: Engine parameters have the following attributes: 1) Protected - If a parameter is protected, you cannot change if

642-531 3) Unicode representation. Cisco Courseware 3-27 QUESTION 16 Why would an attacker saturate the network with "noise" while simulta

642-531 B. Logs deny ACL entries C. Sends SNMP traps to the Sensor D. Sends Syslog messages to the Sensor E. Sends SNMP traps to the Director F. Send

642-531 A. it should be on a SCP or FTP server B. it should be on cisco.com C. it should be on the FTP server only D. it should be on the IDS MC serv

642-531 Supported: FTP (A) HTTPS (D) SCP (F) HTTP Reference:Cisco Courseware 17-6 QUESTION 166 Which of the following methods will you advice the ne

642-531 A. FTP B. SCP C. RCP D. HTTP E. NFS F. TFTP Answer: A, B, D Page 17-6 CSIDS Courseware under Sensor Maintenance The update file must be loca

642-531 QUESTION 171 The Cisco IDS Sensor service pack file IDSk9-sp-3.1-2-S23.bin exists on the Sensor. Which command installs the service pack on

642-531 You can re-image the IDS module from the maintenance partition. After you re-image the IDS module, you must initialize the IDS module using t

642-531 Answer: A, B, C Although time is not changed, time is NOT an application setting. Cisco Courseware 17-17 QUESTION 176 What version of Cisco

642-531 Answer: E Explanation: [client] --- HTTPS ---> [IDS MC] --- SSH ---> [IDS] Cisco Courseware 6-8: QUESTION 179 Which protocol is used

642-531 B. subscriptions C. transaction log D. queries E. configuration Answer: B, D Page 123 Cisco Press CCSP CSIDS 2nd edition under Remote Data E

642-531 Explanation: Communication infrastructure parameters: * Sensor Host ID and Organization ID * Sensor Host Name and Organization Name * Sensor

642-531 D. terminate TCP sessions E. dynamically reconfigure access control lists Answer: C, D Cisco Courseware 4-12 (PIX) Cisco Courseware 4-11 (IO

642-531 Cisco Courseware 6-4 QUESTION 186 When does the Sensor create a new log file? A. Only when the Sensor is initially installed. B. Only when

642-531 QUESTION 188 Which Cisco IDS service allows external management applications to control and configure sensors? A. Transaction Server B. Eve

642-531 QUESTION 191 Which network services are enabled by default on a Cisco IDS Sensor for remote management? (Choose all that apply) A. SSH B. TF

642-531 A. Managed B. Captured C. Snifferd D. Packetd E. Trafficd Answer: D Explanation: Packetd -The packetd daemon interprets and responds to al

642-531 Explanation: *Network security database (NSDB )-The NSDB provides instant access to specific information about the attacks, hyperlinks, pote

642-531 Device Manager? A. on a web server with supported operating systems B. on a Cisco IDS Sensor running version 3.1 and higher C. on a Cisco IO

642-531 In the Cisco IDS Event Viewer, how do you display the context data associated with an event? A. Choose View>Context Data from the main m

642-531 Event Viewer? (Choose all that apply) A. Right-click Dest_Address_Group_View and choose View. B. Double-click Dest_Address_Group_View C. Rig

642-531 Explanation: The information you provide in the Device Properties panel should match the settings you entered during the initial configurat

642-531 Explanation: 1. IDS_Analyzer-To check that the service that processes event rules and requests user-specified notifications when appropriat

642-531 B. Network uptime C. Unauthorized network access D. Network downtime E. Network throughput F. Network abuse Answer: A, C, F Explanation: A

642-531 sensors, switch IDS sensors, and IDS network modules for routers. Uses a web-based interface. Reference: CiscoWorks Management Center for IDS

642-531 Explanation: The Workflow tab is where you can generate, approve, and deploy configuration files for the sensors that you want to manage wi

642-531 Answer: C Cisco Courseware Lab 11-4 QUESTION 214 Which CiscoWorks user role provides administrative access for performing all IDS MC operati

642-531 D. keygen E. puttygen Answer: E Explanation: This document explains how to use the Key generator for PuTTY (PuTTYgen) to generate Secure S

642-531 QUESTION 219 Study the exhibit below carefully: According to the exhibit depicting the RDEP properties of a Sensor in IDS MC: Which of the f

642-531 C. If not selected, the option specifies that IDS MC will dynamically generate new keys to securely communicate with the Sensor. D. The optio

642-531 a NAT device B. Informs the IDS device which address to use in order to send alarms to Monitoring Center for Security when separated by a NAT

642-531 B. SSH C. Syslog D. PostOffice E. Not supported (Security Monitor does not support this platform) Answer: C Explanation: Adding a PIXFirew

642-531 F. None of the above. Answer: A, D Page 581 Cisco Press CCSP CSIDS 2nd edition under Enterprise IDSManagement Under 3rd Note: If you want to

642-531 (Choose three.) A. events B. sensors C. statistics D. signatures E. connections F. notifications Answer: A, C, E Explanation: You can mon