CCNA Security - Chapter 5 Exam Answers (Jawaban)
1. An IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe?
Answer:
* Trigger: Pattern-based detection
Type: Composite signature
2. A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature?
Answer:
* medium
3. What are two major drawbacks to using HIPS? (Choose two.)
Answer:
* HIPS has difficulty constructing an accurate network picture or coordinating the events happening across the entire network.
* With HIPS, the network administor must verify support for all the different operating systems used in the network.
4. Which type of intrusion detection triggers an action if excessive activity occurs beyond a specified threshold of normal activity?
Answer:
* anomaly-based detection
5. Which two statements characterize a network-based IPS implementation? (Choose two.)
Answer:
* It is unable to examine encrypted traffic.
* It is independent of the operating system on hosts.
6. What information is provided by the show ip ips configuration configuration command?
Answer:
* the default actions for attack signatures
7. When editing IPS signatures with SDM, which action drops all future packets from a TCP flow?
Answer:
* Deny Connection Inline
8. Refer to the exhibit. A user was installing a Flash Player upgrade when the CSA displayed the dialog box shown. Which default action is taken by CSA if the user does not respond within 4 minutes and 20 seconds?
Answer:
* The action is denied, and a log entry is recorded.
9. Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.)
Answer:
* Deny Attacker Inline
* Deny Connection Inline
10. Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?
Answer:
* It is the subsignature ID.
11. What is a disadvantage of network-based IPS as compared to host-based IPS?
Answer:
* Network-based IPS cannot examine encrypted traffic.
12. Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
Answer:
* IOS-Sxxx-CLI.pkg
* realm-cisco.pub.key.txt
13. Why is a network that deploys only IDS particularly vulnerable to an atomic attack?
Answer:
* The IDS permits malicious single packets into the network.
14. Refer to the exhibit. Based on the SDM screen shown, which two actions will the signature take if an attack is detected? (Choose two.)
Answer:
* Generate an alarm message that can be sent to a syslog server.
* Create an ACL that denies traffic from the attacker IP address.
15. Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.)
Answer:
* ip http server
* ip ips notify sdee
16. Refer to the exhibit. Which option tab on the SDM IPS screen is used to view the Top Threats table and deploy signatures associated with those threats?
Answer:
* Security Dashboard
17. Which Cisco IOS configuration option instructs the IPS to compile a signature category named ios_ips into memory and use it to scan traffic?
Answer:
* R1(config)# ip ips signature-category
R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# retired false
18. Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
Answer:
* All traffic that is permitted by the ACL is subject to inspection by the IPS.
19. What are two IPS configuration best practices that can help improve IPS efficiency in a network? (Choose two.)
Answer:
* Ensure that signature levels that are supported on the management console are synchronized with the signature packs on the sensors.
* Place signature packs on a dedicated FTP server within the management network.
20. Refer to the exhibit. What is the significance of the small red flag waving in the Windows system tray?
Answer:
* Cisco Security Agent is active and has detected a potential security problem.
21. Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)
Answer:
* addition of a signature risk rating.
* support for encrypted signature parameters.
Sumber : http://ccna-exam-answers-final.blogspot.com/2013/08/ccna-security-chapter-5-exam-answers.html
blog.ceaster.com - www.ceaster.com Ceaster Corp
Posts
