Copy and Edit

CCNA Security Chapter 5 Exam

Description

CCNA Security v2.0 Chapter 5 Exam
d94829 d94829
Quiz by d94829 d94829, updated more than 1 year ago
d94829 d94829
Created by d94829 d94829 about 6 years ago
719
3
0

Resource summary

Question 1

Question
What information must an IPS track in order to detect attacks matching a composite signature?
Answer
  • the total number of packets in the attack
  • the attacking period used by the attacker
  • the network bandwidth consumed by all packets
  • the state of packets related to the attack

Question 2

Question
What is a disadvantage of a pattern-based detection mechanism?
Answer
  • The normal network traffic pattern must be profiled first
  • It cannot detect unknown attacks
  • It is difficult to deploy in a large network
  • Its configuration is complex

Question 3

Question
What is the purpose in configuring an IOS IPS crypto key when enabling IOS IPS on a Cisco router?
Answer
  • to secure the IOS image in flash
  • to enable Cisco Configuration Professional to be launched securely
  • to encrypt the master signature file
  • to verify the digital signature for the master signature file

Question 4

Question
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
Answer
  • All traffic that is permitted by the ACL is subject to inspection by the IPS
  • A named ACL determines the traffic to be inspected
  • All traffic that is denied by the ACL is subject to inspection by the IPS
  • A numbered ACL is applied to S0/0/0 in the outbound directio

Question 5

Question
Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)
Answer
  • support for IPX and AppleTalk protocols
  • addition of signature micro engines
  • support for comma-delimited data import
  • support for encrypted signature parameters
  • addition of a signature risk rating

Question 6

Question
Which type of IPS signature detection is used to distract and confuse attackers?
Answer
  • honeypot-based detection
  • policy-based detection
  • pattern-based detection
  • anomaly-based detection

Question 7

Question
Which statement is true about an atomic alert that is generated by an IPS?
Answer
  • It is an alert that is used only when a logging attack has begun
  • It is a single alert sent for multiple occurrences of the same signature
  • It is an alert that is generated every time a specific signature has been found
  • It is both a normal alarm and a summary alarm being sent simultaneously at set intervals

Question 8

Question
A system analyst is configuring and tuning a recently deployed IPS appliance. By examining the IPS alarm log, the analyst notices that the IPS does not generate alarms for a few known attack packets. Which term describes the lack of alarms by the IPS?
Answer
  • true negative
  • false positive
  • false negative
  • true positive

Question 9

Question
A security specialist configures an IPS so that it will generate an alert when an attack is first detected. Alerts for the subsequent detection of the same attack are suppressed for a pre-defined period of time. Another alert will be generated at the end of the period indicating the number of the attack detected. Which IPS alert monitoring mechanism is configured?
Answer
  • composite alert
  • atomic alert
  • correlation alert
  • summary alert

Question 10

Question
In configuring a Cisco router to prepare for IPS and VPN features, a network administrator opens the file realm-cisco.pub.key.txt, and copies and pastes the contents to the router at the global configuration prompt. What is the result after this configuration step?
Answer
  • The router is authenticated with the Cisco secure IPS resource web server
  • A pair of public/secret keys is created for IPsec VPN operation
  • A crypto key is created for IOS IPS to verify the master signature file
  • A pair of public/secret keys is created for the router to serve as an SSH server

Question 11

Question
Refer to the exhibit. Based on the configuration, which traffic will be examined by the IPS that is configured on router R1?
Image:
Pa Tp1 Gh B77 Eb Atm Zq2xq F Ug Irc Jdvcs Ionwob Kpdh6s V3j Adv Hvs Bue Zgy A8vx X Jb Wk R6kjf J Nt2 E2 Yo T6s Pm Im9 Oa B Xb Y Ffv2 Vo L6 Hjpran Nyy Z Gf P Pw Lo Kz E Ulw Fnjunzxde P9zp Kb Fgn5e Cr Kdp5 Q Wz37 W9 K9w A51 Hvk Qsc Bs Zsjr3 Hv01 Xn Hp Qwq E (image/png)
Answer
  • traffic that is destined to LAN 1 and LAN 2
  • return traffic from the web server
  • traffic that is initiated from LAN 1 and LAN 2
  • no traffic will be inspected
  • http traffic that is initiated from LAN 1

Question 12

Question
Refer to the exhibit. Based on the IPS configuration provided, which conclusion can be drawn?
Image:
U Ac Up Cmkc Uy Z Us Va Gza P Fa P Jqvc Ac Hsx2 Bi1iwt Bq Mya J2 Fx7 W Px To Mh I V94z T9 C Op Ewdat6 Jv Dl5 Nfh4 Gb Sz4 Jci Cv Zt I5 Nmzkjx B So G Rml Cmcdwq Tumvg1u Ku Wf C Ps Ufge Ufv9au6 Y Rj Va If W1 G1 Boym7d4x P Xz A7g Pz36r Gkk Fn D Pv Jerxdx2 V (image/png)
Answer
  • The signatures in all categories will be compiled into memory and used by the IPS
  • The signatures in all categories will be retired and not be used by the IPS
  • Only the signatures in the ios_ips basic category will be compiled into memory and used by the IPS
  • The signatures in the ios_ips basic category will be retired and the remaining signatures will be compiled into memory and used by the IPS

Question 13

Question
A network administrator is configuring an IOS IPS with the command R1(config)# ip ips signature-definition Which configuration task can be achieved with this command?
Answer
  • Retire or unretire the ios_ips basic signature category
  • Retire or unretire an individual signature
  • Retire or unretire the all signature category
  • Retire or unretire the all atomic signatures category

Question 14

Question
What are two disadvantages of using an IDS? (Choose two.)
Answer
  • The IDS analyzes actual forwarded packets
  • The IDS does not stop malicious traffic
  • The IDS has no impact on traffic
  • The IDS works offline using copies of network traffic
  • The IDS requires other devices to respond to attacks

Question 15

Question
What are two shared characteristics of the IDS and the IPS? (Choose two.)
Answer
  • Both use signatures to detect malicious traffic
  • Both analyze copies of network traffic
  • Both have minimal impact on network performance
  • Both rely on an additional network device to respond to malicious traffic
  • Both are deployed as sensors

Question 16

Question
Refer to the exhibit. A network administrator enters the command on a Cisco IOS IPS router. What is the effect?
Image:
2k Px Sy K Gc C Cc Tgz Fahz Ojh31k Jtyb O Ki Hp Tf0x4ly A Ci Oum57 Exu Rw9 V Zy Fzv8 Ly H Ii Tp2bz X Ipev Yd Ds9f D L16 Gjcm31a Dn C J7 Xk X Owargd Iuhny Mk Gjbx97 O1r Ieaw9e Vy1u Qdb W Lqf C Vp U Td R Bfo6p Wrp4 X Yig Jdt1e4ul P Wis Cs V0r3vd Rxq W Jd0pb (image/png)
Answer
  • Alert messages are sent in syslog format
  • Alert messages are sent in trace file format
  • Alert messages are sent in Security Device Event Exchange (SDEE) format
  • Alert messages are sent in event log format

Question 17

Question
A network administrator suspects the default setting of the ip ips notify sdee command has caused performance degradation on the Cisco IOS IPS router. The network administrator enters the ip sdee events 50 command in an attempt to remedy the performance issues. What is the immediate effect of this command?
Answer
  • All events that were stored in the original buffer are saved, while a new buffer is created to store new events
  • All events that were stored in the previous buffer are lost
  • The newest 50 events from the original buffer are saved and all others are deleted
  • The oldest 50 events of the original buffer are deleted

Question 18

Question
True or False? A Cisco IDS does not affect the flow of traffic when it operates in promiscuous mode
Answer
  • True
  • False

Question 19

Question
What is a required condition to enable IPS activity reporting using the SDEE format?
Answer
  • Create an IOS IPS configuration directory in flash
  • Enable an HTTP or HTTPS service on the router
  • Configure the signature category
  • Issue the ip ips notify log command

Question 20

Question
Refer to the exhibit. Which statement best describes how incoming traffic on serial 0/0 is handled?
Image:
0 L Km Nmzahvp D7 Eo U Cmug4 Zqn Dh Ia9 O2t0 O Kg Ie Nh V382 Dgtkbq Kw Hlu Jhle Rupugfm2bww7 De7b Nrs Tups7 Y 1 In T2a Cz Ls Mwq23dwjbn Mnq Fn3k Adfw Arfk Yf Ioj Ef Rz6yhj4l Cs Wy P Jxj V Dq U9gkq Et5 Yylgvfs Fhir I Xv Luui Lm Almd V6 C Tp V Vrbstxgo Ok P (image/png)
Answer
  • Traffic that is coming from any source other than 172.31.235.0/24 will be scanned and reported
  • Traffic not matching ACL 100 will be dropped
  • Traffic not matching ACL 100 will be scanned and reported
  • Traffic that is sourced from 172.31.235.0/24 will be sent directly to its destination without being scanned or reported
  • Traffic matching ACL 100 will be scanned and reported
  • Traffic that is sourced from 172.31.235.0/24 will be scanned and reported

Question 21

Question
What is a disadvantage of network-based IPS as compared to host-based IPS?
Answer
  • Network-based IPS is less cost-effective
  • Network-based IPS should not be used with multiple operating systems
  • Network-based IPS cannot examine encrypted traffic
  • Network-based IPS does not detect lower level network events

Question 22

Question
n IPS sensor has detected the string confidential across multiple packets in a TCP session. Which type of signature trigger and signature type does this describe?
Answer
  • Trigger: Policy-based detection Type: Atomic signature
  • Trigger: Policy-based detection Type: Composite signature
  • Trigger: Anomaly-based detection Type: Atomic signature
  • Trigger: Anomaly-based detection Type: Composite signature
  • Trigger: Pattern-based detection Type: Atomic signatur
  • Trigger: Pattern-based detection Type: Composite signature

Question 23

Question
What are two drawbacks to using HIPS? (Choose two.)
Answer
  • With HIPS, the success or failure of an attack cannot be readily determined
  • With HIPS, the network administrator must verify support for all the different operating systems used in the network.
  • HIPS has difficulty constructing an accurate network picture or coordinating events that occur across the entire network
  • If the network traffic stream is encrypted, HIPS is unable to access unencrypted forms of the traffic
  • HIPS installations are vulnerable to fragmentation attacks or variable TTL attacks
Show full summary Hide full summary

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
CCNA Part 1
Axiom42
CCNA Answers – CCNA Exam
Abdul Demir
CCNA Part 2
Axiom42
Hálózat 5
Cougar
CCNA Security Chapter 1 Exam
d94829 d94829
CCNA Security HW 3 & 4 (also exam review)
Anthony Schulmeister
Hálózat 10
Cougar
CCNA Security Chapter 4 Exam
d94829 d94829
Browse Library