What are two examples of traditional host-based security measures? (Choose two.) NAS 802.1X host-based IPS host-based NAC antimalware software Answers Explanation & Hints: Traditional host-based security measures include antivirus/antimalware software,…
What two internal LAN elements need to be secured? (Choose two.) switches IP phones edge routers fiber connections cloud-based hosts Answers Explanation & Hints: Internal network protection is just as…
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices? These devices are not managed by the corporate IT department. These devices are more varied…
What is the goal of the Cisco NAC framework and the Cisco NAC appliance? to ensure that only hosts that are authenticated and have had their security posture examined and…
What type of data does the DLP feature of Cisco Email Security Appliance scan in order to prevent customer data from being leaked outside of the company? inbound messages outbound…
What is contained in an OVA file? a set of rules for an IDS or IPS to detect intrusion activity a list of atomic and composite signatures an installable version…
What is a characteristic of the connectivity policy setting when configuring Snort threat protection? it prioritizes security over connectivity it enables the highest number of signatures to be verified it…
What is a characteristic of the Community Rule Set type of Snort term-based subscriptions? it is fully supported by Cisco it has 60-day delayed access to updated signatures it is…
What is provided by the fail open and close functionality of Snort IPS? blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure keeps…
Match each Snort IPS rule action with the description.
Match each intrusion protection service with the description.
What situation will generate a true negative IPS alarm type? a verified security incident that is detected normal traffic that is correctly being ignored and forwarded normal traffic that generates…
Which IPS signature trigger category uses a decoy server to divert attacks away from production devices? pattern-based detection anomaly-based detection honey pot-based detection policy-based detection Answers Explanation & Hints: Honey…
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.) allow the activity disable the link reconverge the…
What information must an IPS track in order to detect attacks matching a composite signature? the total number of packets in the attack the state of packets related to the…
What is PulledPork? a rule management application that can be used to automatically download Snort rule updates a centralized management tool to push the rule sets based on preconfigured policy,…
What is a minimum system requirement to activate Snort IPS functionality on a Cisco router? ISR 2900 or higher at least 4 GB RAM at least 4 GB flash K9…
Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org? Signature allowed listing Snort rule set updates Snort rule set pull Snort rule set…
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks? Snort Nmap Netflow SIEM Answers Explanation & Hints: Snort is…
What are two characteristics of an IPS operating in promiscuous mode? (Choose two.) It can stop malicious traffic from reaching the intended target for all types of attacks. It does…