Blog

What is contained in an OVA file? a set of rules for an IDS or IPS to detect intrusion activity a list of atomic and composite signatures an installable version…

What is a characteristic of the connectivity policy setting when configuring Snort threat protection? it prioritizes security over connectivity it enables the highest number of signatures to be verified it…

What is a characteristic of the Community Rule Set type of Snort term-based subscriptions? it is fully supported by Cisco it has 60-day delayed access to updated signatures it is…

What is provided by the fail open and close functionality of Snort IPS? blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure keeps…

Match each Snort IPS rule action with the description.

Match each intrusion protection service with the description.

What situation will generate a true negative IPS alarm type? a verified security incident that is detected normal traffic that is correctly being ignored and forwarded normal traffic that generates…

Which IPS signature trigger category uses a decoy server to divert attacks away from production devices? pattern-based detection anomaly-based detection honey pot-based detection policy-based detection Answers Explanation & Hints: Honey…

What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two.) allow the activity disable the link reconverge the…

What information must an IPS track in order to detect attacks matching a composite signature? the total number of packets in the attack the state of packets related to the…

What is PulledPork? a rule management application that can be used to automatically download Snort rule updates a centralized management tool to push the rule sets based on preconfigured policy,…

What is a minimum system requirement to activate Snort IPS functionality on a Cisco router? ISR 2900 or higher at least 4 GB RAM at least 4 GB flash K9…

Which Snort IPS feature enables a router to download rule sets directly from cisco.com or snort.org? Signature allowed listing Snort rule set updates Snort rule set pull Snort rule set…

Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks? Snort Nmap Netflow SIEM Answers Explanation & Hints: Snort is…

What are two characteristics of an IPS operating in promiscuous mode? (Choose two.) It can stop malicious traffic from reaching the intended target for all types of attacks. It does…

What is a characteristic of an IDS? It often requires assistance from other network devices to respond to an attack. It can be configured to drop trigger packets that are…

What is an advantage of using an IPS? It can stop trigger packets. It has no impact on network latency. It is installed outside of the data traffic flow. It…

What are two characteristics of both IPS and IDS sensors? (Choose two.) both use signatures to detect patterns both can detect atomic patterns both can stop trigger packets neither introduce…

Which statement describes Cisco IOS Zone-Based Policy Firewall operation? The pass action works in only one direction. A router interface can belong to multiple zones. Service policies are applied in…

What is the first step in configuring a Cisco IOS zone-based policy firewall via the CLI? Create zones. Define traffic classes. Define firewall policies. Assign policy maps to zone pairs.…