Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA Security (640-554) > Chapter 16 - Implementing IOS based IPS > Flashcards

Chapter 16 - Implementing IOS based IPS Flashcards

1
Q

What detection technology is available in an IPS appliance that is not on IOS based IPS?

A

anomaly-based detection.

IOS based IPS uses the following detection techologies:

  • Profile based
  • Signature based
  • Protocol analysis based
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where should inspection take place on a router running IOS based IPS?

A

Inspection should happen inbound on the interface (or interfaces) connected to untrusted networks (Internet), or less-trusted networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between a Retired and Unretired signature?

A

Unretired: The signtaure is compiled on the router and consumes memory even if it is enabled OR disabled.

Retired: There is no memory consumption on the router because the signature is not compiled (it can not be enabled).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SDEE is required for IPS to function on a router. How do you enable it via the CLI?

A

(config)# ip ips notify SDEE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SDEE?

A

SDEE is Security Device Event Exchange.

It is the protocol used to deliver alert information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you create an IPS rule via the command line?

A

(config)# ip ips name <ips_rule_name></ips_rule_name>

To apply it to an interface:

(config-if)# ip ips <ips_rule_name> in</ips_rule_name>

In = inbound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can you view how IPS is configured via command line?

A

show ip ips configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a disabled signature doing on a IPS device?

A

A signature that is “Disabled” means that the signature does not produce an alert but is compiled into memory and inspection takes place. It continues to consume router resources and can be quickly enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the basic tasks that must be completed using Cisco Configuration Professional (CCP) to setup IPS on a router?

A
  • Specify the signature file and the Cisco public key
  • Specify the configuration location and select the category of signatures to be applied to the selected interface(s).
  • Select the interface(s) to apply the IPS rule
  • Select the traffic flow direction that should be applied by the IPS rule
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the realm-cisco.pub public encryption key used for?

A

It is used to verify the digital signature of Cisco IPS signature file(s).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cisco CCNA Security (640-554) (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions