Cisco IDS/IPS Fundamentals

Question 1

Which method should you implement when it is not acceptable for an attack to reach its intended victim?

Answer 1

IPS

Question 2

A company has hired you to determine whether attacks are happening against the server farm, and it does not want any additional delay added to the network. Which deployment method should be used?

Answer 2

IDS

Question 3

Why does IPS have the ability to prevent an ICMP-based attack from reaching the intended victim?

Answer 3

The IPS is inline with the traffic

Question 4

Which method of IPS uses a baseline of normal network behavior and looks for deviations from that baseline?

Answer 4

Anomaly-based IPS

Question 5

Which type of implementation required custom signatures to be created by the administrator?

Answer 5

Policy-based IPS

Question 6

Which method requires participation in global correlation involving groups outside your own enterprise?

Answer 6

Reputation-based IPS

Question 7

Which if the micro-engines contains signatures that can only match on a single packet, as opposed to a flow of packets?

Answer 7

Atomic

Question 8

Which properties directly associated with a signature?

Answer 8

ASR, SFR

Question 9

Is assigning aggressive IPS responses to specific signatures best practices?

Answer 9

True

Question 10

What is the name of Cisco cloud-based services for IPS correlation?

Answer 10

SIO

Question 11

Name three Next-Generation IPS (NGIPS) solution?

Answer 11

NGIPSv, ASA with FirePOWER, FirePOWER 8000 series appliances