Lecture 10 Pt. 2

Question 1

Organizations may switch to a stanadlone NGIPS appliance if their firewall lacks _____ c___________

Answer 1

NGIPS capabilities

Scenarios include passive, inline without blocking, and inline with blocking.

Question 2

What performance issue often arises when enabling security applications on NGFW?

Answer 2

Throughput degradation/increased latency.

Question 3

How does separating the NGFW and NGIPS affect throughput and security?

Answer 3

It optimizes throughput and security

Question 4

What capabilities does NGIPS provide for network resiliency based on the chosen hardware and deployment? (Fail-_____)*3

Answer 4

NGIPS can fail-open (taffic passes through logically), fail-closed (block all traffic), or fail-to-wire (traffic passes through physically, the device becomes a wire).

Fail Open may still involve software or OS-level logic, Fail-to-wire sends traffic as electrical signals

Question 5

What can lead to conflict in an enterprise regarding NetOps and SecOps?

Answer 5

Using a single appliance for the NGFW and NGIPS

Conflicts may arise if both operations are combined without clear delineation.

Question 6

An IPS will typically operate in the same Network location as the firewall, but where is it generally positioned?

Answer 6

After the firewall, closer to the interior or private network.

Question 7

The primary function of an IDS is to ______ potential _______ and generate _______

Answer 7

detect; threats; alerts.

Question 8

Who is a leader in NGIPS technology?

Answer 8

Cisco.

Cisco offers Firepower NGIPS products for protection against evolving attack surfaces.

Question 9

What is the basis of the Cisco Firepower NGIPS engine?

Answer 9

Well-defined open source Snort.

Snort is a widely used intrusion detection and prevention system.

Question 10

What does SRU stand for in the context of Cisco NGIPS?

Answer 10

Snort Rules Updates.

SRUs contain the latest Snort rules and are released regularly for updates.

Question 11

How often are Snort Rules Updates (SRUs) released?

Answer 11

On Tuesday and Thursday, with out-of-band releases for critical updates.

Each SRU includes a complete rule set.

Question 12

What is the role of the Cisco Talos team?

Answer 12

Developing Cisco Snort IPS rules.

The team also ensures that rules are open for inspection and sourced from various inputs.

Question 13

Throughput issues on a NGIPS/NGFW combination system can be alleviated by:

Answer 13

Switching to a standalone NGIPS system

Question 14

Issue with combination firewalls: Mandatory ________ m____ and performance may exceed firewall capabilities

Answer 14

Mandatory blocking mode

Mandatory blocking: All suspicious traffic must be blocked

Question 15

Is a NGFW/NGIPS combination adequate for the segregation of NetOps and SecOps responsibilities?

Answer 15

No, ideally they should be separated

Question 16

T/F - You must prepare a fault-tolerance solution within a SPAN or TAP deployment

Answer 16

False

Question 17

T/F - You must prepare a fault-tolerance solution within an inline deployment

Answer 17

True. Fail-open, Fail-closed, or Fail-to-wire

Question 18

You ideally want the _________ to filter out non-legitimate traffic before the ___ analyzes the traffic flow