Q1
What is an IPS signature?
Options:
A) It is a set of rules used to detect typical intrusive activity.
B) It is the authorization that is required to implement a security policy.
C) It is the timestamp that is applied to logged security events and alarms.
D) It is a security script that is used to detect unknown threats.
Answer: A) It is a set of rules used to detect typical intrusive activity.
1/13
| Term | Definition |
|---|---|
| Q1 What is an IPS signature? Options: A) It is a set of rules used to detect typical intrusive activity. B) It is the authorization that is required to implement a security policy. C) It is the timestamp that is applied to logged security events and alarms. D) It is a security script that is used to detect unknown threats. | Answer: A) It is a set of rules used to detect typical intrusive activity. |
| Q2 Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device? Options: A) Network tap B) SNMP C) IDS D) NetFlow | Answer: A) Network tap |
| Q3 What is a characteristic of an IPS operating in inline-mode? Options: A) It can stop malicious traffic from reaching the intended target. B) It requires the assistance of another network device to respond to an attack. C) It can only send alerts and does not drop any packets. D) It does not affect the flow of packets in forwarded traffic. | Answer: A) It can stop malicious traffic from reaching the intended target. |
| Q4 What is a zero-day attack? Options: A) It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability. B) It is a computer attack that occurs on the first day of the month. C) It is an attack that results in no hosts able to connect to a network. D) It is a computer attack that exploits unreported software vulnerabilities. | Answer: D) It is a computer attack that exploits unreported software vulnerabilities. |
| Q5 What is a feature of an IPS? Options: A) It is deployed in offline mode. B) It has no impact on latency. C) It can stop malicious packets. D) It is primarily focused on identifying possible incidents. | Answer: C) It can stop malicious packets. |
| Q6 Which network monitoring technology passively monitors network traffic to detect attacks? Options: A) TAP B) IDS C) IPS D) RSPAN | Answer: B) IDS |
| Q7 Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks? Options: A) IOS IPS B) SPAN C) Snort IPS D) RSPAN | Answer: C) Snort IPS |
| Q8 Which Cisco platform supports Cisco Snort IPS? Options: A) 800 series ISR B) 3900 series ISR C) 4000 series ISR D) 2900 series ISR | Answer: C) 4000 series ISR |
| Q9 Which device supports the use of SPAN to enable monitoring of malicious activity? Options: A) Cisco NAC B) Cisco IronPort C) Cisco Catalyst switch D) Cisco Security Agent | Answer: C) Cisco Catalyst switch |
| Q10 What is a host-based intrusion detection system (HIDS)? Options: A) It identifies potential attacks and sends alerts but does not stop the traffic. B) It detects and stops potential direct attacks but does not scan for malware. C) It is an agentless system that scans files on a host for potential malware. D) It combines the functionalities of antimalware applications with firewall protection. | Answer: A) It identifies potential attacks and sends alerts but does not stop the traffic. |
| Q11 Which network monitoring capability is provided by using SPAN? Options: A) Traffic exiting and entering a switch is copied to a network monitoring device. B) Network analysts are able to access network device log files and to monitor network behavior. C) Real-time reporting and long-term analysis of security events are enabled. D) Statistics on packets flowing through Cisco routers and multilayer switches can be captured. | Answer: A) Traffic exiting and entering a switch is copied to a network monitoring device. |
| Q12 What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis? Options: A) Syslog B) SNMP C) NAC D) SPAN | Answer: D) SPAN |