Q1 Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern? Options: A) Pattern-Based Detection B) Anomaly-Based Detection C) Honey Pot-Based Detection D) Policy-Based Detection

Answer: A) Pattern-Based Detection

Q2 What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity? Options: A) Trigger B) Definition C) Signature D) Event file

Answer: C) Signature

Q3 Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic? Options: A) True negative B) False positive C) True positive D) False negative

Answer: B) False positive

Q4 What is a characteristic of the Snort subscriber rule set term-based subscription? Options: A) It does not provide access to Cisco support. B) It provides 30-day delayed access to updated signatures. C) It is available for a fee. D) It focuses on reactive responses to security threats.

Answer: C) It is available for a fee.

Q5 Which classification indicates that an alert is verified as an actual security incident? Options: A) False positive B) True positive C) True negative D) False negative

Answer: B) True positive

Q6 Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco? Options: A) External Snort IPS Server B) Cisco IOS IPS C) Cisco Snort IPS D) Cisco Firepower Next-Generation

Answer: B) Cisco IOS IPS

Q7 Which statement correctly describes the configuration of a Snort VPG interface? Options: A) The VPG0 interface must have a routable address with access to the internet. B) The VPG1 interface must receive an address from DHCP. C) The VPG1 interface must use a routable static IP address. D) The VPG1 interface must be configured with a public IP address.

Answer: A) The VPG0 interface must have a routable address with access to the internet.

Q8 What are three actions that can be performed by Snort in IDS mode? (Choose three.) Options: A) Sdrop B) Log C) Reject D) Drop E) Alert F) Pass

Answer: B) Log E) Alert F) Pass

Q9 Which device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats? Options: A) Cisco Snort IPS B) Cisco FirePOWER NGIPS C) Cisco ASA D) Cisco IOS IPS

Answer: B) Cisco FirePOWER NGIPS

Q10 Which rule action will cause Snort IPS to block a packet without logging it? Options: A) Sdrop B) Alert C) Drop D) Reject

Answer: A) Sdrop

Q11 What is the source for IPS rule updates when using a Cisco intrusion prevention service? Options: A) SIEM B) Cisco Talos C) Security Onion D) Cisco.com

Answer: B) Cisco Talos