Q1
Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?
Options:
A) Pattern-Based Detection
B) Anomaly-Based Detection
C) Honey Pot-Based Detection
D) Policy-Based Detection
Answer: A) Pattern-Based Detection
1/11
| Term | Definition |
|---|---|
| Q1 Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern? Options: A) Pattern-Based Detection B) Anomaly-Based Detection C) Honey Pot-Based Detection D) Policy-Based Detection | Answer: A) Pattern-Based Detection |
| Q2 What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity? Options: A) Trigger B) Definition C) Signature D) Event file | Answer: C) Signature |
| Q3 Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic? Options: A) True negative B) False positive C) True positive D) False negative | Answer: B) False positive |
| Q4 What is a characteristic of the Snort subscriber rule set term-based subscription? Options: A) It does not provide access to Cisco support. B) It provides 30-day delayed access to updated signatures. C) It is available for a fee. D) It focuses on reactive responses to security threats. | Answer: C) It is available for a fee. |
| Q5 Which classification indicates that an alert is verified as an actual security incident? Options: A) False positive B) True positive C) True negative D) False negative | Answer: B) True positive |
| Q6 Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco? Options: A) External Snort IPS Server B) Cisco IOS IPS C) Cisco Snort IPS D) Cisco Firepower Next-Generation | Answer: B) Cisco IOS IPS |
| Q7 Which statement correctly describes the configuration of a Snort VPG interface? Options: A) The VPG0 interface must have a routable address with access to the internet. B) The VPG1 interface must receive an address from DHCP. C) The VPG1 interface must use a routable static IP address. D) The VPG1 interface must be configured with a public IP address. | Answer: A) The VPG0 interface must have a routable address with access to the internet. |
| Q8 What are three actions that can be performed by Snort in IDS mode? (Choose three.) Options: A) Sdrop B) Log C) Reject D) Drop E) Alert F) Pass | Answer: B) Log E) Alert F) Pass |
| Q9 Which device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats? Options: A) Cisco Snort IPS B) Cisco FirePOWER NGIPS C) Cisco ASA D) Cisco IOS IPS | Answer: B) Cisco FirePOWER NGIPS |
| Q10 Which rule action will cause Snort IPS to block a packet without logging it? Options: A) Sdrop B) Alert C) Drop D) Reject | Answer: A) Sdrop |
| Q11 What is the source for IPS rule updates when using a Cisco intrusion prevention service? Options: A) SIEM B) Cisco Talos C) Security Onion D) Cisco.com | Answer: B) Cisco Talos |