Cisco Secure Intrusion Detection System Questions Answers

1.	Which of the following sensor models is capable of delivering 200 Mbps or more of monitoring and analyzing? The IDSM module for the Catalyst 5500 The IDSM module for the Catalyst 6500 The 4235-network sensor appliance The 4250-network sensor appliance
2.	On which of the following operation systems will CSPM operate properly? Windows NT 4.0 Windows NT 3.5 Windows 2000 Sun Solaris or HPUX
3.	What is the command that can be used to start the IDS system on a 4200 series network sensor appliance? startids idsstart Idsstart nr.idsstart
4.	Which of the following daemons is responsible for the monitoring and analyzing of network traffic? packetd services auth managed
5.	Where are archived IP session log files located? /usr/nr/var /usr/nr/var/new /usr/nr/var/iplog /usr/nr/var/iplog/new
6.	Which file would you open to see the IP address and UDP port associated with the host name of a CIDS component? auth routes destinations hosts
7.	What is the default installation directory on all CIDS sensors? root\usr \usr\var \usr\nr \usr\nr\etc
8.	What command would return the current services running and their versions? idsvers showidsver showver idsshowver
9.	What is the protocol used as a communication vehicle between the sensor and director platforms? postofficed SMTP IMAP PostOffice
10.	The CIDS Director for UNIX will run on which of the following operating systems? HPUX HPOV Sun Solaris HP OpenView
11.	Why should IP blocking be used cautiously? Because it’s difficult to configure Because it gives too much control to the sensor Because it’s impossible to unblock an address once it’s been blocked Because hackers can use this feature to attack your infrastructure
12.	What type of files are stored in the /usr/nr/etc directory? Configuration files System files IP session log files Archived log files
13.	What is a token? A configuration parameter A configuration file A daemon installed on a sensor A device used in video games
14.	What script can assist administrators in troubleshooting communication issues between CIDS devices? auths idscomm idsconn idsstatus
15.	Which of the following files should not be changed unless directed by Cisco? signature hosts auth destinations
16.	What are the four types of log files? packetd, postofficed, fileXferd, loggerd idsstart, idsstop, idsstatus, idsvers alarm, notification, event, error event, error, IP session, command
17.	The director platform can be configured to respond automatically to an attack by what? Blocking the offending IP address Sending a TCP reset packet Creating an IP Session log None of the above
18.	Which of the following daemons are responsible for file deletion and for moving log files to the database staging area? loggerd packetd fileXferd sapd
19.	Which of the following daemons allow the director platforms to configure sensors remotely? fileXferd managed postofficed smid
20.	Which of the following daemons runs only on the sensor or only on the director, but doesn’t run on both? loggerd smid packetd fileXferd

Answers

1.	C. and D. Both the 4235 and 4250 are capable of 200 Mbps or better
2.	A. Windows NT 4.0
3.	B. idsstart
4.	A. packetd
5.	D. /usr/nr/var/iplog/new
6.	B. routes
7.	C. /usr/nr
8.	A. idsvers
9.	D. PostOffice
10.	A. and C. HPUX and Sun Solaris
11.	D. Because hackers can use this feature to attack your infrastructure
12.	A. and B. Configuration and System files
13.	A. A configuration parameter
14.	C. idsconn
15.	A. signature
16.	D. event, error, IP session, command
17.	D. None of the above
18.	D. sapd
19.	A. .fileXferd
20.	B. and C. packetd (sensor), smid (director)

Cisco Secure Intrusion Detection System Questions Answers

Questions

admin