Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Pobierz pdf (Strona 58)

642 -531

Leading the way in IT testing and certification tools, www.testking.com

- 58 -

D. "tls generate-key" command generates a self-signed X.509 certificate

Answer: D

Page 9-33 CSIDS Courseware under Generating an X.509 Certificate

Use the tls generate-key command to generate the self-signed X.509 certificate needed by

TLS

QUESTION NO: 2

Which CLI command would permit remote network access to the IDS Sensor from

network 10.1.1.0/24?

A. sensor(config)# access-list 100 permit 10.1.1.0.0.0.0.255

B. sensor(config-Host-net)# access-list 100 permit 10.1.1.0.0.0.0.255

C. sensor(config)# accessList ipAddress 10.1.1.0 netmask 255.255.255.0

D. sensor(config-Host-net)# accessList ipAddress 10.1.1.0 netmask 255.255.255.0

ANSWER: D

Cisco Courseware 9-31

QUESTION NO: 3

A university’s security policy states that network devices must be managed using secure

communication methods.

Which Cisco IDS Sensor services must be disabled to meet this requirement? (Choose

two)

A. SSH

B. Telnet

C. TFTP

D. SNMP

E. FTP

F. RSH

Answer: B, E

Explanation: The Sensor always provides secure shell services (including scp). Increase the

security of the Sensor by disabling two services that allow clear text password authentication:

Telnet and FTP. For maximum security disable both.

Reference: Cisco IDS Sensor Software - Cisco Intrusion Detection System

Sensor Configuration Note Version 3.1

1 2 ... 53 54 55 56 57 58 59 60 61 62 63 ... 167 168

Brak uwag

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Strona 58