Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Pobierz pdf (Strona 91)

642 -531

Leading the way in IT testing and certification tools, www.testking.com

- 91 -

Which statement is true when creating custom signatures on a Cisco IDS Sensor in IDS

MC?

A. All parameter fields must be entered.

B. They are automatically saved to the Sensor.

C. The default action is logging.

D. They are enabled by default.

ANSWER: D

Explanation:

Custom signatures are enabled by default. It is recommended to test custom signatures in a

non-production environment to avoid unexpected results including network disruption.

Cisco Courseware 14-30

QUESTION NO: 8

A company has a requirement to create a custom signature that detects BGP packets

traversing the network.

Which Cisco IDS signature micro-engine can be used to create this signature?

A. Atomic.TCP

B. Atomic.L3.IP

C. Sweep.Port.TCP

D. Atomic.IPOptions

Answer: B

Explanation:

The following are Atomic.l3.IP parameters:

MaxProto-defines the maximum IP protocol number, after which the signature fires

MinProto-Defines the minimum IP protocol number, after which the signature fires

isRFC1918-Defines whether the packet is from RFC 1918 address pool

-Cisco Secure Intrusion Detection System 4 chap 13 page 13

BGP is a layer 3 routing protocol. Atomic.L3.IP will detect layer 3 IP alarms

Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 628

QUESTION NO: 9

A hospital’s security policy states that any e-mail messages with the words SSN or Social

Security must be detected by the IDS Sensor.

Which Cisco IDS signature micro-engine should be used to create the signature?

A. Atomic.TCP

B. Atomic.UDP

C. String.ICMP

D. String.TCP

1 2 ... 86 87 88 89 90 91 92 93 94 95 96 ... 167 168

Brak uwag

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Strona 91