Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Pobierz pdf (Strona 93)

642 -531

Leading the way in IT testing and certification tools, www.testking.com

- 93 -

Answer: C

Explanation:

Protected—The protected attribute of the parameter applies only to the default signature set.

When a default signature parameter is protected, its value cannot be modified meaning that

the fundamental behavior of the default signature cannot be changed. For example, you can

modify certain parameters (AlarmThrottle, ChokeThreshold, Unique) of default signatures,

but not the underlying functionality, such as TcpFlags and Mask.

Note: If a parameter is protected, you cannot change it for the default signatures. You can

modify it for custom signatures.

D is better than C, because it covers both, DEFAULT and CUSTOM signatures – by the word

“only”.

Reference:

Cisco Courseware 13-16

QUESTION NO: 3

Which of the following custom signature configurations would result in a signature to

alarm on each occurrence and provide an IntervalSummary alarm if you receive 120

alarms in a 60 second time period?

A. SIG 20001 AlarmThrottle FireEvery ChokeThreshold 100 ThrottleInterval 120

B. SIG 20002 AlarmThrottle FireAll ChokeThreshold 60 ThrottleInterval 60

C. SIG 20003 AlarmThrottle FireAll ChokeThreshold 100 ThrottleInterval 60

D. SIG 20004 AlarmThrottle FireEvery ChokeThreshold 60 ThrottleInterval 120

Answer: C

Explanation:

ThrottleInterval defines the period of time used to control alarm summarization.

AlarmThrottle is a technique which is used to limit alarm firings.

Cisco Courseware 13-18, 13-19

QUESTION NO: 4

Which signature parameter defines the response taken when an alarm is fired?

A. Alarm Traits

B. EventAction

C. AlramAction

D. EventTraits

ANSWER: B

Event Action – The action to perform when an alarm is fired:

1 2 ... 88 89 90 91 92 93 94 95 96 97 98 ... 167 168

Brak uwag

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Strona 93