Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Pobierz pdf (Strona 21)

642-531

5) Apply the VLAN access-map to the specified VLANs

6) Select an interface.

7) Enable the capture function on the interface.

Cisco Courseware 5-38

QUESTION 49

What is a primary reason for using the mls ip ids command to capture traffic instead of VACLs?

A. higher performance due to hardware-based multilayer switching

B. CBAC is configured on the same VLAN

E. mls ip ids offers more granularity for traffic capture than VACLs

Answer: B

You cannot apply VACLs to the same VLAN in which you have applied an IP inspect rule for the Cisco IDS

Firewall.

(IP inspect rule is a CBAC feature -> mls ip ids can be used instead of VACLs to solve this problem)

Cisco Courseware 5-45, 5-48

QUESTION 50

Network topology exhibit:

Refer to the exhibit. All switches are connected through Fast Ethernet connections. Server Certkiller 2

is in VLAN 3.

Which command represents a valid configuration step to permit Sensor IDS1 to monitor traffic sent from

Server Certkiller 2?

A. 2950(config)# monitor session 1 source interface fastEthernet 0/5 tx

B. 2950(config)# monitor session 1 source interface fastEthernet 0/5 rx

C. 2950(config)# port monitor fastEthernet 0/5

D. 2950(config)# port monitor vlan 3 Interface fastEthernet 0/24 both

E. 2950>(enable) set span 0/5 0/24 both

Answer: B

sent FROM server, RECEIVED by fastEthernet 0/5 -> rx

Cisco Courseware 5-16

Note:The reason is not

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 122 123

Brak uwag

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Arkusz Danych Strona 21