Network Security 1.0 Modules 11-12
What is PulledPort?
A rule management application that can be used to automatically download Snort rule updates
What is contained in an OVA file?
An installable version of a virtual machine
What is an advantage of HIPS that is not provided by IDS?
HIPS protects critical system resources and monitors operating system processes.
What is an advantage of using an IPS?
It can stop trigger packets
Which statement describes the function of the SPAN tool used in a Cisco switch?
It copes the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.
What is a characteristic of the Community Rule set type of snort term-based subscriptions?
It is available for free
What is a characteristics of an IDS?
It often requires assistance from other network devices to respond to an attack
What is a characteristic of the connectivity policy setting when configuring Snort threat protection?
It provides the lowest level of protection
What are two characteristics of an IPS operating in promiscuous mode? (Choose two)
It requires the assistance of another network device to respond to an attack It does not impact the flow of packets in forwarded traffic.
What is a minimum system requirement to activate Snort IPS functionality on a Cisco router?
K9 license
Which tool can perform real-time traffic and port analysis, and can also detect port scans, fingerprinting and buffer overflow attacks?
Snort
Which snort IPS feature enables a router to download rule sets direcetly from cisco.com or snort.org.
Snort rule set pull
What information must an IPS track in order to detect attacks matching a composite signature?
The state of packets related to the attack
What is a network trap?
a passive device that forwards all traffic and physical layer errors to an analysis device.
What is provided by the fail open and close functionality of Snort IPS?
blocks the traffic flow or bypasses IPS checking in the event of an IPS engine failure
What are two characteristics of both IPS and IDS sensors? (Choose two)
both use signatures to detect patterns both can detect atomic patterns
What are two actions that an IPS can perform whenever a signature detects the activity for which it is configured? (Choose two)
drop or prevent the activity allow the activity
A network administrator is trying to download a valid file from an internal server. However, the process triggers an alert on a NMS tool. What condition describes this alert?
false positive
Which IPS signature trigger category uses a decoy server to divert attacks away from production devices?
honey pot-based detection
What situation will generate a true negative IPS alarm type?
normal traffic that is correctly being ignored and forwarded
