NETAUTH MOD 9,10,11,12 questions
Which Cisco platform supports Cisco Snort IPS?
4000 series ISR
What are two benefits of implementing a firewall in a network? (Choose two.)
- A firewall will sanitize protocol flow - A firewall will reduce security management complexity
What are the three actions supported by Snort IDS? (Choose three.)
- Alert - Log - Pass
Which action terminates a malicious packet only?
Deny packet inline
How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?
Drop
What is a host-based intrusion detection system (HIDS)?
It combines the functionalities of antimalware applications with firewall protection
What is a zero-day attack?
It is a computer attack that exploits unreported software vulnerabilities
Which type of firewall is supported by most routers and is the easiest to implement?
Packet filtering firewall
What are two characteristics of an application gateway firewall? (Choose two.)
- Analyzes traffic at Layers 3, 4, 5, and 7 of the OSI model - Performs most filtering and firewall control in software
When a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)
- Inspect - Drop
Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)
- Layer 3 - Layer 4 - Layer 5
What are three actions that can be performed by Snort in IDS mode? (Choose three.)
- Log - Pass - Alert
Which two options are components of Snort IPS that is running on an ISR 4000? (Choose two.)
- Snort engine - Snort rule Set
Which three statements describe trusted and untrusted areas of the network? (Choose three.)
- The public internet is generally considered untrusted - Internal networks, except the dmz, are considered trusted - In a ZPF network, traffic that moves within zones is generally considered trusted
Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)
- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone. - Pass, inspect, and drop options can only be applied between two zones. - If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.
Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)
- UDP - ICMP
When implementing a ZPF, which statement describes a zone?
A zone is a group of one or more interfaces that have similar functions or features.
Which statement describes a factor to be considered when configuring a zone-based policy firewall?
A zone must be configured with the zone security global command before it can be used in the zone-member security command
Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model?
Application Gateway
Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
By default, traffic is allowed to flow among interfaces that are members of the same zone
Snort IPS is available on which router platform?
Cisco 4000
Which device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats?
Cisco FirePOWER NGIPS
Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco?
Cisco IOS IPS
What is the source for IPS rule updates when using a Cisco intrusion prevention service?
Cisco Talos
In what step of zone-based policy firewall configuration is traffic identified for policy application?
Configuring Class Maps
Which network security design typically uses one inside interface, one outside interface, and one DMZ interface?
Demilitarized
What are two best practices when implementing firewall security policies?
Disable unnecessary network services
True or False? A HIPS can be configured in either promiscuous or inline mode.
False
Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic?
False positive
What is true of a HIPS?
HIPS software combines anti-virus, anti-malware, and firewall functionality
Which type of firewall is a PC or server with firewall software running on it?
Host-based
Which type of firewall is a combination of various firewall types?
Hybrid
Cannot stop the trigger packet and is not guaranteed to stop a connection (IDP or IPS)
IDS
Deployed in offline mode (IDP or IPS)
IDS
Less helpful in stopping email viruses and automated attacks, such as worms (IDP or IPS)
IDS
More vulnerable to network security evasion techniques enabled by various network attack methods (IDP or IPS)
IDS
Primarily focused on identifying possible incidents, logging information about the incidents, and reporting the incidents (IDP or IPS)
IDS
Which network monitoring technology passively monitors network traffic to detect attacks?
IDS
In which operating mode does Snort IDS inspect traffic and report alerts, but does not take any action to prevent attacks?
IDS mode
Can be configured to perform a packet drop to stop the trigger packet (IDP or IPS)
IPS
Can use stream normalization techniques to reduce or eliminate many of the network security evasion capabilities that exist (IDP or IPS)
IPS
Must be deployed inline, and traffic must be able to pass through it (IDP or IPS)
IPS
Must be implemented so that time-sensitive applications are not adversely affected (IDP or IPS)
IPS
What is one benefit of using a next-generation firewall rather than a stateful firewall?
Integrated use of an intrusion prevention system (IPS)
What is a feature of an IPS?
It can stop malicious packets
What is a characteristic of an IPS operating in inline-mode?
It can stop malicious traffic from reaching the intended target
Which statement describes a feature of a zone-based policy firewall?
It does not depends on ACL's
What is an IPS signature?
It is a set of rules used to detect typical intrusive activity
What is a characteristic of the Snort subscriber rule set term-based subscription?
It is available for a fee
Which security design uses different types of firewalls and security measures that are combined at different areas of the network to add depth to the security of an organization ?
Layered Defense
Which action logs the IP address from a malicious source only and sends an alert?
Log attacker packets
Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
Network Tap
Which type of file contains a compressed, installable version of the Snort IPS virtual machine?
OVA
Which type of firewall is part of a router firewall, permitting or denying traffic based on Layer 3 and Layer 4 information?
Packet Filtering
Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?
Pattern-Based Detection
Which action makes the IPS device send TCP resets to hijack and terminate a TCP flow?
Reset TCP connection
What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?
SPAN
What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?
Signature
Which statement correctly describes the configuration of a Snort VPG interface?
The VPG0 interface must have a routable address with access to the internet
Which statement accurately describes Cisco IOS zone-based policy firewall operation?
The pass action works in only one directions
In ZPF design, what is described as the self zone?
The router itself, including all interfaces with assigned IP addresses.
Which statement is a characteristic of a packet filtering firewall?
They are susceptible to IP spoofing
How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?
Traffic is usually blocked when it is origination from the DMZ network and traveling to a private network
When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?
Traffic must match all of the match criteria specified in the statement.
Which type of traffic is usually blocked when implementing a demilitarized zone?
Traffic originating from the DMZ network and traveling to the private network.
Which type of firewall filters IP traffic between a pair of bridged interfaces?
Transparent
Which classification indicates that an alert is verified as an actual security incident?
True positive
Which Snort IPS interface statement is true?
Two virtual port group interfaces are required
What is an example of a HIPS?
Windows Defender
Which network design groups interfaces into zones with similar functions or features?
ZPF
Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?
determine the zones
Which statement describes a zone when implementing ZPF on a Cisco router?
A zone establishes a security border of a network.
Which device supports the use of SPAN to enable monitoring of malicious activity?
Cisco Catalyst Switch
Can affect network performance by introducing latency and jitter (IDP or IPS)
IPS
What is true of a NIPS that is running in inline mode?
It can add latency to the network
Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?
Packet filtering firewall
Which rule action will cause Snort IPS to block a packet without logging it?
Sdrop
Where does the Snort engine run?
Service Container
Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?
Snort IPS
Which network monitoring capability is provided by using SPAN?
Traffic Exiting and entering a switch is copied to a network monitoring device
Which type of firewall generally has a low impact on network performance?
stateless firewall