NETAUTH MOD 9,10,11,12 questions

Ace your homework & exams now with Quizwiz!

Which Cisco platform supports Cisco Snort IPS?

4000 series ISR

What are two benefits of implementing a firewall in a network? (Choose two.)

- A firewall will sanitize protocol flow - A firewall will reduce security management complexity

What are the three actions supported by Snort IDS? (Choose three.)

- Alert - Log - Pass

Which action terminates a malicious packet only?

Deny packet inline

How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?

Drop

What is a host-based intrusion detection system (HIDS)?

It combines the functionalities of antimalware applications with firewall protection

What is a zero-day attack?

It is a computer attack that exploits unreported software vulnerabilities

Which type of firewall is supported by most routers and is the easiest to implement?

Packet filtering firewall

What are two characteristics of an application gateway firewall? (Choose two.)

- Analyzes traffic at Layers 3, 4, 5, and 7 of the OSI model - Performs most filtering and firewall control in software

When a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)

- Inspect - Drop

Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)

- Layer 3 - Layer 4 - Layer 5

What are three actions that can be performed by Snort in IDS mode? (Choose three.)

- Log - Pass - Alert

Which two options are components of Snort IPS that is running on an ISR 4000? (Choose two.)

- Snort engine - Snort rule Set

Which three statements describe trusted and untrusted areas of the network? (Choose three.)

- The public internet is generally considered untrusted - Internal networks, except the dmz, are considered trusted - In a ZPF network, traffic that moves within zones is generally considered trusted

Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)

- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone. - Pass, inspect, and drop options can only be applied between two zones. - If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.

Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)

- UDP - ICMP

When implementing a ZPF, which statement describes a zone?

A zone is a group of one or more interfaces that have similar functions or features.

Which statement describes a factor to be considered when configuring a zone-based policy firewall?

A zone must be configured with the zone security global command before it can be used in the zone-member security command

Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model?

Application Gateway

Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?

By default, traffic is allowed to flow among interfaces that are members of the same zone

Snort IPS is available on which router platform?

Cisco 4000

Which device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats?

Cisco FirePOWER NGIPS

Which intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco?

Cisco IOS IPS

What is the source for IPS rule updates when using a Cisco intrusion prevention service?

Cisco Talos

In what step of zone-based policy firewall configuration is traffic identified for policy application?

Configuring Class Maps

Which network security design typically uses one inside interface, one outside interface, and one DMZ interface?

Demilitarized

What are two best practices when implementing firewall security policies?

Disable unnecessary network services

True or False? A HIPS can be configured in either promiscuous or inline mode.

False

Which type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic?

False positive

What is true of a HIPS?

HIPS software combines anti-virus, anti-malware, and firewall functionality

Which type of firewall is a PC or server with firewall software running on it?

Host-based

Which type of firewall is a combination of various firewall types?

Hybrid

Cannot stop the trigger packet and is not guaranteed to stop a connection (IDP or IPS)

IDS

Deployed in offline mode (IDP or IPS)

IDS

Less helpful in stopping email viruses and automated attacks, such as worms (IDP or IPS)

IDS

More vulnerable to network security evasion techniques enabled by various network attack methods (IDP or IPS)

IDS

Primarily focused on identifying possible incidents, logging information about the incidents, and reporting the incidents (IDP or IPS)

IDS

Which network monitoring technology passively monitors network traffic to detect attacks?

IDS

In which operating mode does Snort IDS inspect traffic and report alerts, but does not take any action to prevent attacks?

IDS mode

Can be configured to perform a packet drop to stop the trigger packet (IDP or IPS)

IPS

Can use stream normalization techniques to reduce or eliminate many of the network security evasion capabilities that exist (IDP or IPS)

IPS

Must be deployed inline, and traffic must be able to pass through it (IDP or IPS)

IPS

Must be implemented so that time-sensitive applications are not adversely affected (IDP or IPS)

IPS

What is one benefit of using a next-generation firewall rather than a stateful firewall?

Integrated use of an intrusion prevention system (IPS)

What is a feature of an IPS?

It can stop malicious packets

What is a characteristic of an IPS operating in inline-mode?

It can stop malicious traffic from reaching the intended target

Which statement describes a feature of a zone-based policy firewall?

It does not depends on ACL's

What is an IPS signature?

It is a set of rules used to detect typical intrusive activity

What is a characteristic of the Snort subscriber rule set term-based subscription?

It is available for a fee

Which security design uses different types of firewalls and security measures that are combined at different areas of the network to add depth to the security of an organization ?

Layered Defense

Which action logs the IP address from a malicious source only and sends an alert?

Log attacker packets

Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?

Network Tap

Which type of file contains a compressed, installable version of the Snort IPS virtual machine?

OVA

Which type of firewall is part of a router firewall, permitting or denying traffic based on Layer 3 and Layer 4 information?

Packet Filtering

Which IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?

Pattern-Based Detection

Which action makes the IPS device send TCP resets to hijack and terminate a TCP flow?

Reset TCP connection

What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?

SPAN

What term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?

Signature

Which statement correctly describes the configuration of a Snort VPG interface?

The VPG0 interface must have a routable address with access to the internet

Which statement accurately describes Cisco IOS zone-based policy firewall operation?

The pass action works in only one directions

In ZPF design, what is described as the self zone?

The router itself, including all interfaces with assigned IP addresses.

Which statement is a characteristic of a packet filtering firewall?

They are susceptible to IP spoofing

How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?

Traffic is usually blocked when it is origination from the DMZ network and traveling to a private network

When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?

Traffic must match all of the match criteria specified in the statement.

Which type of traffic is usually blocked when implementing a demilitarized zone?

Traffic originating from the DMZ network and traveling to the private network.

Which type of firewall filters IP traffic between a pair of bridged interfaces?

Transparent

Which classification indicates that an alert is verified as an actual security incident?

True positive

Which Snort IPS interface statement is true?

Two virtual port group interfaces are required

What is an example of a HIPS?

Windows Defender

Which network design groups interfaces into zones with similar functions or features?

ZPF

Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?

determine the zones

Which statement describes a zone when implementing ZPF on a Cisco router?

A zone establishes a security border of a network.

Which device supports the use of SPAN to enable monitoring of malicious activity?

Cisco Catalyst Switch

Can affect network performance by introducing latency and jitter (IDP or IPS)

IPS

What is true of a NIPS that is running in inline mode?

It can add latency to the network

Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?

Packet filtering firewall

Which rule action will cause Snort IPS to block a packet without logging it?

Sdrop

Where does the Snort engine run?

Service Container

Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?

Snort IPS

Which network monitoring capability is provided by using SPAN?

Traffic Exiting and entering a switch is copied to a network monitoring device

Which type of firewall generally has a low impact on network performance?

stateless firewall


Related study sets

Read and DO LS Chapter 3: The Income Statement

View Set

CR101B Introduction to Collision Repair

View Set

Biology, Unit 2, Lesson 6, Asexual Reproduction

View Set

Buddhism and New Religious Movements

View Set

Data and Computer Communications - MedTerm

View Set

Chapter 8: TCP/IP Internetworking

View Set