Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list stáhnout pdf (Strana 53)

642-531

C. They are considered critical hosts and should not be blocked.

D. They provide a method for the Sensor to route through the subnet to the managed router.

Answer: A

Explanation:

Today's networks have several entry points to provide reliability, redundancy, and resilience. These entry points

also represent different avenues for the attacker to attack your network. You must identify all the entry points

into your network and decide whether they need to also participate in IP blocking.

Reference:Cisco Secure Intrusion Detection System (Ciscopress) page 467

Cisco Secure Intrusion Detection System 4 chap 15 page 8

Note: It is recommended that Sensors be placed at those network entry and exit points that provide sufficient

intrusion detection coverage. Cisco Secure Intrusion Detection System 4 chap 4 page 37

QUESTION 123

Which of the following commands does a Cisco IOS router use to block attacks, as directed by and IDS

blocking Sensor?

A. acl

B. shun

C. access-list

D. set security acl ip

Answer: C

Explanation:

If you configure the sensor for blocking, every router interface you configure the sensor to manage is controlled

solely by the sensor even if no blocks are applied. The default ACL used by the sensor sets permit ip any any

for controlled interfaces, and all traffic not being currently blocked is allowed through the router on the

controlled interface. You should accept the ACL generated by the sensor.

If you want to change the ACL generated by the sensor, you can specify preshun or postshun ACLs by using

the PreShunACL and PostShunACL tokens. The sensor allows two ACL numbers for each interface that is

controlled by device management. The PreShunACL designates ACL entries that the sensor should place in the

ACL before placing any deny entries for the addresses being blocked. The PostShunACL designates ACL

entries that the sensor should place after all deny entries for the address being blocked.

NoteYou cannot use standard named or numbered IP access lists (one that requires the standard

keyword) such as the following:

ip access-list standardname

You can use a standard ACL as long as it is in this format:

access-listnumber

Reference:Cisco Courseware 5-46

QUESTION 124

Which of the following represents the best description of a pre-block ACL on an IDS blocking device?

A. ACL entries applied to the start of the active ACL before blocking entries applied

1 2 ... 48 49 50 51 52 53 54 55 56 57 58 ... 122 123

Žádné komentáře

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list Strana 53