Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list stáhnout pdf (Strana 59)

642-531

Blocking Sensor controls blocking on devices at the request of the NAC's running on Blocking Forwarding

sensors. page 15-30 ids 4.0 uses RDEP to communicate blocking instructions.

QUESTION 137

What is the primary function of a Master Blocking Sensor?

A. to serve as the central point of configuration in IDM for blocking

B. to serve as the central point of configuration in IDS MC fro blocking

C. to manage and distribute blocking configurations in to other "slave" Sensors

D. to directly communicate the blocking requests sent by other Sensors

E. to provide the first line of attack detection and prevention through blocking

Answer: C

Cisco Courseware 15-29, 15-30

QUESTION 138

The new Certkiller trainee technician wants to know which signature description best describes a string

signature engine. What would your reply be?

A. Layer 5, 6, and 7 services that require protocol analysis.

B. Regular expression-based pattern inspection for multiple transport protocols.

C. Network reconnaissance detection.

D. State-based, regular expression-based, pattern inspection and alarm functionality for TCP streams.

Answer: B

Explanation:

About STRING Engines

The STRING engine provides regular expression-based pattern inspection and alarm functionality for multiple

transport protocols including TCP, UDP and ICMP.

Regular expressions are a powerful and flexible notational language that allow you to describe text. In the

context of pattern matching, regular expressions allow a succinct description of any arbitrary pattern. Regular

expressions are compiled into a data structure called a pattern matcher, which is then used to match patterns in

data.

The STRING engine is a generic string-based pattern matching inspection engine for TCP, UDP, and ICMP

protocols. This STRING engine uses a new Regex engine that can combine multiple patterns into a single

pattern-matching table allowing for a single search through the data. The new regex has the alternation "|"

operator also known as the OR operator. There are three STRING engines: STRING.TCP, STRING.UDP, and

STRING.ICMP.

Reference:Cisco Courseware 13-61

QUESTION 139

Which of the following statements regarding SERVICE engine signatures on a Cisco IDS Sensor is valid?

A. SERVICE engine signatures on a Cisco IDS Sensor include all general signatures

B. SERVICE engine signatures on a Cisco IDS Sensor are operating system independent

1 2 ... 54 55 56 57 58 59 60 61 62 63 64 ... 122 123

Žádné komentáře

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list Strana 59