Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list stáhnout pdf (Strana 65)

642-531

QUESTION 151

Which statement is true when creating custom signatures on a Cisco IDS Sensor in IDS MC?

A. All parameter fields must be entered.

B. They are automatically saved to the Sensor.

C. The default action is logging.

D. They are enabled by default.

Answer: D

Explanation:

Custom signatures are enabled by default. It is recommended to test custom signatures in a non-production

environment to avoid unexpected results including network disruption.

Cisco Courseware 14-30

QUESTION 152

A company has a requirement to create a custom signature that detects BGP packets traversing the

network.

Which Cisco IDS signature micro-engine can be used to create this signature?

A. Atomic.TCP

B. Atomic.L3.IP

C. Sweep.Port.TCP

D. Atomic.IPOptions

Answer: B

Explanation:

The following are Atomic.l3.IP parameters:

MaxProto-defines the maximum IP protocol number, after which the signature fires

MinProto-Defines the minimum IP protocol number, after which the signature fires

isRFC1918-Defines whether the packet is from RFC 1918 address pool

-Cisco Secure Intrusion Detection System 4 chap 13 page 13

BGP is a layer 3 routing protocol. Atomic.L3.IP will detect layer 3 IP alarms

Reference:Cisco Secure Intrusion Detection System (Ciscopress) page 628

QUESTION 153

A hospital's security policy states that any e-mail messages with the words SSN or Social Security must

be detected by the IDS Sensor.

Which Cisco IDS signature micro-engine should be used to create the signature?

A. Atomic.TCP

B. Atomic.UDP

C. String.ICMP

D. String.TCP

E. String.UDP

1 2 ... 60 61 62 63 64 65 66 67 68 69 70 ... 122 123

Žádné komentáře

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Datový list Strana 65