Answer CCNA Security CH 5

Answer CCNA Security Chapter 5 Test CCNAS v1.
1 | Invisible Algorithm
http://www.invialgo.com/2012/answer-ccna-security-chapter-5-test-ccnas-v1-1/[11/1/2012 1:18:06 AM]
RECENTLY WRITTEN
Di sabl e w 3 Tot al
Cac he Pl ugi n
Compl et el y
Unabl e t o Connec t
t o I nt er net Eset
Smar t Sec ur i t y
At her os AR5007EG
Wi ndow s 7 Dr i ver
Net w or k Sec ur i t y
Chapt er 4 Pac k et
Tr ac er Ac t i vi t y A
Answ er
Answ er CCNA
Sec ur i t y Chapt er 10
Test CCNAS v1.1
COFFEE FOR ME
SEARCH

Answ er CCNA Sec ur i t y
Chapt er 5 Test
CCNAS v1.1
In this post, I will share the questions and answers for CCNA
Security Chapter 5 Test. All the questions and answers are valid
and 100% correct. The questions shared in this post is based on
Posted on August 4, 2012
VMw ar e Cour ses-Fr ee Ex ams
VMware and Zimbra training courses Register
today and become a VCP
www.alfavad.com
X.25 Net w or k Conver si on
Best Value for X.25-TCP/IP Gateways Supports
XOT, SVC, PVC, SNMP & LAPB
www.microtronix.com
Cont ac t Advi sor y Ser vi c es
Legal, Corporate Services, Tax, Remote Gaming,
Fiduciary, Accounts.
www.contact.com.mt
Fr ee SSL Sec ur i t y Gui des
Range of Free SSL Product and Technical guides
from Thawte
www.thawte.com
Home Category Search Sitemap Contact Us About
Search
Answer CCNA Security Chapter 5 Test CCNAS v1.1 | Invisible Algorithm
Invisible
Algorithm
on
Facebook
105 people
like
Like
Facebook social plugin
+6
Fol l ow
Fi nd us on Googl e+
CCNA SECURITY
Chapt er 1
Chapt er 2
Chapt er 3
Chapt er 4
Chapt er 5
CCNAS v1.1. I wish this post will be a good reference to all of us in
answering CCNA Security Chapter 5 Test.

Refer to the exhibit. When modifying an IPS signature action,
which two check boxes should be selected to create an ACL that
denies all traffic from the IP address that is considered the
source of the attack and drops the packet and all future packets
from the TCP flow? (Choose two.)
Deny Attacker Inline
Deny Connection Inline
Deny Packet Inline
Produce Alert
Reset TCP Connection

Why is a network that deploys only IDS particularly vulnerable to
an atomic attack?
The IDS must track the three-way handshake of established TCP
connections.
The IDS must track the three-way handshake of established UDP
connections.
Login
Chapt er 6
Chapt er 7
Chapt er 8
Chapt er 9
Chapt er 10
Fi nal Ex am
RANDOM TERMS
r oot andr oi d i c e
c r eam sandw i c h
sk 17i
c c nas v1 1 answ er s
val i d met hod of
sec ur i ng t he c ont r ol
pl ane i n t he c i sc o
nf p f r amew or k
c c na answ er s r ef er
t o t he ex hi bi t how
c an a c omment be
added t o t he
begi nni ng of t hi s ac l
The IDS permits malicious single packets into the network.
The IDS requires significant router resources to maintain the
event horizon.
The stateful properties of atomic attacks usually require the IDS
to have several pieces of data to match an attack signature.

Refer to the exhibit. What is the result of issuing the Cisco IOS
IPS commands on router R1?
A named ACL determines the traffic to be inspected.
A numbered ACL is applied to S0/0/0 in the outbound direction.
All traffic that is denied by the ACL is subject to inspection by
the IPS.
All traffic that is permitted by the ACL is subject to
inspection by the IPS.

Which two files could be used to implement Cisco IOS IPS with
version 5.x format signatures? (Choose two.)
IOS-Sxxx-CLI.bin
IOS-Sxxx-CLI.pkg
IOS-Sxxx-CLI.sdf
realm-cisco.priv.key.txt
realm-cisco.pub.key.txt

Download
Password
Manager
Remembers Passwords.
One-Click Form Filling,
Seach, and More. 5
Stars!
Cisco CCIE
Security Lab
Cisco CCIE Security rack
rental Internetwork
Expert Security Lab
www.GigaVelocity.com
Maritime Security
REDfour MSS Ltd,
Industry leader Highest
standards of compliance
www.redfour-mss.com
Cisco 2800
Cisco 2801 2811 2821
2851 Routers 58%-98%
Off, 8000+ Buyers
Worldwide
Router-switch.com/_Cisco_
Stocks Trading
Trade Stocks Online at
Plus500. No
Commissions, Free 25
Bonus!
www.Plus500.bg/Stocks
t o i dent i f y i t s
pur pose ?
c i sc o c hapt er 8
answ er s
A network administrator tunes a signature to detect abnormal
activity that might be malicious and likely to be an immediate
threat. What is the perceived severity of the signature?
high
medium
low
informational

Which two benefits does the IPS version 5.x signature format
provide over the version 4.x signature format? (Choose two.)
addition of signature micro engines
support for IPX and AppleTalk protocols
addition of a signature risk rating
support for comma-delimited data import
support for encrypted signature parameters

Which two Cisco IOS commands are required to enable IPS SDEE
message logging? (Choose two.)
logging on
ip ips notify log
ip http server
ip ips notify sdee
ip sdee events 500

Refer to the exhibit. What is the significance of the number 10 in
the signature 6130 10 command?
It is the alert severity.
It is the signature number.
It is the signature version.
It is the subsignature ID.
It is the signature fidelity rating.

What is a disadvantage of network-based IPS as compared to
host-based IPS?
Network-based IPS is less cost-effective.
Network-based IPS cannot examine encrypted traffic.
Network-based IPS does not detect lower level network events.
Network-based IPS should not be used with multiple operating
systems.

What information is provided by the show ip ips configuration
configuration command?
detailed IPS signatures
alarms that were sent since the last reset
the number of packets that are audited
the default actions for attack signatures

Which statement is true about an atomic alert that is generated
by an IPS?
It is an alert that is generated every time a specific
signature has been found.
It is a single alert sent for multiple occurrences of the same
signature.
It is both a normal alarm and a summary alarm being sent
simultaneously at set intervals.
It is an alert that is used only when a logging attack has begun.

Which Cisco IPS feature allows for regular threat updates from
the Cisco SensorBase Network database?
event correlation
global correlation
IPS Manager Express
honeypot-based detection
security-independent operation

Which protocol is used when an IPS sends signature alarm
messages?
FTP
SDEE
SIO
SNMP

Refer to the exhibit. Based on the configuration that is shown,
which statement is true about the IPS signature category?
Only signatures in the ios_ips basic category will be compiled
into memory for scanning.
Only signatures in the ios_ips advanced category will be compiled
into memory for scanning.
All signature categories will be compiled into memory for scanning,
but only those signatures in the ios_ips basic category will be used
for scanning purposes.
All signatures categories will be compiled into memory for
scanning, but only those signatures within the ios_ips advanced
category will be used for scanning purposes.

A network security administrator would like to check the number
of packets that have been audited by the IPS. What command
should the administrator use?
show ip ips signatures
show ip ips interfaces
show ip ips statistics
show ip ips configuration

Refer to the exhibit. Based on the configuration commands that
are shown, how will IPS event notifications be sent?
HTTP format
SDEE format
syslog format
TFTP format

Refer to the exhibit. What action will be taken if a signature
match occurs?
An ACL will be created that denies all traffic from the IP address
that is considered the source of the attack, and an alert will be
generated.
This packet and all future packets from this TCP flow will be
dropped, and an alert will be generated.
Only this packet will be dropped, and an alert will be generated.
The packet will be allowed, and an alert will be generated.
The packet will be allowed, and no alert will be generated.

An administrator is using CCP to modify a signature action so that
if a match occurs, the packet and all future packets from the TCP
flow are dropped. What action should the administrator select?
deny-attacker-inline
deny-connection-inline
deny-packet-inline
produce-alert
reset-tcp-connection

Refer to the exhibit. Based on the configuration, what traffic is
inspected by the IPS?
only traffic entering the s0/0/1 interface
all traffic entering or leaving the fa0/1 interface
only traffic traveling from the s0/0/1 interface to the fa0/1
interface
all traffic entering the s0/0/1 interface and all traffic leaving the
fa0/1 interface
all traffic entering the s0/0/1 interface and all traffic
entering and leaving the fa0/1 interface

Refer to the exhibit. As an administrator is configuring an IPS, the
error message that is shown appears. What does this error
message indicate?
The signature definition file is invalid or outdated.
The public crypto key is invalid or entered incorrectly.
The flash directory where the IPS signatures should be stored is
corrupt or nonexistent.
SDEE notification is disabled and must be explicitly enabled.

All the answers should be 100% correct. If you unable to achieve
100% score following all the questions and answers provided above,
and you have the correct answer, please comment below so that
other people able to get benefits from your experience and
knowledge. We do appreciate any correction, new questions or
latest version of any test that you might know. Sharing is caring.
Credit: This Chapter 5 CCNA Security Test contribute by Xase. All
credits goes to him.
This entry was posted in Dat a Net w or k , Net w or k Sec ur i t y and tagged 2012 ,
Answ er , CCNA Sec ur i t y, CCNA Sec ur i t y Chapt er 5 Answ er , CCNA
Sec ur i t y Chapt er 5 Test , CCNAS Chapt er 5 Test , CCNAS v1.1, Chapt er
5 Test , Sol ut i on, Sol ut i on CCNA Sec ur i t y Chapt er 5 by I nvi Al go. Bookmark
the per mal i nk .
Cisco Ccna Web hosting servers Subjects
Leave a Repl y
Your email address will not be published. Required
fields are marked *
Name
*
Email
*
Website
Search Invisible Algorithm:
ccna security chapter 5 exam answers, How can a comment be added
to the beginning of this ACL to identify its purpose?, Which protocol is
used when an IPS sends signature alarm messages?, ccna security
chapter 5, ccna security chapter 5 test answers, a network security
administrator would like to check the number of packets that have
been audited by the ips what command should the administrator use?,
An administrator is using CCP to modify a signature action so that if a
match occurs the packet and all future packets from the TCP flow are
dropped What action should the administrator select?, refer to the
exhibit based on the configuration what traffic is inspected by the ips?,
Which statement is true about an atomic alert that is generated by an
IPS?, ccnas chapter 5
All
Notify me of followup
comments via e-mail. You
can also subscribe without commenting.
Comment
All
Post Comment

Answer CCNA Security CH 5

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Answer CCNA Security CH 5

Uploaded by

Copyright:

Available Formats

Answer CCNA Security Chapter 5 Test CCNAS v1.

You might also like