8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Chapter 5 Quiz
Fecha de entrega No hay fecha de entrega Puntos 28 Preguntas 14
Límite de tiempo Ninguno

Instrucciones
This quiz covers the content in CCNA Security: Implementing Network Security 2.0 Chapter 5. It is
designed to provide an additional opportunity to practice the skills and knowledge presented in the
chapter and to prepare for the Chapter Exam. You will be allowed multiple attempts and the grade does
not appear in the gradebook.

There are multiple task types that may be available in this quiz. Rather than having static graphics to
view, some items may require you to open a PT activity and perform some investigation and
configuration of devices before answering the question.

NOTE: There are some small differences in how the questions score and operate in the Quiz and how
they score and operate in the Chapter Exam. Quizzes allow for partial credit scoring on all item types to
foster learning. Points on quizzes can also be deducted for answering incorrectly. This does not
occur with the Chapter Exam.

Form 30530

Historial de intentos
Intento Hora Puntaje
MÁS RECIENTE Intento 1 8 minutos 26 de 28

Entregado el 10 de abr en 23:07

Pregunta 1 2 / 2 pts

Which command helps verify the Cisco IOS IPS configuration?

¡Correcto!
Router# show ip ips configuration

Router# show ip ips statistics

https://123616626.netacad.com/courses/975781/quizzes/8788228 1/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Router# show ip ips sessions

Router# show ip ips signatures

Refer to curriculum topic: 5.3.3

There are several show commands that can be used to verify the
IOS IPS configuration:
The show ip ips configuration command displays additional
configuration data that is not displayed with the show running-
config command.
The show ip ips signatures command verifies the signature
configuration.
The show ip ips statistics command displays the number of
packets audited, and the number of alarms sent.
The show ip ips sessions command displays IPS session-
related information.

Pregunta 2 2 / 2 pts

What is a zero-day attack?

It is a computer attack that occurs on the first day of the month.

It is an attack that results in no hosts able to connect to a network.

¡Correcto!
It is a computer attack that exploits unreported software vulnerabilities.

It is an attack that has no impact on the network because the software

vendor has mitigated the vulnerability.

https://123616626.netacad.com/courses/975781/quizzes/8788228 2/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.1.1

A zero-day attack is an attack on a system that uses vulnerabilities
that have not yet been reported to, and mitigated by, the vendor.

in responder Pregunta 3 0 / 2 pts

A network administrator is configuring the action type for a specific IPS

signature that identifies an attack that contains a specific series of TCP
packets. Once detected, the action to be taken is to terminate the current
packet and future packets associated with the TCP flow. Which command
should be used?

R1(config-sigdef-sig)# event-action deny-packet-inline

R1(config-sigdef-sig)# event-action deny-attacker-inline

R1(config-sigdef-sig)# event-action reset-tcp-connection

espuesta correcta R1(config-sigdef-sig)# event-action deny-connection-inline

https://123616626.netacad.com/courses/975781/quizzes/8788228 3/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.3.2

The parameters for the event-action command include:
deny-attacker-inline - Terminates the current packet and
future packets from this attacker address for a specified period
of time.
deny-connection-inline - Terminates the current packet and
future packets on this TCP flow.
deny-packet-inline - Terminates the packet.
reset-tcp-connection - Sends TCP resets to hijack and
terminate the TCP flow. Only works on TCP signatures that
analyze a single connection. It does not work for sweeps or
floods.

Pregunta 4 2 / 2 pts

A network administrator is configuring the triggering mechanism for the

network-based IPS by defining a pattern of web surfing activities. The
signature is applied across the corporate campus regardless of the type of
web browser used. What type of triggering mechanism is being
implemented?

¡Correcto!
policy-based

anomaly-based

signature-based

honeypot-based

https://123616626.netacad.com/courses/975781/quizzes/8788228 4/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.2.2

Policy-based detection defines behaviors that are based on
historical analysis. In contrast, anomaly-based detection involves
defining a profile of what is normal activity for the network or host.
Signature-based detection searches for specific, pre-defined
patterns in network traffic. Honey pot-based detection uses a
dummy server to attract attacks; thus distracting attacks away from
actual network devices.

Pregunta 5 2 / 2 pts

What are two actions that an IPS can perform whenever a signature
detects the activity for which it is configured? (Choose two.)

¡Correcto!
allow the activity

disable the link

reconverge the network

restart the infected device

¡Correcto!
drop or prevent the activity

https://123616626.netacad.com/courses/975781/quizzes/8788228 5/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.2.3

Depending on the signature type and the platform, whenever a
signature detects the activity for which it is configured the IPS may:
log the activity
drop or prevent the activity
reset a TCP connection
block future activity
allow the activity

Pregunta 6 2 / 2 pts

Refer to the exhibit. A network administrator is configuring an IOS IPS.

Which statement describes the IPS signatures that are enabled?

¡Correcto!
These signatures detect attacks within a single packet.

These signatures detect attacks that target a single host.

These signatures detect attacks that are from the same source.

These signatures detect attacks with a sequence of operations.

https://123616626.netacad.com/courses/975781/quizzes/8788228 6/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.2.1

As the result of the applied configuration, the router compiles 288
signatures of atomic-ip. The atomic signatures are used to match
possible attacks within a single packet. They are not used to detect
attacks with a sequence of operations.

Pregunta 7 2 / 2 pts

What is an IPS signature?

It is the timestamp that is applied to logged security events and alarms.

It is the authorization that is required to implement a security policy.

¡Correcto! It is a set of rules used to detect typical intrusive activity.

It is a security script that is used to detect unknown threats.

Refer to curriculum topic: 5.2.1

An IPS signature uniquely identifies specific malware, protocol
anomalies, or malicious traffic. IPS sensors are tuned to look for
matching signatures or abnormal traffic patterns. IPS signatures
are conceptually similar to the virus.dat file used by virus scanners.

Pregunta 8 2 / 2 pts

Which set of Cisco IOS commands instructs the IPS to compile a

signature category named ios_ips into memory and use it to scan traffic?
https://123616626.netacad.com/courses/975781/quizzes/8788228 7/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

R1(config)# ip ips signature-category

R1(config-ips-category)# category all
R1(config-ips-category-action)# retired false

¡Correcto! R1(config)# ip ips signature-category

R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# retired false

R1(config)# ip ips signature-category

R1(config-ips-category)# category all
R1(config-ips-category-action)# no retired false

R1(config)# ip ips signature-category

R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# no retired false

Refer to curriculum topic: 5.3.1

The correct command for the task is:

R1(config)# ip ips signature-category

R1(config-ips-category)# category ios_ips basic
R1(config-ips-category-action)# retired false

Pregunta 9 2 / 2 pts

A network administrator configures the alert generation of an IPS device

in such a way that when multiple attack packets that match the same
signature are detected, a single alert for the first packet is generated and
the remaining duplicate alarms are counted, but not sent, for a specific
time period. When the specified time period is reached, an alert is sent
that indicates the number of alarms that occurred during the time interval.
What kind of alert generation pattern is configured?

advanced alerts

atomic alerts

https://123616626.netacad.com/courses/975781/quizzes/8788228 8/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

¡Correcto!
summary alerts

composite alerts

Refer to curriculum topic: 5.2.3

The two main alert generation mechanisms for IDS/IPS devices
are atomic and summary alerts. Atomic alerts are generated every
time a signature triggers. With a summary alert, a single atomic
alert is generated for the first detection of an attack. Then the
duplicate alarms are counted, but not sent, for a specific time
period. When the specified time period is reached, an alert is sent
that indicates the number of alarms that occurred during the time
interval.

Pregunta 10 2 / 2 pts

Which command releases the dynamic resources associated with the

Cisco IOS IPS on a Cisco router?

Router# clear ip ips statistics

Router# clear ip sdee events

Router# clear ip sdee subscriptions

¡Correcto!
Router# clear ip ips configuration

https://123616626.netacad.com/courses/975781/quizzes/8788228 9/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.3.3

The clear ip ips configuration command disables IPS, removes
all IPS configuration entries, and releases dynamic resources.
The clear ip ips statistics command resets statistics on packets
analyzed, and alarms sent. The clear ip sdee events command
clears SDEE events from the event buffer. The clear ip sdee
subscriptions command clears SDEE subscriptions.

Pregunta 11 2 / 2 pts

A network administrator was testing an IPS device by releasing multiple

packets into the network. The administrator examined the log and noticed
that a group of alarms were generated by the IPS that identified normal
user traffic. Which term describes this group of alarms?

true positive

true negative

¡Correcto! false positive

false negative

https://123616626.netacad.com/courses/975781/quizzes/8788228 10/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.2.2

The four IDS/IPS alarm types are:
false positive - A normal user packet passes and an alarm is
generated.
false negative - An attack packet passes and no alarm is
generated.
true positive - An attack packet passes and an alarm is
generated.
true negative - A normal user packet passes and no alarm is
generated.

Pregunta 12 2 / 2 pts

Refer to the exhibit. As an administrator is configuring an IPS, the error

message that is shown appears. What does this error message indicate?

The signature definition file is invalid or outdated.

¡Correcto!
The public crypto key is invalid or entered incorrectly.

The flash directory where the IPS signatures should be stored is corrupt or
nonexistent.

SDEE notification is disabled and must be explicitly enabled.

https://123616626.netacad.com/courses/975781/quizzes/8788228 11/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

Refer to curriculum topic: 5.3.1

The public crypto key is contained in the realm-cisco.pub.key.txt
file that is downloaded from Cisco. The key verifies the digital
signature for the master signature file (sigdef-default.xml).

Pregunta 13 2 / 2 pts

Which Cisco feature sends copies of frames entering one port to a

different port on the same switch in order to perform traffic analysis?

CSA

HIPS

¡Correcto!
SPAN

VLAN

Refer to curriculum topic: 5.1.3

The Switched Port Analyzer (SPAN) feature of Cisco switches
sends copies of frames entering one port out a different port on the
same switch. With SPAN, hosts that are running a packet analyzer
or IDS on the outbound port will monitor the traffic. A Cisco
Security Agent (CSA) is a Cisco host-based intrusion prevention
system (HIPS) solution that often resides on endpoints, such as
servers and desktops. VLANs are features of switches that allow
creation of virtual LANs.

Pregunta 14 2 / 2 pts

https://123616626.netacad.com/courses/975781/quizzes/8788228 12/13
8/5/2020 Chapter 5 Quiz: Seguridad en Redes

What is a disadvantage of network-based IPS devices?

They use signature-based detection only.

¡Correcto! They cannot detect attacks that are launched using encrypted packets.

They are implemented in expensive dedicated appliances.

They cannot take immediate actions when an attack is detected.

Refer to curriculum topic: 5.1.2

Network-based IPS devices are implemented in inline mode to
actively monitor the traffic on networks. They can take immediate
actions when security criteria match. They can be implemented
with dedicated appliances or as a feature on a Cisco router.
Multiple types of detection mechanisms can be implemented in
IPS, including signature-based and anomaly-based detection. One
limitation of an IPS is that it cannot monitor or inspect encrypted
packets.

https://123616626.netacad.com/courses/975781/quizzes/8788228 13/13