Cisco IDS/IPS sensor advanced system parameters

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Questions derived from the 642-532 – Securing Networks Using Intrusion Prevention Systems Cisco Self Test Software Practice Test.

 

Objective: Describe Cisco IDS/IPS sensor advanced system parameters
SubObjective: Describe network vulnerabilities and exploits and the practices and methodologies used to protect the network

 

Item Number: 642-532.3.3.11
Multiple Answer, Multiple Choice

 

Which statements are true regarding event action filters? (Choose two.)

 

 

  1. The processing of event action filters is performed in the order in which they are listed and cannot be altered or moved in that list.
  2. The processing of event action filters is performed in the order in which they are listed and can be altered or moved in that list.
  3. While filtering sweep signatures, the last address is used for matching the filter, if there are multiple destination addresses.
  4. While filtering state signatures, the last address is used for matching the filter, if there are multiple destination addresses.
  5. The enable-filters command is used to configure event action filters.

 

Answer:
B. The processing of event action filters is performed in the order in which they are listed and can be altered or moved in that list.

 

C. While filtering sweep signatures, the last address is used for matching the filter, if there are multiple destination addresses.

 

Tutorial:
Event action filters help the sensor to perform actions in response to the events. These filters are configured to remove specific actions from an event and prevent any further processing by the Cisco Intrusion Prevention System (IPS) sensor.

 

The following statements are true regarding event action filters:

 

 

  • The processing of event action filters is performed in the order in which they are listed and can be altered or moved in that list.
  • While filtering sweep signatures, the last address is used for matching the filter, if there are multiple destination addresses.
  • The filters command is used to configure event action filters.
  • Event action variables can be used to define group addresses for filters.

 

The option stating that the processing of event action filters is performed in the order in which they are listed and cannot be altered or moved in that list is incorrect because the processing of event action filters is performed in the order in which they are listed and can be altered or moved in that list.

 

The option stating while filtering state signatures, the last address is used for matching the filter, if there are multiple destination addresses is incorrect because this condition applies when filtering sweep signatures.

 

The option stating the enable-filters command is used to configure event action filters is incorrect because filters command is used to configure the event action filters.

 

Reference:
http://cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7a.html#wp1030749

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment:

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>