Implement the Cisco IOS IPS feature set using SDM
Questions derived from the 642-552 – Securing Cisco Network Devices Exam Cisco Self-Test Software Practice Test.
Objective: Implement the Cisco IOS IPS feature set using SDM
SubObjective: Explain IPS technologies, attack responses and monitoring options
Item Number: 642-552.8.2.15
Single Answer, Multiple Choice
Which type of attack can be detected by using the Sweep Signature engine?
- Denial-of-Service (DoS) attack
- Access attack
- Reconnaissance attack
- Distributed denial-of-service (DDoS) attack
Answer:
C. Reconnaissance attack
Tutorial:
Reconnaissance attacks can be detected by using the Sweep Signature engine.
The Sweep Signature engine is used to analyze traffic when a host is making connections to one or many different hosts. This can be used to locate an attacker who is trying to probe for services on a specific host or in other words to detect a reconnaissance attack.
All the other options are incorrect because DoS, Access and DDoS types of attacks cannot be detected by using Sweep Signature engine.
Reference:
http://www.ciscopress.com/articles/article.asp?p=25330&rl=1