1. What is an IPS signature?
- It is the timestamp that is applied to logged security events and alarms.
- It is the authorization that is required to implement a security policy.
- It is a set of rules used to detect typical intrusive activity.
- It is a security script that is used to detect unknown threats.
2. Which network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?
- network tap
3. What is a characteristic of an IPS operating in inline-mode?
- It does not affect the flow of packets in forwarded traffic.
- It requires the assistance of another network device to respond to an attack.
- It can only send alerts and does not drop any packets.
- It can stop malicious traffic from reaching the intended target.
4. What is a zero-day attack?
- It is an attack that results in no hosts able to connect to a network.
- It is an attack that has no impact on the network because the software vendor has mitigated the vulnerability.
- It is a computer attack that exploits unreported software vulnerabilities.
- It is a computer attack that occurs on the first day of the month.
5. What is a feature of an IPS?
- It has no impact on latency.
- It can stop malicious packets.
- It is deployed in offline mode.
- It is primarily focused on identifying possible incidents.
6. Which network monitoring technology passively monitors network traffic to detect attacks?
7. Which open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?
- Snort IPS
- IOS IPS
8. Which Cisco platform supports Cisco Snort IPS?
- 800 series ISR
- 3900 series ISR
- 4000 series ISR
- 2900 series ISR
9. Which device supports the use of SPAN to enable monitoring of malicious activity?
- Cisco Security Agent
- Cisco IronPort
- Cisco NAC
- Cisco Catalyst switch
10. What is a host-based intrusion detection system (HIDS)?
- It is an agentless system that scans files on a host for potential malware.
- It combines the functionalities of antimalware applications with firewall protection.
- It detects and stops potential direct attacks but does not scan for malware.
- It identifies potential attacks and sends alerts but does not stop the traffic.
11. Which network monitoring capability is provided by using SPAN?
- Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
- Traffic exiting and entering a switch is copied to a network monitoring device.
- Real-time reporting and long-term analysis of security events are enabled.
- Network analysts are able to access network device log files and to monitor network behavior.
12. What network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?