1. What are the three actions supported by Snort IDS? (Choose three.) Alert Drop Log Pass Reject Sdrop 2. Which two options are components of Snort IPS that is running on an ISR 4000? (Choose two.) Snort action Snort alarm Snort engine Snort rule set
1. Which action logs the IP address from a malicious source only and sends an alert? request block host drop or prevent the activity log attacker packets deny connection inline reset a TCP connection 2. Which action terminates a malicious packet only? request drop host request block trap …
1. Snort IPS is available on which router platform? Cisco 800 Cisco 1800 Cisco 2900 Cisco 4000 2. Where does the Snort engine run? DRAM NVRAM service container 3. In which operating mode does Snort IDS inspect traffic and report alerts, but does not take any action to …
1. True or False? A HIPS can be configured in either promiscuous or inline mode. True False 2. What is true of a NIPS that is running in inline mode? It can not stop malicious traffic from reaching its destination. NIPS post-event responses require assistance from other networking …
1. Which network security design typically uses one inside interface, one outside interface, and one DMZ interface? layered defense public demilitarized two-interface firewall ZPF 2. Which security design uses different types of firewalls and security measures that are combined at different areas of the network to add depth …
1. Which type of firewall filters information at Layers 3, 4, 5, and 7 of the OSI reference model? Host-based Hybrid Application gateway Packet filtering Stateful 2. Which type of firewall is a combination of various firewall types? Host-based Hybrid Next generation Packet filtering Proxy Stateful Transparent 3. …
1. Which ACL is capable of filtering based on TCP port number? extended ACL standard ACL 2. Which statement about ACLs is true? Extended ACLs are numbered 1300 – 2699. Named ACLs can be standard or extended. Numbered ACLs is the preferred method to use when configuring ACLs. …
1. Which wildcard mask would permit only host 10.10.10.1? 0.0.0.0 0.0.0.31 0.0.0.255 0.0.255.255 255.255.255.255 2. Which wildcard mask would permit only hosts from the 10.10.0.0/16 network? 0.0.0.0 0.0.0.31 0.0.0.255 0.0.255.255 255.255.255.255 3. Which wildcard mask would permit all hosts? 0.0.0.0 0.0.0.31 0.0.0.255 0.0.255.255 255.255.255.255 4. Which wildcard mask …
1. Records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Authentication Authorization Accounting 2. Uses a created set of attributes that describes the user’s access to the network. Authentication Authorization Accounting 3. Established using …
1. Refer to the following syslog output to answer the questions. *Jun 12 17:46:01.619: %IFMGR-7-NO_IFINDEX_FILE: Unable to open nvram:/ifIndex-table No such file or directory Refer to the syslog output. What security level generated the message? Error Informational Warning Debugging 2. Refer to the syslog output. What is the …