多选题Which two statements about an IDS are true?()AThe IDS is in the traffic path.BThe IDS can send TCP resets to the source device.CThe IDS can send TCP resets to the destination device.DThe IDS listens promiscuously to all traffic on the network.EDefault operation is for the IDS to discard malicious traffic.
多选题
Which two statements about an IDS are true?()
A
The IDS is in the traffic path.
B
The IDS can send TCP resets to the source device.
C
The IDS can send TCP resets to the destination device.
D
The IDS listens promiscuously to all traffic on the network.
E
Default operation is for the IDS to discard malicious traffic.
参考解析
解析:
暂无解析
相关考题:
You are required to configure a SCREEN option that enables IP source route option detection.Which twoconfigurations meet this requirement?() (Choose two.) A. [edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }B. [edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }C. [edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }D. [edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }
Which of the following technologies allows an administrator to submit traffic to an IDS for review?() A. Spanning treeB. VLANC. PoED. Port mirroring
Which statement about IDS/IPS design is correct?() A. An IPS should be deployed if the security policy does not support the denial of traffic.B. An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.C. An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.D. Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.
Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4 (Choose two.)()。A、It establishes a static route to the 172.16.3.0 networkB、It establishes a static route to the 192.168.2.0 networkC、It configures the router to send any traffic for an unknown destination to the 172.16.3.0 networkD、It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4E、It uses the default administrative distanceF、It is a route that would be used last if other routes to the same destination exist
As a critical part of the design for the Enterprise Campus network, which of the following two aretrue concerning intrusion detection and prevention solution? ()A、 IDS is capable of both inline and promiscuous monitoring, while IPS is only capable ofpromiscuous monitoringB、 IDS will stop malicious traffic from reaching its intended target for certain types of attacks.C、 IPS processes information on Layer 3 and 4 as well as analyzing the contents and payload ofthe packets for more sophisticated embedded attacks (Layers 3 to 7)D、 IPS inspects traffic statefully and needs to see both sides of the connection to function properlyE、 IDS placement at the perimeter of Data Center outside the firewall generates many warningsthat have relatively low value because no action is likely to be taken on this information
Which two of these are characteristics of an IDS sensor?()A、passively listens to network trafficB、is an active device in the traffic pathC、has a permissive interface that is used to monitor networksD、traffic arrives on one IDS interface and exits on anotherE、has a promiscuous interface that is used to monitor the network
Which two statements about an IDS are true?()A、The IDS is in the traffic path.B、The IDS can send TCP resets to the source device.C、The IDS can send TCP resets to the destination device.D、The IDS listens promiscuously to all traffic on the network.E、Default operation is for the IDS to discard malicious traffic.
Which two of these statements best describe the benefits of Cisco’s wireless IDS functionality? (Choose two.) ()A、 AirDefense for wireless IDS is required by autonomous APs.B、 2.40Hz CK management can monitor both 802.11 and non-802.11 CK interference.C、 APs only monitor the RF channels that are servicing the clients.D、 Cisco or CCX compatible client cards can extend the CK IDS service for autonomous APs.E、 Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
Which two statements are true when source/destination filters are enabled? ()(Choose two.)A、Excluded traffic is not accelerated.B、Excluded traffic is only compressed.C、Source/destination filter applies to all traffic sent from LAN to WAN.D、Source/destination filters work in packet interception mode using RIPv2.
Cisco IDS sensors form the eyes and ears of your Cisco network intrusion detection system. Placing sensors correctly throughout your network is crucial to successfully implementing your Cisco intrusion detection system .Which two of these are characteristics of an IDS sensor?()A、 has a permissive interface that is used to monitor networksB、 is an active device in the traffic pathC、 passively listens to network trafficD、 has a promiscuous interface that is used to monitor the network
Which statement about an IPS is true?()A、The IPS is in the traffic path.B、Only one active interface is required.C、Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS.D、When malicious traffic is detected,the IPS will only send an alert to a management station.
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
Which of the following technologies allows an administrator to submit traffic to an IDS for review?()A、Spanning treeB、VLANC、PoED、Port mirroring
You are required to configure a SCREEN option that enables IP source route option detection.Which twoconfigurations meet this requirement?() (Choose two.)A、[edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }B、[edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }C、[edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }D、[edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }
多选题Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4 (Choose two.)()。AIt establishes a static route to the 172.16.3.0 networkBIt establishes a static route to the 192.168.2.0 networkCIt configures the router to send any traffic for an unknown destination to the 172.16.3.0 networkDIt configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4EIt uses the default administrative distanceFIt is a route that would be used last if other routes to the same destination exist
多选题Cisco IDS sensors form the eyes and ears of your Cisco network intrusion detection system. Placing sensors correctly throughout your network is crucial to successfully implementing your Cisco intrusion detection system .Which two of these are characteristics of an IDS sensor?()Ahas a permissive interface that is used to monitor networksBis an active device in the traffic pathCpassively listens to network trafficDhas a promiscuous interface that is used to monitor the network
单选题Which statement about an IPS is true?()AThe IPS is in the traffic path.BOnly one active interface is required.CFull benefit of an IPS will not be realized unless deployed in conjunction with an IDS.DWhen malicious traffic is detected,the IPS will only send an alert to a management station.
多选题Which two of these are characteristics of an IDS sensor?()Apassively listens to network trafficBis an active device in the traffic pathChas a permissive interface that is used to monitor networksDtraffic arrives on one IDS interface and exits on anotherEhas a promiscuous interface that is used to monitor the network
多选题Which two statements are true when source/destination filters are enabled? ()(Choose two.)AExcluded traffic is not accelerated.BExcluded traffic is only compressed.CSource/destination filter applies to all traffic sent from LAN to WAN.DSource/destination filters work in packet interception mode using RIPv2.
单选题Two Level 2 routers are exchanging Hello packets with different Area IDs.What occurs between these routers?()AAn Adjacency is formed.BNo IS-IS PDUs are sent.CAn Adjacency does not form.DAn Adjacency forms but traffic is not forwarded.
多选题Which two of these statements best describe the benefits of Cisco’s wireless IDS functionality? (Choose two.) ()AAirDefense for wireless IDS is required by autonomous APs.B2.40Hz CK management can monitor both 802.11 and non-802.11 CK interference.CAPs only monitor the RF channels that are servicing the clients.DCisco or CCX compatible client cards can extend the CK IDS service for autonomous APs.EAutonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
多选题You are required to configure a SCREEN option that enables IP source route option detection.Which twoconfigurations meet this requirement?() (Choose two.)A[edit security screen] user@host# show ids-option protectFromFlood { ip { loose-source-route-option; strict-source-route-option; } }B[edit security screen] user@host# show ids-option protectFromFlood { ip { source-route-option; } }C[edit security screen] user@host# show ids-option protectFromFlood { ip { record-route-option; security-option; } }D[edit security screen] user@host# show ids-option protectFromFlood { ip { strict-source-route-option; record-route-option; } }
多选题Which two statements describe the functions and operations of IDS and IPS systems?()AA network administrator entering a wrong password would generate a true-negative alarm.BA false positive alarm is generated when an IDS/IPS signature is correctly identified.CAn IDS is significantly more advanced over IPS because of its ability to prevent network attacks.DCisco IDS works inline and stops attacks before they enter the network.ECisco IPS taps the network traffic and responds after an attack.FProfile-based intrusion detection is also known as anomaly detection.
单选题Which statement about IDS/IPS design is correct?()A An IPS should be deployed if the security policy does not support the denial of traffic.B An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.C An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.D Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.
单选题Which statement about IDS/IPS design is correct?()AAn IPS should be deployed if the security policy does not support the denial of traffic.BAn IPS analyzes a copy of the monitored traffic and not the actual forwarded packet.CAn IDS analyzes a copy of the monitored traffic and not the actual forwarded packet.DBandwidth considerations must be taken into account since IDS is deployed inline to traffic flow.