Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica descarregar pdf (Página 45)

642-531

2) Download the IP log files via IDM.

After retrieving the IP log files, you can use a network protocol analyzer to examine the data.

Not B:Archive using SCP is false, although

Copy using SCP would be true.

QUESTION 103

The new Certkiller trainee technician wants to know how automatic IP logging is enabled on Sensor.

What would your reply be?

A. It is enabled by default for all high-severity signature alarms.

B. It is enabled by default for all signatures.

C. It is enabled by default for all master signatures only.

D. It must be manually configured for individual signatures.

Answer: D

Explanation:

Attacks or other misuses of network resources can be defined as network intrusions. Network intrusions can be

detected by sensors that use a signature-based technology. A signature is a set of rules that your sensor uses to

detect typical intrusive activity, such as denial of service (DoS) attacks. As sensors scan network packets, they

use signatures to detect known attacks and respond with actions that you define.

The sensor compares the list of signatures with network activity. When a match is found, the sensor takes an

action, such as logging the event or sending an alarm to IDS Event Viewer. Sensors allow you to modify

existing signatures and define new ones.

Signature-based intrusion detection can produce false positives because certain normal network activity can be

misinterpreted as malicious activity. For example, some network applications or operating systems may send

out numerous ICMP messages, which a signature-based detection system might interpret as an attempt by an

attacker to map out a network segment. You can minimize false positives by tuning your sensors.

To configure a sensor to monitor network traffic for a particular signature, you must enable the signature. By

default, the most critical signatures are enabled when you install IDS Device Manager. When an attack is

detected that matches an enabled signature, the sensor generates an alert event (formerly known as an alarm),

which is stored in the sensor's event store. The alert events, as well as other events, may be retrieved from the

event store by web-based clients. By default the sensor logs all Informational alarms or higher. If you have

added IDS Event Viewer as a destination, the alarm is sent to the IDS Event Viewer database and you can view

the alarm in IDS Event Viewer.

Configuring IP Logging

You can configure a sensor to generate an IP session log when the sensor detects an attack. When IP logging is

configured as a response action for a signature and the signature is triggered, all packets to and from the source

address of the alarm are logged for a specified period of time. You can set the number of minutes events are

logged.

Reference:

Installing and Using the Cisco Intrusion Detection System Device Manager and Event Viewer Version 4.1

Cisco Courseware 12-18

QUESTION 104

Which of the following fields will you advice the new Certkiller trainee technician to populate when

1 2 ... 40 41 42 43 44 45 46 47 48 49 50 ... 122 123

ExactPapers.com 1

Comentários a estes Manuais

Sem comentários

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica Página 45

Comentários a estes Manuais

Manuais e produtos relacionados com Servidores Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor