Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica descarregar pdf (Página 54)

642-531

B. ACL applied to the internal (trusted) interface of a managed device

C. ACL applied to a managed interface prior to an attack being detected

D. ACL used to block traffic on the inbound direction of a managed interface

E. ACL used to block traffic on the external (untrusted) interface of a managed device

Answer: A

Page 15-15 CSIDS Courseware under Using Existing ACLs

The Pre-block ACL designates ACL entries that the Sensor should place in the beginning of the new ACL,

before the addition of any Sensor blocking entries

QUESTION 125

Your Cisco router is hosting an NM-CIDS. The router's configuration contains an output ACL. Which of

the following best describes the action the router takes when it receives a packet that should be dripped

according to the output ACL?

A. The router drops the packet and does not forward it to the NM-CIDS.

B. The router sends the packet to the NM-CIDS for inspection, then performs output-ACL check and drops the

packet.

C. If the packet is an ICMP packet, the router sends it to the NM-CIDS for inspection, then performs output

ACL check and drops the packet. If the packet is not an ICMP packet, the router performs output ACL check

and drops the packet.

D. The router sends the packet to the NM-CIDS check and drops the packet.

Answer: B

B seems to be the best choice, since the packet makes it into the router (no input ACL prevents this), and an

IDS probably should inspect all packets that reach the router core.

Cisco Courseware 5-46

Note: The Cisco IOS Software performs an input-ACL check on a packet before it processes the packet for

NAT or Encryption. As explained earlier, the IDS Network Module monitors the packet after the NAT and

decryption is processed. Thus if the packet is dropped by the inbound ACL it is not forwarded to the IDS

Network Module. The Cisco IOS Software performs output-ACL check after the packet is forwarded to the

IDS. Hence the packet will be forwarded to the IDS even if the output ACL drops the packet

QUESTION 126

Your Cisco router is hosting an NM-CIDS. The router's configuration contains an inbound ACL. Which

of the following best describes the action the router takes when it receives a packet that should be

dropped according to the inbound ACL?

A. Router forwards packet to NM-CIDS for inspection, then drops the packet.

B. Router drops the packet and does not forward it to NM-CIDSfor inspection.

C. Router runs the packet against ACL, tags it for drop action, forwards the packet to the NM-CIDS and drops

it if it triggers any signature, even a signature with no action configured.

D. Router runs packet against ACL, forwards packet to NM-CIDS for inspection, only if it is an ICMP packet ,

and then drops the packet.

Answer: B

1 2 ... 49 50 51 52 53 54 55 56 57 58 59 ... 122 123

Sem comentários

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica Página 54