Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica descarregar pdf (Página 56)

642-531

QUESTION 130

A Cisco IDS Sensor has been configured to perform IP Blocking.

Which Cisco IDS service must be running on the Sensor?

A. Logged

B. Eventd

C. Blocked

D. Managed

E. Shunned

Answer: D

Explanation:

Managed -The managed daemon is responsible for managing and monitoring network devices (routers and

packet filters). For example, when packetd identifies that a certain type of attack should be shunned, it sends a

shun command to managed via the post office facility.

Reference: Cisco Secure IDS Internal Architecture

QUESTION 131

The new Certkiller trainee technician wants to know which command a PIX Firewall use to block attacks, as

directed by an IDS blocking Sensor. What would your reply be?

A. acl

B. shun

C. access

D. set security acl ip

E. conduit

Answer: B

Explanation:

PIX Firewall

You can configure sensors can to use the PIX Firewall to block hosts. A new API command on the PIX Firewall

has been created, shun [ip], which tells the PIX Firewall which hosts to block. Existing PIX Firewall ACLs are

not altered by device management. You cannot use preshun or postshun ACLs for the PIX Firewall, instead you

must create ACLs directly on the PIX Firewall.

The PIX Firewall does not support the ShunNet command. Therefore, do not send a ShunNet to sensors that

control PIX Firewalls. Instead, you can manually configure the ACLs on the PIX Firewall to deny the network

that is to be blocked. If the sensor controls other devices in addition to a PIX Firewall, you can send a ShunNet

to the sensor, but you must also manually configure the PIX Firewall to ensure that the network is blocked by

all devices controlled by the sensor. Be aware that any ShunHost that contains a host address that belongs to the

network specified in the ShunNet command does not cause an update to any of the devices controlled by the

sensor. Device Management does not update the device ACLs if the blocked host is already covered by a

ShunNet.

The PIX Firewall in particular does not attempt to block that host even though it does not support the ShunNet

1 2 ... 51 52 53 54 55 56 57 58 59 60 61 ... 122 123

Sem comentários

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha Técnica Página 56