Datasheet
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 12 -
Today’s networks have several entry points to provide reliability, redundancy, and resilience.
These entry points also represent different avenues for the attacker to attack your network.
You must identify all the entry points into your network and decide whether they need to also
participate in IP blocking.
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 467
Cisco Secure Intrusion Detection System 4 chap 15 page 8
Note: It is recommended that Sensors be placed at those network entry and exit points that
provide sufficient intrusion detection coverage. Cisco Secure Intrusion Detection System 4
chap 4 page 37
QUESTION NO: 18
Which type of ACL is allowed when implementing the Cisco IDS IP blocking feature
pre-shun ACLs?
A. Named IP extended
B. Named IP standard
C. Numbered IPX standard
D. Numbered IPX extended
E. Named IPX extended
Answer: A
Explanation: A pre-block and post-block ACL must be an extended IP ACL, named or
unnumbered. They should be configured on the device Sensor block is configured for that
interface/direction Cisco Secure Intrusion Detection System 4 chap 15 page 15
QUESTION NO: 19
Which of the following commands let you view, change, enable, or disable the use of a
service or protocol through the PIX Firewall?
A. fixing protocol
B. set firewall
C. fixup protocol
D. change –all fix
Answer: C
Explanation:
The fixup protocol commands let you view, change, enable, or disable the use of a service or
protocol through the PIX Firewall. The ports you specify are those that the PIX Firewall
listens at for each respective service.
Reference: Cisco PIX Firewall Command Reference, Version 6.3
Note: In Appendix B of the Cisco Secure Intrusion Detection System 4 Fixup protocol is not
talked about.