Datasheet
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 15 -
An ACL policy violation signature has been created on a Cisco IDS Sensor. The Sensor
is configured to receive policy violations from a Cisco IOS router.
What configurations must exist on the router? (Choose two)
A. Logs permit ACL entries
B. Logs deny ACL entries
C. Sends SNMP traps to the Sensor
D. Sends Syslog messages to the Sensor
E. Sends SNMP traps to the Director
F. Sends syslog messages to the Director
Answer: B, F
Explanation:
The Sensor can be configured to create an alarm when it detects a policy violation from the
syslog generated by a Cisco router. A policy violation is generated by a Cisco router when a
packet fails to pass a designated Access Control List. Security data from Sensor and Cisco
routers, including policy violations, is monitored and maintained on the Director.
Reference:
Cisco Secure Intrusion Detection System Overview
QUESTION NO: 25
A Cisco IDS Sensor has been configured to detect attempts to extract the password file
from Windows 2000 systems. During a security posture assessment, the consultants
attempted to extract the password files from three Windows 2000 servers.
This activity was detected by the Sensor.
What situation has this activity caused?
A. True negative
B. True positive
C. False negative
D. False positive
Answer: B
Explanation:
True positive – is when an IDS generates an alarm for known intrusive activity.
False negative – is when an IDS fails to generates an alarm for known intrusive activity.
False positive - is when an IDS generates an alarm for normal user activity.
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 55 & 58
Note: True positive –A situation in which a signature is fired properly when offending traffic
is detected. An attack is detected as expected. - Cisco Secure Intrusion Detection System 4
chap 3 page 12
QUESTION NO: 26