Datasheet
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 22 -
A. Atomic.TCP
B. Atomic.L3.IP
C. Sweep.Port.TCP
D. Atomic.IPOptions
Answer: B
Explanation:
The following are Atomic.l3.IP parameters:
MaxProto-defines the maximum IP protocol number, after which the signature fires
MinProto-Defines the minimum IP protocol number, after which the signature fires
isRFC1918-Defines whether the packet is from RFC 1918 address pool
-Cisco Secure Intrusion Detection System 4 chap 13 page 13
BGP is a layer 3 routing protocol. Atomic.L3.IP will detect layer 3 IP alarms
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 628
QUESTION NO: 38
A Cisco IDS Sensor has been configured to detect attempts to extract the password file
from Windows 2000 systems. During a security assessment, the consultants attempted to
extract the password files from three Windows 2000 servers. This activity was not
detected by the Sensor.
What situation has this activity caused?
A. False negative
B. False positive
C. True positive
D. True negative
Answer: A
False negative – is when an IDS fails to generates an alarm for known intrusive activity.
False positive - is when an IDS generates an alarm for normal user activity.
True positive – is when an IDS generates an alarm for known intrusive activity.
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 55 & 58
Note: A situation in which a signature is not fired when offending traffic is detected. An
actual attack is not detected -Cisco Secure Intrusion Detection System 4 chap 3 page 11
QUESTION NO: 39
A company has installed an IDSM into a Catalyst 6509 switch in slot 9. The network
security architect has designed a solution that requires the IDSM monitor traffic only
from VLAN 199.
Which Catalyst OS commands are used to achieve this configuration?
A. set trunk 9/2 199
B. clear trunk 9/2 199