Manualshelf

Datasheet

ManualsBrandsCisco ManualsComputer equipmentIDS 4210 - Intrusion Detection Sys 4210 Sensor
21222324252627282930
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 29 -
Reference: Cisco Secure IDS Internal Architecture
QUESTION NO: 53
What Cisco IDS software is included with a Sensor appliance? (Choose two)
A. IDS Management Center
B. IDS Device Manager
C. Intrusion Detection Director
D. Cisco Secure Policy Manager
E. IDS Event Viewer
Answer: B, E
Explanation: The Cisco IDS Device Manager and IDS Event Viewer, both delivered through
Cisco IDS software version 3.1, are part of Cisco's multi-tiered management strategy
addressing the administrative needs of e-business security. The IDS Device Manager enables
easy, remote IDS sensor configuration with a high degree of customization, minimizing the
occurrence of false positives. The event monitoring capabilities delivered via the IDS Event
Viewer let customers collect, correlate, and analyze event data for rapid detection and
response to unauthorized network activity.
Reference:
Cisco Addresses Intrusion Protection with new IDS Solutions
QUESTION NO: 54
A Cisco IDS Sensor is capturing large volumes of network traffic. Which Cisco IDS
Sensor status alarm is an indication that the Sensor is being overwhelmed?
A. Daemon down
B. Route down
C. No traffic
D. Captured packet count
E. Missed packet count
F. Network saturated
Answer: E
Explanation: Problem: sensorApp does not respond after hours of being seriously
oversubscribed. All system memory, including SWAP, is exhausted when a 700 Mbps traffic
feed is sent to the 250 Mbps appliance 4235 over several hours.
Symptom: The CLI show version command may say "AnalysisEngine Not Running" or
control transactions will timeout with error about sensorApp not responding. You will see 993
missed packet alarms before the unresponsive state (if that alarm is Enabled).
Workaround: 1) Do not seriously oversubscribe the sensor. Chose the right appliance for your
network segment and partition the traffic accordingly. 2) If sensorApp (aka AnalysisEngine)
is listed as Not Running or is not responsive, issue a RESET command on the CLI. Do this