Datasheet
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 36 -
Answer: A, C
Explanation:
If the public SMTP server were compromised, a hacker might try to attack the internal mail
server over TCP port 25, which is permitted to allow mail transfer between the two hosts.
SNMP is a network management protocol that can be used to retrieve information from a
network device (commonly referred to as read-only access) or to remotely configure
parameters on the device (commonly referred to as read-write access). SNMP agents listen on
UDP port 161.
Reference:
SAFE Blueprint for Small, Midsize, and Remote-User Networks
QUESTION NO: 69
An attacker has launched an attack against a web server by requesting a web page using
the Unicode representation for the slash character in the URL.
What IDS evasive technique is the attacker using?
A. Encryption
B. Fragmentation
C. Flooding
D. Obfuscation
E. Saturation
Answer: D
Explanation: Intrusion detection systems typically implement obfuscation defense - ensuring
that suspect packets cannot easily be disguised with UTF and/or hex encoding and bypass the
Intrusion Detection systems.
Reference:
Cisco Intrusion Detection System - Cisco Security Advisory: Cisco
Secure Intrusion Detection System Signature Obfuscation Vulnerability
QUESTION NO: 70
What methods can be used to access the IDSM command line? (Choose two)
A. Telnet
B. Monitor and keyboard
C. IDS Device Manager
D. IDS Event Viewer
E. Session command
F. IDS Management Center
Answer: A, E
Explanation:
The Catalyst 6000 family switch can be accessed either through a console management
session or through telnet.
Reference:
Cisco Secure Intrusion Detection System (Ciscopress) page 498