Datasheet
9E0 - 100
Leading the way in IT testing and certification tools, www.testking.com
- 7 -
F. Network abuse
Answer: A, C, F
Explanation:
An IDS is software and possibly hardware that detects attacks against your network. They
detect intrusive activity that enters into your network. You can locate intrusive activity by
examining network traffic, host logs, system calls, and other areas that signal an attack against
your network.
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 54
QUESTION NO: 8
Which network device can be used to capture network traffic for intrusion detection
systems without requiring additional configuration?
A. Hubs
B. Switches
C. Network taps
D. Router
Answer: A
Explanation: The ability to capture traffic may be inherent to a device technology or may
require special features to provide this capability. For example, network hubs by their nature
replicate data to all ports. Switches, on the other hand, rely on features such as port mirroring
to permit the copy of specific traffic top another port.
Cisco Secure Intrusion Detection System 4 chap 5 page 3
QUESTION NO: 9
Which VLAN ACL sends only ftp traffic to a Cisco IDS Sensor connected to a Catalyst
6500 switch?
A. set security acl ip FTP_ACL permit udp any any eq 21
B. set security acl ipx FTP_ACL permit ip any any capture
C. set security acl ipx FTP_ACL permit tcp any any eq 21
D. set security acl ip FTP_ACL permit tcp any any eq 21 capture
E. set security acl ip FTP_ACL permit ip any any capture
F. set security acl ip FTP_ACL permit icmp any any eq 21
Answer: D
Explanation:
To create a VACL, you need to use the set security acl ip switch command. The syntax for
capturing TCP traffic between a source IP address and a destination IP address is as follows:
set security acl ip acl_name permit tcp src_ip_spec dest_ip_spec port capture
Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 505