In this post, I will share the questions and answers for CCNA Security Chapter 5 Test. All the questions and answers are valid and 100% correct. The questions shared in this post is based on CCNAS v1.1. I wish this post will be a good reference to all of us in answering CCNA Security Chapter 5 Test.
Refer to the exhibit. When modifying an IPS signature action, which two check boxes should be selected to create an ACL that denies all traffic from the IP address that is considered the source of the attack and drops the packet and all future packets from the TCP flow? (Choose two.)
Deny Attacker Inline
Deny Connection Inline
Deny Packet Inline
Reset TCP Connection
Why is a network that deploys only IDS particularly vulnerable to an atomic attack?
The IDS must track the three-way handshake of established TCP connections.
The IDS must track the three-way handshake of established UDP connections.
The IDS permits malicious single packets into the network.
The IDS requires significant router resources to maintain the event horizon.
The stateful properties of atomic attacks usually require the IDS to have several pieces of data to match an attack signature.
Refer to the exhibit. What is the result of issuing the Cisco IOS IPS commands on router R1?
A named ACL determines the traffic to be inspected.
A numbered ACL is applied to S0/0/0 in the outbound direction.
All traffic that is denied by the ACL is subject to inspection by the IPS.
All traffic that is permitted by the ACL is subject to inspection by the IPS.
Which two files could be used to implement Cisco IOS IPS with version 5.x format signatures? (Choose two.)
A network administrator tunes a signature to detect abnormal activity that might be malicious and likely to be an immediate threat. What is the perceived severity of the signature?
Which two benefits does the IPS version 5.x signature format provide over the version 4.x signature format? (Choose two.)
addition of signature micro engines
support for IPX and AppleTalk protocols
addition of a signature risk rating
support for comma-delimited data import
support for encrypted signature parameters
Which two Cisco IOS commands are required to enable IPS SDEE message logging? (Choose two.)
ip ips notify log
ip http server
ip ips notify sdee
ip sdee events 500
Refer to the exhibit. What is the significance of the number 10 in the signature 6130 10 command?
It is the alert severity.
It is the signature number.
It is the signature version.
It is the subsignature ID.
It is the signature fidelity rating.
What is a disadvantage of network-based IPS as compared to host-based IPS?
Network-based IPS is less cost-effective.
Network-based IPS cannot examine encrypted traffic.
Network-based IPS does not detect lower level network events.
Network-based IPS should not be used with multiple operating systems.
What information is provided by the show ip ips configuration configuration command?
detailed IPS signatures
alarms that were sent since the last reset
the number of packets that are audited
the default actions for attack signatures
Which statement is true about an atomic alert that is generated by an IPS?
It is an alert that is generated every time a specific signature has been found.
It is a single alert sent for multiple occurrences of the same signature.
It is both a normal alarm and a summary alarm being sent simultaneously at set intervals.
It is an alert that is used only when a logging attack has begun.
Which Cisco IPS feature allows for regular threat updates from the Cisco SensorBase Network database?
IPS Manager Express
Which protocol is used when an IPS sends signature alarm messages?
Refer to the exhibit. Based on the configuration that is shown, which statement is true about the IPS signature category?
Only signatures in the ios_ips basic category will be compiled into memory for scanning.
Only signatures in the ios_ips advanced category will be compiled into memory for scanning.
All signature categories will be compiled into memory for scanning, but only those signatures in the ios_ips basic category will be used for scanning purposes.
All signatures categories will be compiled into memory for scanning, but only those signatures within the ios_ips advanced category will be used for scanning purposes.
A network security administrator would like to check the number of packets that have been audited by the IPS. What command should the administrator use?
show ip ips signatures
show ip ips interfaces
show ip ips statistics
show ip ips configuration
Refer to the exhibit. Based on the configuration commands that are shown, how will IPS event notifications be sent?
Refer to the exhibit. What action will be taken if a signature match occurs?
An ACL will be created that denies all traffic from the IP address that is considered the source of the attack, and an alert will be generated.
This packet and all future packets from this TCP flow will be dropped, and an alert will be generated.
Only this packet will be dropped, and an alert will be generated.
The packet will be allowed, and an alert will be generated.
The packet will be allowed, and no alert will be generated.
An administrator is using CCP to modify a signature action so that if a match occurs, the packet and all future packets from the TCP flow are dropped. What action should the administrator select?
Refer to the exhibit. Based on the configuration, what traffic is inspected by the IPS?
only traffic entering the s0/0/1 interface
all traffic entering or leaving the fa0/1 interface
only traffic traveling from the s0/0/1 interface to the fa0/1 interface
all traffic entering the s0/0/1 interface and all traffic leaving the fa0/1 interface
all traffic entering the s0/0/1 interface and all traffic entering and leaving the fa0/1 interface
Refer to the exhibit. As an administrator is configuring an IPS, the error message that is shown appears. What does this error message indicate?
The signature definition file is invalid or outdated.
The public crypto key is invalid or entered incorrectly.
The flash directory where the IPS signatures should be stored is corrupt or nonexistent.
SDEE notification is disabled and must be explicitly enabled.
All the answers should be 100% correct. If you unable to achieve 100% score following all the questions and answers provided above, and you have the correct answer, please comment below so that other people able to get benefits from your experience and knowledge. We do appreciate any correction, new questions or latest version of any test that you might know. Sharing is caring.
Credit: This Chapter 5 CCNA Security Test contribute by Xase. All credits goes to him.
New Question Sections
Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution corrects this problem?
Issue the logging on command in global configuration.
Issue the ip audit notify log command in global configuration.
Issue the clear ip ips sdee events command to clear the SDEE buffer.
Issue the ip ips notify sdee command in global configuration.
What is a zero-day attack?
an attack that targets software vulnerabilities unknown or unpatched by the software vendor
an extortion threat directed against a bank, and demanding a huge amount of money within a short response time, typically within a day
a type of DoS attack that launches within 24 hours after it first infects multiple computers around the world
a rapid exploit attack of employee login credentials via the use of social engineering techniques
What is a disadvantage of a pattern-based detection mechanism?
It cannot detect unknown attacks.
Its configuration is complex.
It is difficult to deploy in a large network.
The normal network traffic pattern must be profiled first.
Refer to the exhibit. Which option tab on the CCP screen is used to view the Top Threats table and deploy signatures associated with those threats?
Many thanks to contributor for updated question. Should you have latest question that did not appear in a particular chapter post, please do share with us. You may email to firstname.lastname@example.org. Thank you