|
Thanx to www.examscheets.com for
providing helpful material.Here is my contribution.
642-531
Cisco Secure Intrusion Detection
System (CSIDS)
QUESTION 1
Which type of attack is characterized by an intruder targeting
networks or systems to retrieve data or escalate their privileges?
A. Access attack
B. Reconnaissance attack
C. Denial of Service attack
D. Authorization attack
Answer: A
Access Attacks
Access is a broad term used to
describe any attack that requires the intruder to gain unauthorized
access to a secure system with the intent to manipulate data,
elevate privileges, or simply access the system. The term "access
attack" is used to describe any attempt to gain system access,
perform data manipulation, or elevate privileges. System Access
Attacks System access is the act of gaining unauthorized access to a
system for which the attacker doesn't have a user account. Hackers
usually gain access to a device by running a script or a hacking
tool, or exploiting a known vulnerability of an application or
service running on the host. Data Manipulation Access Attacks Data
manipulation occurs when an intruder simply reads, copies, writes,
deletes, or changes data that isn't intended to be accessible by the
intruder. This could be as simple as finding a share on a Windows 9x
or NT computer, or as difficult as attempting to gain access to a
credit bureau's information, or breaking into the department of
motor vehicles to change a driving record. Elevating Privileges
Access Attacks Elevating privileges is a common type of attack. By
elevating privileges an intruder can gain access to files, folders
or application data that the user account was not initially granted
access to. Once the hacker has gained a high-enough level of access,
they can install applications, such as backdoors and Trojan horses,
to allow further access and reconnaissance. A common goal of hackers
is to CCSP: Cisco Certified Security Professional Certification
All-in-One Exam Guide
QUESTION 2
Which user account role on a Cisco IDS Sensor allows a user to
perform all Sensor operations?
A. Operator
B. Viewer
C. Service
D. Administrator
Answer: D
QUESTION 3
Which signature description best describes a service signature
engine?
A. Protocol analysis for layers 5,
6, and 7 applications.
B. Inspects multiple transport
protocols.
C. Detects network reconnaissance.
D. Identifies traffic
irregularities.
Answer: A
QUESTION 4
Which protocol does the IDS MC Sensors use to securely manage an IDS
Sensor?
A. SSL
B. SSH
C. RDEP
D. HTTP
E. Postofficed
Answer: B
QUESTION 5
Which ports will be examined if the ATOMIC.TCP signature parameter
PortRangeSource is set to 0 (zero)?
A. This setting will disable port
inspection.
B. This is a protected setting and
cannot be set to 0 (zero).
C. All ports destined to the source
will be inspected.
D. All ports from the source will be
inspected.
Answer: D
QUESTION 6
An
intruder has created a worm that targets an application running on a
fixed port and attempts to gain administrator access using a
well-known default password. Given these signature engines, which
would be the best choice when creating a custom signature?
A. ATOMIC.IPOPTIONS
B. SERVICE.MSSQL
C. SERVICE.IDENT
D. STRING.TCP
Answer: A
QUESTION 7
Which
protocol does an administrator use to communicate with the
Monitoring Center for Security from the desktop?
A. Telnet
B. RDEP
C. IDAPI
D. HTTP
E. HTTPS
Answer: E
QUESTION 8
The Cisco IDS Sensor service pack file IDSk9-sp-3.1-2-S23.bin exists
on the Sensor. Which command installs the service pack on the
Sensor?
A. IDSk9-sp-3.1-2-S23 -install
B. IDSk9-sp-3.1-2-S23.bin -install
C. IDSk9-sp-3.1-2-S23.bin -i
D. IDSk9-sp-3.1-2-S23.bin -l
E. IDSk9-sp-3.1-2-S23-bin -apply
F. IDSk9-sp-3.1-2-S23 -apply
Answer: E
Reference: Cisco Intrusion Detection
System - Upgrading the Intrusion
Detection System Module
I am not sure about answer D. I
really cant find anything that supports it. In the new course the
command is update. I think that the answer may be E using the apply
command as shown in the explanation.
QUESTION 9
Which network management product is used to deploy configurations to
groups of IDS devices?
A. IDM
B. IDS Management Center
C. Security Monitoring
D. IEV
Answer: B
|
