What is one benefit of using a next-generation firewall rather than a stateful firewall?Integrated use of an intrusion prevention system (IPS)Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)- Layer 3
- Layer 4
- Layer 5Which statement is a characteristic of a packet filtering firewall?They are susceptible to IP spoofingWhich type of firewall is supported by most routers and is the easiest to implement?Packet filtering firewallWhich type of traffic is usually blocked when implementing a demilitarized zone?Traffic originating from the DMZ network and traveling to the private network.What are two characteristics of an application gateway firewall? (Choose two.)- Analyzes traffic at Layers 3, 4, 5, and 7 of the OSI model
- Performs most filtering and firewall control in softwareWhich type of firewall generally has a low impact on network performance?stateless firewallWhich type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?Packet filtering firewallHow does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?Traffic is usually blocked when it is origination from the DMZ network and traveling to a private networkWhich two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)- UDP
- ICMPWhat are two benefits of implementing a firewall in a network? (Choose two.)- A firewall will sanitize protocol flow
- A firewall will reduce security management complexityWhen implementing a ZPF, which statement describes a zone?A zone is a group of one or more interfaces that have similar functions or features.Which statement accurately describes Cisco IOS zone-based policy firewall operation?The pass action works in only one directionsHow does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?DropWhich statement describes a factor to be considered when configuring a zone-based policy firewall?A zone must be configured with the zone security global command before it can be used in the zone-member security commandWhich statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?By default, traffic is allowed to flow among interfaces that are members of the same zoneDesigning a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?determine the zonesWhen a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)- Inspect
- DropWhich three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
- Pass, inspect, and drop options can only be applied between two zones.
- If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.Which statement describes a feature of a zone-based policy firewall?It does not depends on ACL'sIn what step of zone-based policy firewall configuration is traffic identified for policy application?Configuring Class MapsWhen configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?Traffic must match all of the match criteria specified in the statement.In ZPF design, what is described as the self zone?The router itself, including all interfaces with assigned IP addresses.Which statement describes a zone when implementing ZPF on a Cisco router?A zone establishes a security border of a network.More vulnerable to network security evasion techniques enabled by various network attack methods (IDP or IPS)IDSCan affect network performance by introducing latency and jitter (IDP or IPS)IPSMust be implemented so that time-sensitive applications are not adversely affected (IDP or IPS)IPSCannot stop the trigger packet and is not guaranteed to stop a connection (IDP or IPS)IDSDeployed in offline mode (IDP or IPS)IDSCan use stream normalization techniques to reduce or eliminate many of the network security evasion capabilities that exist (IDP or IPS)IPSCan be configured to perform a packet drop to stop the trigger packet (IDP or IPS)IPSPrimarily focused on identifying possible incidents, logging information about the incidents, and reporting the incidents (IDP or IPS)IDSMust be deployed inline, and traffic must be able to pass through it (IDP or IPS)IPSLess helpful in stopping email viruses and automated attacks, such as worms (IDP or IPS)IDSTrue or False? A HIPS can be configured in either promiscuous or inline mode.FalseWhat is true of a NIPS that is running in inline mode?It can add latency to the networkWhat is true of a HIPS?HIPS software combines anti-virus, anti-malware, and firewall functionalityWhat is an example of a HIPS?Windows DefenderSnort IPS is available on which router platform?Cisco 4000Where does the Snort engine run?Service ContainerIn which operating mode does Snort IDS inspect traffic and report alerts, but does not take any action to prevent attacks?IDS modeWhat is an IPS signature?It is a set of rules used to detect typical intrusive activityWhich network technology uses a passive splitting device that forwards all traffic, including Layer 1 errors, to an analysis device?Network TapWhat is a characteristic of an IPS operating in inline-mode?It can stop malicious traffic from reaching the intended targetWhat is a zero-day attack?It is a computer attack that exploits unreported software vulnerabilitiesWhat is a feature of an IPS?It can stop malicious packetsWhich network monitoring technology passively monitors network traffic to detect attacks?IDSWhich open source network monitoring technology performs real-time traffic analysis and generates alerts when threats are detected on IP networks?Snort IPSWhich Cisco platform supports Cisco Snort IPS?4000 series ISRWhich device supports the use of SPAN to enable monitoring of malicious activity?Cisco Catalyst SwitchWhat is a host-based intrusion detection system (HIDS)?It combines the functionalities of antimalware applications with firewall protectionWhich network monitoring capability is provided by using SPAN?Traffic Exiting and entering a switch is copied to a network monitoring deviceWhat network monitoring tool can be used to copy packets moving through one port, and send those copies to another port for analysis?SPANWhich statement correctly describes the configuration of a Snort VPG interface?The VPG0 interface must have a routable address with access to the internetWhich action logs the IP address from a malicious source only and sends an alert?Log attacker packetsWhich action terminates a malicious packet only?Deny packet inlineWhich action makes the IPS device send TCP resets to hijack and terminate a TCP flow?Reset TCP connectionWhat are the three actions supported by Snort IDS? (Choose three.)- Alert
- Log
- PassWhich two options are components of Snort IPS that is running on an ISR 4000? (Choose two.)- Snort engine
- Snort rule SetWhich type of file contains a compressed, installable version of the Snort IPS virtual machine?OVAWhich Snort IPS interface statement is true?Two virtual port group interfaces are requiredWhich IPS signature trigger category uses the simplest triggering mechanism and searches for a specific and pre-defined atomic or composite pattern?Pattern-Based DetectionWhat term describes a set of rules used by an IDS or IPS to detect typical intrusion activity?SignatureWhich type of alert is generated when an IPS incorrectly identifies normal network user traffic as attack traffic?False positiveWhat is a characteristic of the Snort subscriber rule set term-based subscription?It is available for a feeWhich classification indicates that an alert is verified as an actual security incident?True positiveWhich intrusion prevention service was available on first-generation ISR routers and is no longer supported by Cisco?Cisco IOS IPSWhat are three actions that can be performed by Snort in IDS mode? (Choose three.)- Log
- Pass
- AlertWhich device is a dedicated inline threat prevention appliance that is effective against both known and unknown threats?Cisco FirePOWER NGIPSWhich rule action will cause Snort IPS to block a packet without logging it?SdropWhat is the source for IPS rule updates when using a Cisco intrusion prevention service?Cisco Talos
