Home
Blog
Hobbies
Movies
Recipes
Dogs
Videos
CCNA Security
Engineering
Forum
Submit
CCNA Security
Home
Chapters
Search
IPS Quiz
Implementing Intrusion Prevention
Question 1 of 12
What is the key operational difference between an IDS and an IPS?
Select the best answer:
An IDS blocks traffic inline; an IPS only alerts
An IPS is inline and can actively block traffic; an IDS only monitors and alerts
An IDS uses signatures; an IPS uses anomaly detection only
An IPS is deployed out-of-band; an IDS sits inline
An IPS deployed in "promiscuous mode" is operating as a:
Select the best answer:
True inline IPS that drops malicious packets
Passive IDS that monitors a copy of traffic without blocking
Proxy firewall that intercepts all sessions
Zone-based firewall operating on a VLAN trunk
An IPS signature that triggers on a single packet is called a(n):
Select the best answer:
Composite signature
Atomic signature
Anomaly-based signature
Policy-based signature
A "false positive" in IPS terminology means:
Select the best answer:
A real attack that the IPS fails to detect
Legitimate traffic incorrectly identified as an attack
A signature that matches only part of an attack pattern
An IPS rule that fires on encrypted traffic
Which Cisco IOS command enables IPS on an interface for inbound traffic?
Select the best answer:
ip ips enable
ip ips <rule-name> in
ips apply rule inbound
service ips inbound
Cisco IOS IPS signature files are stored in which format?
Select the best answer:
Binary .bin files compiled into IOS
XML-based Signature Definition Files (SDFs)
Plain-text .txt rule files similar to Snort
Compressed .tar.gz signature packages
The default IPS action when a signature matches and the action is set to "drop" is to:
Select the best answer:
Send a TCP RST to both endpoints and log the event
Silently discard the offending packet
Rate-limit the source IP address
Shunt the traffic to a honeypot VLAN
Anomaly-based IPS detection works by:
Select the best answer:
Matching traffic against a database of known attack patterns
Comparing current traffic behavior to a baseline of normal activity
Decrypting SSL traffic and scanning the payload
Checking packets against firewall ACL rules
Which command creates a named IPS rule on a Cisco IOS router?
Select the best answer:
ip ips policy <rule>
ip ips name <rule>
ips rule define <rule>
ip inspect name <rule>
A "false negative" in IPS terminology is most dangerous because it means:
Select the best answer:
The IPS blocked legitimate traffic, causing an outage
A real attack went undetected and was not blocked
The IPS generated too many alerts for analysts to review
A signature file was loaded that does not match any known threats
IPS signature-based detection is most effective against:
Select the best answer:
Zero-day exploits with no known signatures
Known attacks with documented exploit patterns
Encrypted HTTPS traffic
Insider threats from authenticated users
The Cisco IOS IPS `ip ips config location` command specifies:
Select the best answer:
The IP address of the remote IPS management server
The flash directory path where signature files are stored
The syslog server destination for IPS alert messages
The interface on which IPS inspection is applied
Previous
Next
Submit Quiz