PrepAway - Latest Free Exam Questions & Answers

which one?

All of these are predefined reports in the Cisco IPS Manager Express (Cisco IME) GUI
except which one?

PrepAway - Latest Free Exam Questions & Answers

A.
Top Signature Report

B.
Top Application Report

C.
Attacks Overtime Report

D.
Top victims Report

E.
Top Attacker Report

Explanation:
http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/ime/imeguide71/ime_reports.html
These are the IME report types:Top Attacker Reports—Shows top attacker IP addresses for a specified time. You specify
the top number of attacker IP addresses. There are four predefined top attacker reports:
– Basic Top Attacker
– Top 10 Attackers Last 1 Hour
– Top 10 Attackers Last 8 Hours with High Severity
– Top 20 Critical Attackers Last 24 Hours
Top Victim Reports—Shows top victim IP addresses for a specified time. You specify the
top number of victim IP addresses. There are four predefined top victim reports:
– Basic Top Victim
– Top 10 Victims Last 1 Hour
– Top 10 Victims Last 8 Hours with High Severity
– Top 20 Victims with Action Denied Attacker
Top Signature Reports—Shows top signatures fired for a specified time. You specify the
top number of signatures. There are four predefined top signature reports:
– Basic Top Signature
– Top 10 Signatures Last 1 Hour
– Top 10 Signatures Last 8 Hours with High Severity
– Top 20 Critical Signatures Last 24 Hours
Attacks Over Time Reports—Shows the attacks over a specified time. There are five predefined reports:
– Basic Over Time Attack
– Attacks Blocked in Last 24 Hours
– Attacks Dropped in Last 24 Hours
– Attacks Over Time Last 1 Hour
– Critical Attacks Over Last 24 Hours
Filtered Events vs. All Events Reports—Displays a set of events against the total events
for a specified time period. There is one predefined report:
– Negative Reputation Events
Global Correlation Reports—Displays the global correlation reports since the sensor has
been running. There are two predefined global correlation reports:
– Reputation Filter
– Global Correlation
Specialized Reports—Displays the specialized reports. There is one predefined specialized report:
– Obfuscated Traffic/Attacks—This report contains statistics on suspect and explicit traffic obfuscation activity. It combines a top attacker report with a top event report. Traffic
obfuscation is way of getting attacks through the security device. With the strong obfuscation detection and cleansing capabilities of the Cisco IPS, you can detect traffic obfuscation and deal with potential threats.
Note The Obfuscated Traffic/Attacks report is available in IME 7.2.3 and later.Configuring and Generating Reports
Note The Filter tab and Add Filter dialog box fields now support IPv6 and IPv4 addresses.


Leave a Reply