PrepAway - Latest Free Exam Questions & Answers

Which state must a signature be in before any actions can be taken when an attack matches that signature?

You use Cisco Configuration Professional to enable Cisco IOS IPS. Which state must a signature
be in before any actions can be taken when an attack matches that signature?

PrepAway - Latest Free Exam Questions & Answers

A.
Enabled

B.
Unretired

C.
Successfully complied

D.
Successfully complied and unretired

E.
Successfully complied and enabled

F.
Unretired and enabled

G.
Enabled, unretired, and successfully complied

Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper090
0aecd8066d265.html
Step 21. Verify the signatures are loaded properly by using this command at the router prompt:
router#show ip ips signatures count
Cisco SDF release version S353.0
Trend SDF release version V0.0
|
snip
|
Total Signatures: 2363
Total Enabled Signatures: 1025
Total Retired Signatures: 1796
Total Compiled Signatures: 567
Total Obsoleted Signatures: 15
Step 23. To retire/unretire and enable/disable signatures, select the Edit IPS tab, then select
Signatures.
Highlight the signature(s), and then click the Enable, Disable, Retire, or Unretire button. Notice the
status changed in the Enabled or the Retired column. A yellow icon appears for the signature(s) in
the column next to Enabled. The yellow icon means changes have been made to the signature,
but have not been applied. Click the Apply Changes button to make the changes take effect.
Retire/unretire is to select/de-select which signatures are being used by IOS IPS to scan traffic.
Retiring a signature means IOS IPS will NOT compile that signature into memory for scanning.
Unretiring a signature instructs IOS IPS to compile the signature into memory and use the
signature to scan traffic.
Enable/disable does NOT select/de-select signatures to be used by IOS IPS.
Enabling a signature means that when triggered by a matching packet (or packet flow), the
signature takes the appropriate action associated with it. However, only unretired AND
successfully compiled signatures will take the action when they are enabled. In other words, if a
signature is retired, even though it is enabled, it will not be compiled (because it is retired) and it
will not take the action associated with it.

Disabling a signature means that when triggered by a matching packet (or packet flow), the
signature DOES NOT take the appropriate action associated with it. In other words, when a
signature is disabled, even though it is unretired and successfully compiled, it will not take the
action associated with it.


Leave a Reply