PrepAway - Latest Free Exam Questions & Answers

which three sources does the Cisco IPS appliance obtain…

From which three sources does the Cisco IPS appliance obtain OS mapping information? (Choose three.)

PrepAway - Latest Free Exam Questions & Answers

A.
from manually configured OS mappings

B.
imported OS mappings from Management Center for Cisco Security Agent

C.
imported OS mappings from Cisco Security Manager

D.
learned OS mappings from passive OS fingerprinting

E.
learned OS mappings from Cisco SensorBase input

F.
from Cisco IPS signature updates

Explanation:
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/securi ty_manager/4.1/user/guide/ipsevact.html#wp707692
There are three sources of OS information. The sensor ranks the sources of OS information in the following order:
1. Configured OS mappings–OS mappings that you enter on the OS Identification tab of the Event Actions
Network Information policy. You can configure different mappings for each virtual sensor. For more information, see Configuring OS Identification (Cisco IPS 6.x
and Later Sensors Only). We recommend configuring OS mappings to define the identity of the OS running on critical systems. It is best to configure OS mappings
when the OS and IP address of the critical systems are unlikely to change.
2. Imported OS mappings–OS mappings imported from Management Center for Cisco Security Agents (CSA MC).
Imported OS mappings are global and apply to all virtual sensors. For information on configuring the sensor to use CSA MC, see Configuring the External Product
Interface, page 32- 23.
3. Learned OS mappings–OS mappings observed by the sensor through the fingerprinting of TCP packets with the SYN control bit set.
Learned OS mappings are local to the virtual sensor that sees the traffic. When the sensor needs to determine the OS for a target IP address, it consults the
configured OS mappings. If the target IP address is not in the configured OS mappings, the sensor looks in the imported OS mappings. If the target IP address is
not in the imported OS mappings, the sensor looks in the learned OS mappings. If it cannot find it there, the sensor treats the OS of the target IP address as
unknown.


Leave a Reply