Which type of intrusion prevention technology is the primary type used by the Cisco IPS security
appliances?

A.
profile-based

B.
rule-based

C.
protocol analysis-based

D.
signature-based

E.
NetFlow anomaly-based

Explanation:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html
The Signature Definition File
A Signature Definition file (SDF) has definitions for each signature it contains. After signatures are
loaded and complied onto a router running Cisco IOS IPS, IPS can begin detecting the new
signatures immediately. If customers do not use the default, built-in signatures that are shipped
with the routers, users can choose to download one of two different types of SDFs: the attackdrop.sdf file (which is a static file) or a dynamic SDF (which is dynamically updated and accessed
from Cisco.com).
The attack-drop.sdf file is available in flash on all Cisco access routers that are shipped with Cisco
IOS Release 12.3(8)T or later. The attack-drop.sdf file can then be loaded directly from flash into
the Cisco IOS IPS system. If flash is erased, the attack-drop.sdf file may also be erased. Thus, if
you are copying a Cisco IOS image to flash and are prompted to erase the contents of flash before
copying the new image, you might risk erasing the attack-drop.sdf file. If this occurs, the router will
refer to the built-in signatures within the Cisco IOS image. The attack-drop.sdf file can also be
downloaded onto your router from Cisco.com.
To help detect the latest vulnerabilities, Cisco provides signature updates on Cisco.com on a
regular basis. Users can use SDM or VMS to download these signature updates, tune the
signature parameters as necessary, and deploy the new SDF to a Cisco IOS IPS router.