PrepAway - Latest Free Exam Questions & Answers

Which value is not used by the Cisco IPS appliance in t…

Which value is not used by the Cisco IPS appliance in the risk rating calculation?

PrepAway - Latest Free Exam Questions & Answers

A.
attack severity rating

B.
target value rating

C.
signature fidelity rating

D.
promiscuous delta

E.
threat rating adjustment

F.
watch list rating

Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0 900aecd806e7299.html
Risk Rating Calculation
Risk rating is a quantitative measure of your network’s threat level before IPS mitigation. For each event fired by IPS signatures, Cisco IPS Sensor Software
calculates a risk rating number.
The factors used to calculate risk rating are:
Signature fidelity rating: This IPS-generated variable indicates the degree of attack certainty. · Attack severity rating: This IPS-generated variable indicates the
amount of damage an attack can cause.
Target value rating: This user-defined variable indicates the criticality of the attack target. This is the only factor in risk rating that is routinely maintained by the
user. You can assign a target value rating per IP address in Cisco IPS Device Manager or Cisco Security Manager. The target value rating can raise or lower the
overall risk rating for a network device. You can assign the following target values:
75: Low asset value
100: Medium asset value
200: Mission-critical asset value
Attack relevancy rating: This IPS-generated value indicates the vulnerability of the attack target.
Promiscuous delta: The risk rating of an IPS deployed in promiscuous mode is reduced by the promiscuous delta. This is because promiscuous sensing is less
accurate than inline sensing. The promiscuous delta can be configured on a per-signature basis, with a value range of 0 to 30. (The promiscuous delta was
introduced in Cisco IPS Sensor Software Version 6.0.) · Watch list rating: This IPS-generated value is based on data found in the Cisco Security Agent watch
list. The Cisco Security Agent watch list contains IP addresses of devices involved in network scans or possibly contaminated by viruses or worms. If an attacker
is found on the watch list, the watch list rating for that attacker is added to the risk rating. The value for this factor is between 0 and 35. (The watch list rating was
introduced in Cisco IPS Sensor Software Version 6.0.)

The formula to calculate risk rating in Cisco IPS Sensor Software Version 6.0 is:
Risk rating can help enhance your productivity as it intelligently assesses the level of risk of each event and helps you focus on high-risk events.


Leave a Reply