Datasheet
642 -531
Leading the way in IT testing and certification tools, www.testking.com
- 76 -
Section 2: Design a Cisco IDS solution using the blocking feature,
including the ACL placement considerations, when deciding
where to apply Sensor-generated ACLs (7 questions)
QUESTION NO: 1
Which of the following commands does a Cisco IOS router use to block attacks, as
directed by and IDS blocking Sensor?
A. acl
B. shun
C. access-list
D. set security acl ip
Answer: C
Explanation:
If you configure the sensor for blocking, every router interface you configure the sensor to
manage is controlled solely by the sensor even if no blocks are applied. The default ACL used
by the sensor sets permit ip any any for controlled interfaces, and all traffic not being
currently blocked is allowed through the router on the controlled interface. You should accept
the ACL generated by the sensor.
If you want to change the ACL generated by the sensor, you can specify preshun or postshun
ACLs by using the PreShunACL and PostShunACL tokens. The sensor allows two ACL
numbers for each interface that is controlled by device management. The PreShunACL
designates ACL entries that the sensor should place in the ACL before placing any deny
entries for the addresses being blocked. The PostShunACL designates ACL entries that the
sensor should place after all deny entries for the address being blocked.
Note You cannot use standard named or numbered IP access lists (one that requires the
standard keyword) such as the following:
ip access-list standard name
You can use a standard ACL as long as it is in this format:
access-list number
Reference:
Cisco Courseware 5-46
QUESTION NO: 2
Which of the following represents the best description of a pre-block ACL on an IDS
blocking device?
A. ACL entries applied to the start of the active ACL before blocking entries applied