Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha de datos descargar pdf (Pagina 88)

642 -531

Leading the way in IT testing and certification tools, www.testking.com

- 88 -

Answer: C

Signature Structure

As previously discussed, signature implementations deal with packet headers and

packet payloads. The structure of the signatures deals with the number of packets that

must be examined to trigger an alarm. Two types of signature structures exist and these

are as follows:

• Atomic

• Composite

Atomic Structure

Some attacks can be detected by matching IP header information (context based) or

string information contained in a single IP packet (content based). Any signatures that

can be matched with a single packet fall into the atomic category. Because atomic

signatures

examine individual packets, there’s no need to collect or store state information.

An example of an atomic signature is the SYN-FIN signature (signature ID 3041).

This signature looks for packets that have both the SYN and FIN flags set. The SYN flag

indicates this is a packet attempting to begin a new connection. The FIN flag indicates

this packet is attempting to close an existing connection. These two flags shouldn’t be

used together and, when they are, this is an indication some intrusive activity might exist.

Cisco Courseware 13-14

QUESTION NO: 2

The new TestKing trainee technician wants to know which of the following signature

engine would be the best choice when creating a signature to examine EIGRP packets,

which uses protocol number 88. What will your reply be?

A. SERVICE.GENERIC

B. ATOMIC.L3.IP

C. ATOMIC.IP.ROUTING

D. OTHER

E. ATOMIC.IPOPTIONS

Answer: B

Explanation:

ATOMIC.L3.IP is a general-purpose Layer 3 inspector. It can handle DataLength and

Protocol Number comparisons. It also has some hooks for fragment and partial ICMP

comparisons. None of the parameters are required, so a simple signature meaning "any IP

packet" can be written.

Reference:

Cisco Courseware 13-33

QUESTION NO: 3

1 2 ... 83 84 85 86 87 88 89 90 91 92 93 ... 167 168

Sin comentarios

Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Ficha de datos Pagina 88