What is the status of OS Identification?



What is the status of OS Identification?



What is the status of OS Identification?

A.
It is only enabled to identify “Cisco IOS” OS using statically mapped OS fingerprinting

B.
OS mapping information will not be used for Risk Rating calculations.

C.
It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.

D.
It is enabled for passive OS fingerprinting for all networks.

Explanation:

Understanding Passive OS Fingerprinting Passive OS fingerprinting lets the sensor determine the
OS that hosts are running. The sensor analyzes network traffic between hosts and stores the OS
of these hosts with their IP addresses. The sensor inspects TCP SYN and SYNACK packets
exchanged on the network to determine the OS type. The sensor then uses the OS of the target
host OS to determine the relevance of the attack to the victim by computing the attack relevance
rating component of the risk rating. Based on the relevance of the attack, the sensor may alter the
risk rating of the alert for the attack and/or the sensor may filter the alert for the attack. You can
then use the risk rating to reduce the number of false positive alerts (a benefit in IDS mode) or
definitively drop suspicious packets (a benefit in IPS mode). Passive OS fingerprinting also
enhances the alert output by reporting the victim OS, the source of the OS identification, and the
relevance to the victim OS in the alert. Passive OS fingerprinting consists of three components:
•Passive OS learning Passive OS learning occurs as the sensor observes traffic on the network.

Based on the characteristics of TCP SYN and SYNACK packets, the sensor makes a
determination of the OS running on the host of the source IP address. •User-configurable OS
identification You can configure OS host mappings, which take precedence over learned OS
mappings. •Computation of attack relevance rating and risk rating

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

Geo Hopkin

Geo Hopkin

New 300-207 Exam Questions and Answers Updated Recently (14/June/2016):

NEW QUESTION 226
On which plateforms can you run CWS connector? (choose two)

A. Cisco ASA Firewall
B. Cisco IPS module
C. Standalone deployment
D. Cisco ISR router
E. Cisco Firepower NGIPS

Answer: AD

NEW QUESTION 227
Refer to the exhibit, which description of the result of this configuration is true?
Router(config)#line vty 5 15
Router(config-line)#access-class 23 in

A. Only clients denied in access list 23 can manage the router.
B. Only telnet access (TCP) is allowed on the VTY lines of this router.
C. Only clients permitted in access list 23 can manage the router.
D. Only SSH access (TCP 23) is allowed on the VTY lines of this router.

Answer: C

NEW QUESTION 228
What does the anomaly detection Cisco IOS IPS component detection ?

A. ARP Spoofing
B. Worm-infected hosts
C. Signature changes
D. Network Congestion

Answer: B

NEW QUESTION 229
Refer to the exhibit. The security engineer has configured cisco cloud web security redirection on a cisco ASA firewall. Which statement describes what can be determined from exhibit?
authUserName: LAB\user1
authenticated: true
companyName: Companyl
countryCode: US
externalIP: 209.165.200.241
groupNames:
– Test Lab
– “LAB://testgroup’l
logicalTowerNumber: 197
staticGroupNames:
– Test Lab
– “LAB://testgroup’l
userName: userl

A. In case of issues, the next step should be to perform debugging on the cisco ASA.
B. The URL visited by the user was LAB://testgroup.
C. This out has been obtained by browsing to whoami.scansafe.net
D. The IP address of the Scansafe tower is 209.165.200.241

Answer: C

NEW QUESTION 230
Refer to the exhibit. How is the “cisco” password stored?
Router (config) #username admin secret cisco
Router (config) #no service password-encryption

A. As MD5 hash
B. As Type 0
C. As Type 7
D. As Clear Text

Answer: A

NEW QUESTION 231
Refer to the exhibit. What type of password is “cisco”?
Router(config)#service password-encryption
Router(config)#username admin password cisco

A. Enhanced
B. CHAP
C. Type 7
D. Type 0

Answer: C

NEW QUESTION 232
When does the Cisco ASA send traffic to the Cisco ASA IPS module for analysis?

A. before firewall policy are applied
B. after outgoing VPN traffic is encrypted
C. after firewall policies are applied
D. before incoming VPN traffic is decrypted

Answer: C

NEW QUESTION 233
Which technique is deployed to harden network devices?

A. port-by-port router ACLs
B. infrastructure ACLs
C. transmit ACLs
D. VLAN ACLs

Answer: B

NEW QUESTION 234
Refer to the exhibit. Which option describe the result of this configuration on a Cisco ASA firewall?
asafwl (config) #http server enable
asafw1(config)#http 10.10.10.1 255.255.255.255 inside

A. The firewall allows command-line access from 10.10.10.1
B. The firewall allows ASDM access from a client on 10.10.10.1
C. The management IP address of the firewall is 10.10.10.1
D. The inside interface IP address of the firewall is 10.10.10.1

Answer: B

NEW QUESTION 235
……

P.S. These New 300-207 Exam Questions Were Just Updated From The Real 300-207 Exam, You Can Get The Newest 300-207 Dumps In PDF And VCE From — http://j.mp/300-207-exam-dumps (251q)

Good Luck !!!

Reply