Which type of intrusion prevention technology is the primary type used by the Cisco IPS security
appliances?
A.
profile-based
B.
rule-based
C.
protocol analysis-based
D.
signature-based
E.
NetFlow anomaly-based
Explanation:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html
The Signature Definition FileA Signature Definition file (SDF) has definitions for each signature it contains. After signatures are
loaded and complied onto a router running Cisco IOS IPS, IPS can begin detecting the new signatures
immediately. If customers do not use the default, built-in signatures that are shipped with the
routers, users can choose to download one of two different types of SDFs: the attack-drop.sdf file
(which is a static file) or a dynamic SDF (which is dynamically updated and accessed from Cisco.com).
The attack-drop.sdf file is available in flash on all Cisco access routers that are shipped with Cisco IOS
Release 12.3(8)T or later. The attack-drop.sdf file can then be loaded directly from flash into the
Cisco IOS IPS system. If flash is erased, the attack-drop.sdf file may also be erased. Thus, if you are
copying a Cisco IOS image to flash and are prompted to erase the contents of flash before copying
the new image, you might risk erasing the attack-drop.sdf file. If this occurs, the router will refer to
the built-in signatures within the Cisco IOS image. The attack-drop.sdf file can also be downloaded
onto your router from Cisco.com.
To help detect the latest vulnerabilities, Cisco provides signature updates on Cisco.com on a regular
basis. Users can use SDM or VMS to download these signature updates, tune the signature
parameters as necessary, and deploy the new SDF to a Cisco IOS IPS router.