Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router?

Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

A.
syslog

B.
SDEE

C.
FTP

D.
TFTP

E.
SSH

F.
HTTPS

Explanation:



Leave a Reply 8

Your email address will not be published. Required fields are marked *


Luis Cifer

Luis Cifer

According to Quick reference and cisco site

should be SDEE and Syslog A and B

QR:
To view SDEE alarm messages in CCP, choose Monitor > Logging > SDEE Message Log .
To view alarms generated by Cisco IOS IPS, choose Monitor > Logging > Syslog .

Do I see alarms on a console?
A. When Cisco IOS IPS triggers a signature, you will be able to see alerts on the console if “logging console” has been configured. Additionally, if syslog has been turned on, you will see alerts on the syslog server. Cisco SDEE should be turned on to see alerts. They can be received on the Cisco Configuration Professional (CCP) and Cisco IPS Manager Express (IME) as well as devices such as the Cisco Security Monitoring, Analysis, and Response System (CS-MARS).

Lonix

Lonix

i agree. đŸ™‚

Paul

Paul

Per the CISCO Cert Guide, CCNA Security 604-554, Copyright 2013, page 385 in the real book. (see below for the Kindle cite.)

“Three main protocols are used in delivering alerts. They are Security Device Event Exchange (SDEE), syslog, and SNMP. You can use one or all of these methods to get the alerts off of the sensor and sent to the device that you choose to use to view what is happening in the world of alerts.”

Morris, Scott; Barker, Keith (2012-07-06). CCNA Security 640-554 Official Cert Guide (Official Certificate Guide) (Kindle Locations 7172-7174). Pearson Education (US). Kindle Edition.

John

John

The key word in the question is ‘Pull’. An ISR can ‘send’ IPS alerts via syslog. With a pull mechanism, requests come from the network management application. CCP uses SDEE which requires either HTTP or HTTPS to be enabled in order for the router to see the request.

Per the way the question is worded, B and F are correct.

dnaiele

dnaiele

so, are sdee and syslog or sdee and https?
because on simulators there are all 2 answers..

Vinn

Vinn

I immediately thought the answer indeed would be Syslog and SDEE as well, however, I now agree with “John” from post 7/28/13 because specifically CCP does require HTTPS, so I think its SDEE and HTTPS.

juantron

juantron

I think the answer is AB
HTTP or HTTPs is a prerrequisite for CCP to function.
You can use CCP without HTTP, so https is discarded as a solution.
Https is obviously recommended but it’s not a must.
To enable SDEE, http is a must.
Enable SDEE and logging event notification:
•Router(config)# ip http server (Enable the HTTP server (required).)
•Router(config)# ip ips notify sdee (Enable IPS SDEE event notification.)
• Router(config)# ip ips notify log (Enable logging.)
To use SDEE, the HTTP server must be enabled (via the `ip http server’ command). If the HTTP server is not enabled, the router cannot respond to the SDEE clients because it cannot see the requests. SDEE notification is disabled by default and must be explicitly enabled.
IOS IPS also supports the use syslog to send event notification. SDEE and syslog can be used independently or enabled at the same time to send IOS IPS event notification. Syslog notification is enabled by default. If logging console is enabled, you will see IPS syslog messages.
These are the options available when configuring router IPS:
Router(config)#ip ips notify ?
SDEE Send events to SDEE
log Send events as syslog messages
The only 2 options when configuring IPS on a router are SDEE and syslog. But you also can use SNMP to generate ips alerts.

Matt

Matt

You guys are trying to use logic! stop it!
Answer is B and F SDEE and HTTPS
No logic! Just because Cisco says so đŸ˜‰
j/k Actually SDEE requires HTTP(S) to pull!