| 思科安全入侵检测系统 |
Exam 643-531:
Cisco Security Intrusion Detection Systems Beta Exam (CSIDS)
|
 |
| |
| 基础介绍 |
CCSP认证的必要组成部分,在这门课程中间,讲授设计,安装和配置思科的大,中,小型网络入侵保护解决方案。学员需要通过CCNA认证或者具有同等水平
对WINDOWS操作系统有丰富的使用经验并且对UNIX操作系统有基本的了解
熟悉网络及其安全方面的基本术语及其概念。它是CCSP的五门必考科目之一. |
考试摘要 |
| The Cisco Security Intrusion Detection
Systems exam tests the |
|
|
| knowledge and skills needed to design, install, and
configure a Cisco Intrusion Protection solution for small,
medium, and enterprise networks. |
| |
| 考试目标 |
* 在多网络配置中安装Director 和Sensor
* 配置Director 和Sensor进行对网络上未授权活动的检测,响应和报告
* 配置Director将数据转换有图形显示
* 配置Director进行集中式管理和配置远程的Sensor
* 使用网络安全数据库(NSDB)访问网络安全方面的信息
* 学习IDS的信号是如何用于确定网络受到攻击
* 自定义Director 和Sensor以通过不同的方式满足操作需求和过滤错误的警报和信号
* 开发实现自定义的入侵检测信号
* 在设备管理模式下配置IDS,使之能控制路由器的访问控制列表
* 学习IDS的配置流程,使高级用户可以自定义入侵检测响应报告机制, 并进行通信参数的设定 |
| |
| 考试范围 |
The following information provides general guidelines
for the content likely to be included on this exam. However,
other related topics may also appear on any specific delivery
of the exam.
Describe and explain the
various intrusion detection technologies and evasive techniques
Define intrusion detection
Explain the difference between true and false, and positive
and negative alarms
Describe the relationship between vulnerabilities and
exploits
Explain the difference between HIP and NIDS
Describe the various techniques used to evade intrusion
detection
Design a Cisco IDS protection
solution for small, medium, and enterprise customers
List the network devices involved in capturing traffic
for intrusion detection analysis
Describe the traffic flows for each of the network devices
Explain the features and benefits of IDM
Identify the requirements for IDM
Configure Cisco Catalyst switches to capture network traffic
for intrusion detection analysis
Identify the Cisco IDS Sensor platforms and describe their
features
Describe the features of the various IDS Sensor appliance
models
Install and configure a Cisco
IDS Sensor including a network appliance and IDS module
Identify the interfaces and ports on the various
Sensors
Distinguish between the functions of the various Catalyst
IDS Module ports
Initialize a Catalyst IDS Module
Verify the Catalyst 6500 switch and Catalyst IDSM configurations
Install the Sensor software image
Install the Sensor appliance on the network
Obtain management access on the Sensor
Initialize the Sensor
Describe the various command line modes
Navigate the CLI
Apply configuration changes made via the CLI
Create user accounts via the CLI
Configure Sensor communication properties
Configure Sensor logging properties
Perform a configuration backup via the CLI
Setting up Sensors and Sensor Groups
Sensor Communications Sensor Logging
Tune
and customize Cisco IDS signatures to work optimally in
specific environments
Configure the Sensor's sensing parameters
Configure a signature's enable status, severity level,
and action
Create signature filters to exclude or include a specific
signature or list of signatures
Tune a signature to perform optimally based on a network's
characteristics
Create a custom signature given an attack scenario
Configure a Cisco IDS Sensor to perform device
management of supported blocking devices
Describe the device management capability of the Sensor
and how it is used to perform blocking with a Cisco device
Design a Cisco IDS solution using the blocking feature,
including the ACL placement considerations, when deciding
where to apply Sensor-generated ACLs
Configure a Sensor to perform blocking with a Cisco IDS
device
Configure a Sensor to perform blocking through a Master
Blocking Sensor
Describe the Cisco IDS
signatures and determine the immediate threat posed to
the network
Explain the Cisco IDS signature features
Select the Cisco IDS signature engine to create a custom
signature
Explain the global Cisco IDS signature parameters
Explain the engine-specific signature parameters
Perform maintenance operations such as signature
updates, software upgrades, data archival and license
updates
Identify the correct IDS software update files for a
Sensor and an IDSM
Install IDS signature updates and service packs
Upgrade a Sensor and an IDSM to an IDS major release
version
Describe the Cisco IDS architecture including
supporting services and configuration files
Explain the Cisco IDS directory structure
Explain the communication infrastructure of the Cisco
IDS
Locate and identify the Cisco IDS log and error files
List the Cisco IDS services and their associated configuration
files
Describe the Cisco IDS configuration files and their
function
Monitor a Cisco IDS protection solution for
small and medium networks
Explain the features and benefits of IEV
Identify the requirements for IEV
Install the IEV software and configure it to monitor
IDS devices
Create custom IEV views and filters
Navigate IEV to view alarm details
Perform IEV database administration functions
Configure IEV application settings and preferences
Manage a large scale deployment of Cisco IDS
Sensors with Cisco IDS Management software
Define features and key concepts of the IDS MC
Install the IDS MC
Generate, approve, and deploy sensor configuration files
Administer the IDS MC Server
Use the IDS MC to set up Sensors
Use the IDS MC to configure Sensor communication properties
Use the IDS MC to configure Sensor logging properties
Monitor a large scale deployment of Cisco IDS
Sensors with Cisco IDS Monitoring software
Define features and key concepts of the Security Monitor
Install and verify the Security Monitor functionality
Monitor IDS devices with the Security Monitor
Administer Security Monitor event rules
Create alarm exceptions to reduce alarms and possible
false positives
Use the reporting features of the Security Monitor
Administer the Security Monitor server
|
| |
| |
|
|
|
|
Login |
|
