Cisco Security Intrusion Detection Systems Exam (CSIDS 642-531)
  | | Exam Number: | | 642-531 | | Associated Certifications: | CCSP, Cisco IDS Specialist | | Duration: | 75 minutes (55-65 questions) | | Available Languages: | English | | Click Here to Register: | Pearson VUE or Prometric |
|
| Exam Description | | Exam Topics | | Recommended Training | | Additional Resources |
 | Exam Description | |
| The Cisco Security Intrusion Detection Systems exam tests the knowledge and skills needed to design, install, and configure a Cisco Intrusion Protection solution for small, medium, and enterprise networks. |
| Exam Topics | |
| The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. Describe and explain the various intrusion detection technologies and evasive techniques  | Define intrusion detection |
| Explain the difference between true and false, and positive and negative alarms |
| Describe the relationship between vulnerabilities and exploits |
| Explain the difference between HIP and NIDS |
| Describe the various techniques used to evade intrusion detection |
Design a Cisco IDS protection solution for small, medium, and enterprise customers | List the network devices involved in capturing traffic for intrusion detection analysis |
| Describe the traffic flows for each of the network devices |
| Explain the features and benefits of IDM |
| Identify the requirements for IDM |
| Configure Cisco Catalyst switches to capture network traffic for intrusion detection analysis |
Identify the Cisco IDS Sensor platforms and describe their features | Describe the features of the various IDS Sensor appliance models |
Install and configure a Cisco IDS Sensor including a network appliance and IDS module Identify the interfaces and ports on the various Sensors | Distinguish between the functions of the various Catalyst IDS Module ports |
| Initialize a Catalyst IDS Module |
| Verify the Catalyst 6500 switch and Catalyst IDSM configurations |
| Install the Sensor software image |
| Install the Sensor appliance on the network |
| Obtain management access on the Sensor |
| Initialize the Sensor |
| Describe the various command line modes |
| Navigate the CLI |
| Apply configuration changes made via the CLI |
| Create user accounts via the CLI |
| Configure Sensor communication properties |
| Configure Sensor logging properties |
| Perform a configuration backup via the CLI |
| Setting up Sensors and Sensor Groups |
| Sensor Communications Sensor Logging |
Tune and customize Cisco IDS signatures to work optimally in specific environments | Configure the Sensor's sensing parameters |
| Configure a signature's enable status, severity level, and action |
| Create signature filters to exclude or include a specific signature or list of signatures |
| Tune a signature to perform optimally based on a network's characteristics |
| Create a custom signature given an attack scenario |
Configure a Cisco IDS Sensor to perform device management of supported blocking devices | Describe the device management capability of the Sensor and how it is used to perform blocking with a Cisco device |
| Design a Cisco IDS solution using the blocking feature, including the ACL placement considerations, when deciding where to apply Sensor-generated ACLs |
| Configure a Sensor to perform blocking with a Cisco IDS device |
| Configure a Sensor to perform blocking through a Master Blocking Sensor |
Describe the Cisco IDS signatures and determine the immediate threat posed to the network | Explain the Cisco IDS signature features |
| Select the Cisco IDS signature engine to create a custom signature |
| Explain the global Cisco IDS signature parameters |
| Explain the engine-specific signature parameters |
Perform maintenance operations such as signature updates, software upgrades, data archival and license updates | Identify the correct IDS software update files for a Sensor and an IDSM |
| Install IDS signature updates and service packs |
| Upgrade a Sensor and an IDSM to an IDS major release version |
Describe the Cisco IDS architecture including supporting services and configuration files | Explain the Cisco IDS directory structure |
| Explain the communication infrastructure of the Cisco IDS |
| Locate and identify the Cisco IDS log and error files |
| List the Cisco IDS services and their associated configuration files |
| Describe the Cisco IDS configuration files and their function |
Monitor a Cisco IDS protection solution for small and medium networks | Explain the features and benefits of IEV |
| Identify the requirements for IEV |
| Install the IEV software and configure it to monitor IDS devices |
| Create custom IEV views and filters |
| Navigate IEV to view alarm details |
| Perform IEV database administration functions |
| Configure IEV application settings and preferences |
Manage a large scale deployment of Cisco IDS Sensors with Cisco IDS Management software | Define features and key concepts of the IDS MC |
| Install the IDS MC |
| Generate, approve, and deploy sensor configuration files |
| Administer the IDS MC Server |
| Use the IDS MC to set up Sensors |
| Use the IDS MC to configure Sensor communication properties |
| Use the IDS MC to configure Sensor logging properties |
Monitor a large scale deployment of Cisco IDS Sensors with Cisco IDS Monitoring software | Define features and key concepts of the Security Monitor |
| Install and verify the Security Monitor functionality |
| Monitor IDS devices with the Security Monitor |
| Administer Security Monitor event rules |
| Create alarm exceptions to reduce alarms and possible false positives |
| Use the reporting features of the Security Monitor |
| Administer the Security Monitor server |
|
| Recommended Training | |
| Cisco Secure Intrusion Detection System ( CSIDS v4.0 ) is the recommended training for this exam. Courses listed are offered by Cisco Learning Partners—the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you. |
| Additional Resources | |
| A variety of Cisco Press Self Study titles may be available for this exam and may be purchased through the Cisco Bookstore in the Cisco Marketplace , directly through Cisco Press, or wherever you purchase technical books. |
|
当前位置:
