Security Device Manager SDM
Here you will find answers to Security Device Manager SDM Questions
Question 1
For the following options, which one accurately matches the CU command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. setup exec command and the SDM Security Audit wizard
B. auto secure exec command and the SDM One-Step Lockdown wizard
C. aaa configuration commands and the SDM Basic Firewall wizard
D. Cisco Common Classification Policy Language configuration commands and the SDM Site-to-Site VPN wizard
Answer: B
Question 2
Which three statements are valid SDM configuration wizards? (Choose three)
A. Security Audit
B. VPN
C. STP
D. NAT
Answer: A B D
Question 3
Which two protocols enable Cisco SDM to pull IPS alerts from a Cisco ISR router? (Choose two)
A:FTP
B:HTTPS
C.TFTP
D.SSH
E.Syslog
F.SDEE
Answer: B F
Question 4
When using the Cisco SDM Quick Setup Site-to-Site VPN wizard, which three parameters do you configure? (Choose three)
A. Interface for the VPN connection
B. IP address for the remote peer
C. Transform set for the IPsec tunnel
D. Source interface where encrypted traffic originates
Answer: A B D
Explanation
The image below shows parameters when using Cisco SDM Quick Setup Site-to-Site VPN wizard
Question 5
If you click the Configure button along the top of Cisco SDM’s graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog?
A. Additional Tasks
B. Security Audit
C. Intrusion Prevention
D. Interfaces and Connections
Answer: A
Question 6
Cisco SDM (Security Device Manager) is a Web-based device management tool for Cisco routers that can simplify router deployments and reduce ownership costs. Select two protocols from the following to enable Cisco SDM to pull IPS alerts from a Cisco ISR router. (Choose two)
A. TFTP
B. SDEE
C. SSH
D. HTTPS
Answer: B D
Explanation
We must also enable HTTP or HTTPS on the router when we enable SDEE. The use of HTTPS ensures that data is secured as it traverses the network.
Question 7
Refer to the exhibit. You are the network security administrator responsible for router security. Your network uses internal IP addressing according to RFC 1918 specifications. From the default rules shown, which access control list would prevent IP address spoofing of these internal networks?
A. SDM_Default_196
B. SDM_Default_197
C. SDM_Default_198
D. SDM_Default_199
Answer: C
Explanation
Click on each access-list, in the SDM_DEFAULT_198 you will see something like this
To mitigate IP address spoofing, do not allow any IP packets containing the source address of any internal hosts or networks inbound to our private network. The SDM_DEFAULT_198 denies all packets containing the following IP addresses in their source field:
+ Current network 0.0.0.0/8 (only valid as source address)
+ Any local host addresses (127.0.0.0/8)
+ Any reserved private addresses (RFC 1918, Address Allocation for Private Internets)
+ Any addresses in the IP multicast address range (224.0.0.0/4)
Note: 0.0.0.0/8: addresses in this block refer to source hosts on “this” network.
For your information, we will apply this access list to the external interface of the router.
Question 8
Refer to the exhibit. Based on the VPN connection shown, which statement is true?
A. Traffic that matches access list 103 will be protected.
B. This VPN configuration will not work because the tunnel IP and peer IP are the same.
C. The tunnel is down as result of being a static rule. It should be configured as a Dynamic IPsec policy.
D. The tunnel is down because the transform set needs to Include the Authentication Header parameter.
Answer: A
hi securitytut
I think there’s small typo in question 3 – regarding IPS alerts
shouldn’t be answer E,F ???
Cisco Press – Implementing Cisco IOS Network Security (IINS) (Self-Study) page 481.
cheers
This question is a bit unclear. Maybe the author of this question wants to say “Which two protocols are used together to enable Cisco SDM to pull IPS alerts from a Cisco ISR router? “. When using SDM, when trying to pull IPS alerts you will see a message “FOR IPS TO PULL ALERTS FROM ROUTER, HTTPS SERVICE HAS TO BE ENABLED ON ROUTER”.
There are some reports from candidates. They chose “HTTPS” and get 1000 so it is the correct answer.
Anyone clear on the HTTPS or SYSLOG IPS question? I have checked a few sites and there is much debate, how can we be 100% sure?
If you check the Router IPS commands this is what you get…
Router(config)#ip ips notify ?
SDEE Send events to SDEE
log Send events as syslog messages
These are the only 2 options….
The question reads :
Select two protocols from the following to enable Cisco SDM to pull IPS alerts from a Cisco ISR router. (Choose two)
Syslog is a protocol…….there for it has to be syslog & SDEE
To pull out alerts you need SDEE or syslog, to use the same feature on SDM you also need HTTPS, and since no SSH option exists on question 6, HTTP and SDEE is the correct answer.
Hi, ju is (almost) correct. Checked it just to be sure, here’s the theory:
SDEE is an open standard: it allows for an evironment with mixed-vendor IDS and IPS sensors to have one network management alert interface (one device to send their alarms to). The alarms are formatted using XML and encrypted using HTTPS (SSL) before being delivered. SDEE uses a pull mechanism: a management station opens up a connection to the sensor and pulls the alarms through a subscription or query process.
SDEE uses HTTPS (SSL) to send XML-formatted messages.
On Cisco routers, syslogging of alarms is enabled by default; SDEE is preferred. SNMP is also supported.
SDM2.5 release note shows Syslog is only used for Easy VPN solutions
SSH is used for secure telnet sessions. SDM does simply not use this to grab the logging as far as I could find.
As both questions state the same question, they should have the same answer:
Q: How does SDM pull IPS alers from an ISR?
A: SDEE uses HTTPS (SSL) to send alarms between a sensor and a management station
However, if securitytut tells you Cisco judges it in another way, àllways trust security (or better yet, give the real correct answer and nag afterwards, they should reevaluate the question and update accordingly)
Sources:
- 640-553 by Richard Deal (more extensive than official guide)
- Several Cisco SDM release notes
- Symantec.com (SDEE history)
so then what do ytou select when u have https, ssl and sdee as the options since ive seen the question here included https and ssl as well as sdee??
nopez, SSL is not mentioned here. However, HTTPS = http over SSL. Hence, SSL would be the ‘more correct’ answer
hi all
can clear any doubts regarding question 3.
The answers which should be selected are:
B:HTTPS
F.SDEE
Had this quest. on the egzam today and got 1000 points.
Yes, the correct answers should be HTTPS (not SSH) and SDEE. It is my mistake when selecting SSH. Really sorry guys! I updated that answer.
I just passed the test with a score of 1000/1000 an hour ago.
i had also the question 3 was my test. My answers were “SDEE & HTTPS”.
My score shows that correct answers to this question are “SDEE & HTTPS”.
Please can any one / securitytut explaine why the Question 8 answre is “A”
Thanks
Dindin
tk’s Tut my score 988 yesterday. all of them 100%. unless the access list, I am confused where the location of fault
guys, did you have any labs in the exam??? I have the test this friday.
In the final exam of CCNA Security of NetAcad, I had this question (very similar to nº 3):
Which two protocols allow SDM to gather IPS alerts from a Cisco ISR router? (Choose two.)
FTP
HTTPS
X SDEE
SSH
X Syslog
TFTP
I obtained a 100/100. I guess they have changed their mind now… or maybe two answers are correct
I’ve taken the exam today scoring a 1000. Question 3 is OK (SDEE+HTTPS), does not score or both answers are OK.
I also had my exam today 1000/1000. Correct answer based on the intent mentioned in the question (the Q refers to something like “which two protocols you need to enable in order to allow SDM to pull IPS alerts from ISR Router”) is SDEE & HTTPS.
I think that with syslog you are not “pulling” the events you just get them on yor syslog server! SDEE uses a pull mechanism. With a pull mechanism, requests come from the network management application, and the IDS or IPS router responds. SDEE becomes the standard format for all vendors to communicate events to a network management application. And for SDEE to work you also need http or https to be enabled!
I am also not getting why the answer to question 8 is A? Please help!
Toms, under the IPsec rule is the number 103, this means that a crypto ACL (103) is being used to protect/secure traffic, traffic not named by this ACL will be sent in clear text. hope this helps you =]
Here is my logic regarding question #3…
When using SDEE, messages are PULLED from the network devices. When using Syslog, messages are PUSHED from the network device to the syslog server. And, whenever using SDEE, you must configure either HTTP or HTTPS. Since SDEE is the only thing that will pull alerts, that makes it the obvious choice. Then, you must select HTTP or HTTPS (whichever is listed).
I realize it has been a while since anyone has posted to this string, but just thought i would put in my opinion. I could be wrong.
……Over the years Ive gotten pretty savvy on Cisco PIX firewall configuration especially in the area of IPsec VPNs. Ive also had to decipher the horrible online Cisco documentation for configuring site-to-site and demand-dial VPNs of various flavors especially for cases where there is a desire for a single PIX to support multiple scenarios for multiple client platforms and capabilities. This configuration only allows demand-dial clients to communicate with all hosts on the headquarters internal network but a few access-list changes would allow communication with branch-office internal hosts as well..To make the configuration easier to read all non-cisco commands are CAPITOLIZED and in blue these are the things you would replace with your own desired naming convention IP address mask or password.
I am having problem to launch sdm from Cisco 1710 router I bought recently. I installed the SDM both on the router and my PC but I am getting the following message. Hellp please.
Unable to launch SDM due to one or more of the following reasons:
(1) The IP address or hostname you provided is not a valid router address or is not reachable.
(2)HTTP/HTTPS is disabled on the router
SDM requires HTTP or HTTPS to be enabled on the router. If you are running HTTP or HTTPS on a custom port, specify the port number along with the device IP address or hostname (e.g. 10.10.10.1:).
Hi Gabac, for sdm to run you will need to have a lower version of Java running on your PC, you also have to check if your router’s IOS is compatible with SDM. If it is not the you will need to get that and update via tftp server which you can get free on line, you also have to make sure that your pc can reach (ping) your router, they should be on the same subnet. Also make sure that your interfaces are showing as up. After initial config via serial port, connection between pc and router should be made over ethernet interace.
Hi, I’ve my exam on 19th august 2011. Is P4S 4.38 still valid? Questions shown here are still valid? Has anyone given exam recently?
Does anybody have a good tutorial how to run SDM on PC or GNS. I found 2
http://east82.com/howto/sdm/sdm.htm
this one didn’t work for me because of the configuration files I have to download. The tut shows to download them from here
http://www.cisco.com/cisco/software/navigator.html?ftpfile=pub/web/sdm/tool/SDM_demo_tool.zip&swtype=FCS
there are not there or I am doing some mistake. (if somebody tried it, or know where to download the config files, will be helpful)
The other one I used works partially. I am not able to open additional task, as well as security audit on SDM.
Please help. Thanks a lot!
took my CCNA SEC today got a 944. read the book and looked through this site the day of!.
thanks!!!!!!!!!!!
for Latest Dumps of all exams contact me:
if.then.but@gmail.com
Guyz yu rock, i’ll be sitting 4 my exam in two weeks time.Can i please have the latest dumps.
In questions 3 and 6 the key is PULL. Only SDEE use a pull mechanism (the station manager send a request to IDS or IPS), then HTTPS and SDEE are right.
The question from nonamed report “alerts” not “pull”, here right are SDEE end syslog.
Hi.