The Cisco SecurITy Intrusion Detection Systems exam tests the knowledge and skills needed to design, install, and configure a Cisco Intrusion Protection solution for small, medium, and enterprise networks.

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam.

Define intrusion detection

Explain the difference between true and false, and posITive and negative alarms

Describe the relationship between vulnerabilities and exploITs

Explain the difference between HIP and NIDS

Describe the various techniques used to evade intrusion detection

List the network devices involved in capturing traffic for intrusion detection analysis

Describe the traffic flows for each of the network devices

Explain the features and benefITs of IDM

Identify the requirements for IDM

Configure Cisco Catalyst swITches to capture network traffic for intrusion detection analysis

Describe the features of the various IDS Sensor appliance models

Distinguish between the functions of the various Catalyst IDS Module ports

InITialize a Catalyst IDS Module

Verify the Catalyst 6500 swITch and Catalyst IDSM configurations

Install the Sensor software image

Install the Sensor appliance on the network

Obtain management access on the Sensor

InITialize the Sensor

Describe the various command line modes

Navigate the CLI

Apply configuration changes made via the CLI

Create user accounts via the CLI

Configure Sensor communication properties

Configure Sensor logging properties

Perform a configuration backup via the CLI

Setting up Sensors and Sensor Groups

Sensor Communications Sensor Logging

Configure the Sensor's sensing parameters

Configure a signature's enable status, severITy level, and action

Create signature filters to exclude or include a specific signature or list of signatures

Tune a signature to perform optimally based on a network's characteristics

Create a custom signature given an attack scenario

Describe the device management capability of the Sensor and how it is used to perform blocking wITh a Cisco device

Design a Cisco IDS solution using the blocking feature, including the ACL placement considerations, when deciding where to apply Sensor-generated ACLs

Configure a Sensor to perform blocking wITh a Cisco IDS device

Configure a Sensor to perform blocking through a Master Blocking Sensor

Explain the Cisco IDS signature features

Select the Cisco IDS signature engine to create a custom signature

Explain the global Cisco IDS signature parameters

Explain the engine-specific signature parameters

Identify the correct IDS software update files for a Sensor and an IDSM

Install IDS signature updates and service packs

Upgrade a Sensor and an IDSM to an IDS major release version

Explain the Cisco IDS directory structure

Explain the communication infrastructure of the Cisco IDS

Locate and identify the Cisco IDS log and error files

List the Cisco IDS services and their associated configuration files

Describe the Cisco IDS configuration files and their function

Explain the features and benefITs of IEV

Identify the requirements for IEV

Install the IEV software and configure it to monITor IDS devices

Create custom IEV views and filters

Navigate IEV to view alarm details

Perform IEV database administration functions

Configure IEV application settings and preferences

Define features and key concepts of the IDS MC

Install the IDS MC

Generate, approve, and deploy sensor configuration files

Administer the IDS MC Server

Use the IDS MC to set up Sensors

Use the IDS MC to configure Sensor communication properties

Use the IDS MC to configure Sensor logging properties

Define features and key concepts of the Security MonITor

Install and verify the Security Monitor functionalITy

Monitor IDS devices with the Security MonITor

Administer Security MonITor event rules

Create alarm exceptions to reduce alarms and possible false posITives

Use the reporting features of the Security MonITor

Administer the Security MonITor server

Cisco Secure Intrusion Detection System ( CSIDS v4.0 ) is the recommended training for this exam.

Courses listed are offered by Cisco Learning Partners—the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner nearest you.

A variety of Cisco Press Self Study tITles may be available for this exam and may be purchased through the Cisco Bookstore in the Cisco Marketplace , directly through Cisco Press, or wherever you purchase technical books.