I am not sure I understand your first question but there is inline blocking and out of band blocking using a second blocking device such as the ASA or IOS router. Out of band blocking is only necessary when running in promiscuous mode.
He may not have accounted for the service role as this should only be used for rare occasions with for TAC troubleshooting. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of kamran shakil Sent: Tuesday, December 28, 2010 9:46 AM To: [email protected] Subject: [OSL | CCIE_Security] "IPS Concerns " IPS 3 Questions: ================ OEQ:- ====== In IPS configurations, when exactly we need to configure BLOCKING ourselves and when it is doing BLOCKING on its own ? Is it the difference what is called to be between Inline IPS or Promiscious mode IPS ? OEQ:- ====== In one of the OEQ qustions from Yousef flashcards, it was written IPS sensor has can assign 3 user roles , well i used the IME 7, and i saw 4 user roles ( admin + viewer + operator + service ) In Yousef flash cards, the service user was not accounted for ! ? Experts i need your advice! 3rd question (lab day question) ====================== For IPS are we getting default IDM, as we can use IME and it is avaialble on the PC we get the console from for all devices with shortcuts ????
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
