passguide cisco 642-533 practice test questions
Cisco 642-533
Implementing Cisco Intrusion Prevention System (IPS)
Q&A V3.20
www.PassGuide.com
(C) Copyright 2006-2009 CertBible Tech LTD,All Rights Reserved.
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 120 days after the purchase. You should check your member zone at PassGuide an update 3-4 days before the scheduled exam date.
Feedback
If you spot a possible improvement then please let us know. We always interested in improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.
Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————
Copyright
Each pdf file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular pdf file is being distributed by you, CertBible reserves the right to take legal action against you according to the International Copyright Laws.
1. Which two of the following statments are correct regarding the virtual sensors configuration on the IPS sensor?(choose 2)
A. vs1 uses inline interface-pairs
B. vs1 operates inline between vlan 102 and vlan 201
C. vs1 uses the ad1 anomaly detection instance
D. vs0 uses inline mode
Answer: BC
2. Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three.)
A. Disable all interfaces except the inline pair.
B. Add the inline pair to the default virtual sensor
C. Enable two interfaces for the pair
D. Create the interface pair
Answer: BCD
3. A single scanner needs to scan how many hosts belonging to the internal zone on TCP port 8081 before the anomaly detection configuration for vs1 will free an alert?
A. 3 or more hosts
B. 6 or more hosts
C. 9 or more hosts
D. 150 or more hosts
Answer: D
4. Your Cisco router is hosting an NM-CIDS. The router configuration contains an inbound ACL. Which action does the router take when it receives a packet that should be dropped, according to the inbound ACL?
A. The router forwards the packet to the NM-CIDS for inspection, then drops the packet
B. The router drops the packet and does not forward it to the NM-CIDS for inspection.
C. The router filters the packet through the inbound ACL, tags it for drop action, and forwards the packet to the NM-CIDS. Then the router drops it if it triggers any signature, even a signature with no action configured.
D. The router filters the packet through the inbound ACL, forwards the packet to the NM-CIDS for inspection only if it is an ICMP packet, and then drops the packet.
Answer: B
5. Refering to the configuration for vs1. the 172.26.26.51 host OS fingerprinting is manually
configured as which operating system type?
A. LINUX
B. AIX
C. SOLARIS
D. WINDOWS
Answer: D
6. Which action is available only to signatures supported by the Normalizer engine
A. Produce Verbose Alert
B. Modify Packet Inline
C. Deny Packet Inline
D. Log Pair Packets
Answer: B
7. which three of the following statements are correct regarding the IPS Sensor/CSAMC communications configurations?
A. the username used to login to the CSAMC is “testing”
B. TCP port 80 is used to communicate with the CSAMC
C. Watch list information is allowed to be passed from the CSAMC to the IPS sensor
D. the 172.26.26.51 managment station is the CSAMC
Answer: ACD
8. Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.)
A. on publicly accessible servers
B. on critical network servers
C. at network entry points
D. on critical network segments
Answer: CD
9. What is the max number of open IP log files the Sensor will permit?
A. 1
B. 5
C. 15
D. 20
Answer: D
10. Which command displays the statistics for Fast Ethernet interface 0/1?
A. show interfaces FastEthernet0/1
B. show interface int1
C. show statistics FastEthernet0/1
D. show statistics virtual-sensor
Answer: A
11. Which three are paramter settings of signature 1204 for the default signature definiation?
A. Severity=Medium
B. Severity=Informational
C. Fidelity Rating=100
D. Deny Packet Inline
Answer: BCD
12. What is a configurable weight that is associated with the perceived importance of a network asset?
A. Risk Rating
B. parameter value
C. Target Value Rating
D. severity level
Answer: C
13. You are in charge of Securing Networks with Cisco Routers and Switches for PassGuide.com You suspect users on your company network are disguising the use of file-sharing applications by tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?
A. Disable all signatures in the Service HTTP engine.
B. Assign the Deny Packet Inline action to all signatures.
C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.
D. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature.
Answer: D
14. You are using multiple monitoring interfaces on a sensor appliance running software version 5.0. Which statement is true?
A. You can have the simultaneous protection of multiple network subnets, which is like having multiple sensors in a single appliance.
B. You can use different sensing configurations for each monitoring interface.
C. You can enable an interface only if the interface belongs to an interface group.
D. Multiple monitoring interfaces can be assigned to Group 0 at any given time.
Answer: A
15. Which two protocols can be used for automatic signature and service pack updates? (Choose two.)
A. SCP
B. SSH
C. FTP
D. HTTP
Answer: AC
16. _______ must precede a variable to indicate that you are using a variable rather than a string.
A. percent sign
B. dollar sign
C. ampersand
D. pound sign
Answer: B
17. Which statement is true about viewing sensor events?
A. You can view events from the CLI, but you cannot filter them.
B. You can use the Events panel in the Cisco IDM to filter and view events.
C. In the Cisco IDM, you can filter events based on type or time but not both.
D. The Cisco IDM does not limit the number of events that you can view at one time.
Answer: B
18. Which statement is correct for Cisco IPS Sensor automatic signature and service pack updates.
A. The Cisco IPS Sensor can automatically download service pack and signature updates from Cisco website
B. The Cisco IPS Sensor can download signature and service pack updates only from an FTP server.
C. You must download service pack and signature updates from Cisco website to a locally accessible server before they can be automatically applied to your Cisco IPS Sensor.
D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco website for updates hourly.
Answer: C
19. How would you copy packets that have been captured from the data interfaces to a location off the Cisco IDS or IPS sensor?
A. Use the copy command with the packet-file keyword
B. Use the copy command with the capture keyword.
C. Press Ctrl-C when the capture is complete and paste the capture to your local host.
D. Use the packet display command
Answer: A
20. By manipulating the TTL on a TCP packet, an attacker could desynchronize inspection. Signature 1308 (TTL evasion) fires when the TTL for any packet in a TCP session is higher than the lowest-observed TTL for that session. Signature 1308 rewrites all TTLs to the lowest-observed TTL, and produces an alert. You would like to have the signature continue to modify packets inline but avoid generating alerts.
How could this be done?
A. This cannot be done; an alert is always generated when a signature fires
B. Remove the Produce Alert action from the signature.
C. Create an Event Variable.
D. Create an Event Action Override that is based on the Produce Alert action.
Answer: B
Recent Comments