Related Certifications: CCSP

Number of Questions: 65-75

Duration: 75 minutes

Exam Topics Include:

1. Describe and deploy the CSA and CSA Management Console (MC) products

2. Use CSA MC to configure groups, manage hosts, and build policies

3. Use CSA Management Console to configure rules

4. Define application classes and work with variables

5. Use CSA Analysis and define and generate reports and alerts

The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the optional exams associated with the Cisco Certified Security Professional certification. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.

Let TestKing help you to become CCSP certified. The TestKing 642-513 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam, the first time. We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations provided by our certified industry experts, ensuring that you fully understand the questions and the concept behind the questions.
QUESTION NO: 1
Which Agent kit should be installed on the CSA MC?
A. the default Windows Agent kit
B. the default UNIX Agent kit
C. the default CSA Agent kit
D. the Agent kit that is automatically installed
Answer: D
QUESTION NO: 2
What is the purpose of the Compare tool?
A. to save data that has been configured
B. to compare individual rules
C. to compare individual rule modules
D. to compare and merge configurations
Answer: D
QUESTION NO: 3
Which operating system does not allow Query User options?
A. OS2
B. Windows
C. Linux
D. Solaris
E. HPUX
Answer: D
QUESTION NO: 4
Which view within the CSA MC allows users to see a view of event records based on
filtering criteria such as time and severity?
A. Event Summary
B. Event Log
C. Event Monitor
D. Event Sets
E. Event Alerts
Answer: B
QUESTION NO: 5
Which three operating systems are supported for deployment of CSA? (Choose
three.)
A. OS2
B. HPUX
C. Linux
D. Solaris
E. AIX
F. Windows
Answer: C, D, F
QUESTION NO: 6
Which two items make up Agent kits? (Choose two.)
A. groups
B. hosts
C. policies
D. rules
E. network shim
Answer: A, E
QUESTION NO: 7
For which layers of the OSI reference model does CSA enforce security?
A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7
Answer: D
QUESTION NO: 8
What is a benefit of putting hosts into groups?
A. There is no need to configure rules
B. There is no need to configure rule modules
C. The administrator can deploy rules in test mode
D. The administrator does not have to deploy rules in test mode
Answer: C
QUESTION NO: 9
What is the purpose of network access control rules?
A. to control access to network services
B. to control access to network addresses
C. to control access to both network services and network addresses
D. to control access to networks
Answer: C
QUESTION NO: 10
What action must happen before a system that has CSA can download policies
configured for it?
A. The system must be rebooted
B. The system must install Agent kits
C. The system must be polled by the CSA MC
D. The system must register with the CSA MC
Answer: D
QUESTION NO: 11
Which action do you take when you are ready to deploy your CSA configuration to
systems?
A. select
B. clone
C. deploy
D. generate rules
Answer: D

Testking cisco Interactive Testing Engine Included!
69 Questions
Updated : 03/14/2008
Price : $87.99 $79.99

Free Down:Testking Cisco CCSP 642-513
Pass4sure ccsp 642-513 V2.93

password:www.certbible.net

Exam Number/Code: 642-513
Exam Name: Securing Hosts Using Cisco Security Agent Exam (HIPS)
VUE Code: 642-513
Questions Type: Single choice, Multiple choice, Simulate,
Question Numbers of Real-exam: 65-75 questions

“Securing Hosts Using Cisco Security Agent Exam (HIPS)”, also known as 642-513 exam, is a Cisco certification.
Preparing for the 642-513 exam? Searching 642-513 Test Questions, 642-513 Practice Exam, 642-513 Dumps?
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v2.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.
QUESTION: 1
Which of these is a reason for using groups to administer Agents?

A. to link similar devices together
B. to complete configuration changes on groups instead of hosts
C. to complete the same configuration on like items
D. to apply the same policy to hosts with similar security requirements

Answer: D

QUESTION: 2
Which three items make up rules? (Choose three.)

A. variables
B. applications
C. application classes
D. rule modules
E. policies
F. actions
Answer: A, C, F

QUESTION: 3
Which action do you take when you are ready to deploy your CSA configuration to
systems?

A. select
B. clone
C. deploy
D. generate rules

Answer: D

QUESTION: 4
Which one of the five phases of an attack attempts to become resident on a target?

A. probe phase
B. penetrate phase
C. persist phase
D. propagate phase
E. paralyze phase

Answer: C

QUESTION: 5
What is the purpose of the Audit Trail function?

A. to generate a report listing events matching certain criteria, sorted by event
severity
B. to generate a report listing events matching certain criteria, sorted by group
C. to generate a report showing detailed information for selected groups
D. to display a detailed history of configuration changes

Answer: D

QUESTION: 6
In which type of rules are network address sets used?

A. COM component access control rules
B. connection rate limit rules
C. network access control rules
D. file control rules
E. file access control rules

Answer: C

QUESTION: 7
Which three of these does the buffer overflow rule detect on a UNIX operating
system, based on the type of memory space involved? (Choose three.)

A. location space
B. stack space
C. slot space
D. data space
E. heap space
F. file space

Answer: B, D, E

QUESTION: 8
When should you use preconfigured application classes for application deployment
investigation?

A. never
B. always
C. only for specific applications
D. only when applications require detailed analysis

Answer: A

Which systems with specific operating systems are automatically placed into
mandatory groups containing rules for that operating system? (Choose three.)

A. OS2
B. HPUX
C. Solaris
D. Mac OS
E. Linux
F. Windows

Answer: C, E, F

QUESTION: 11
What is the purpose of network access control rules?

A. to control access to network services
B. to control access to network addresses
C. to control access to both network services and network addresses
D. to control access to networks

Answer: C

QUESTION: 12
What is the purpose of the Compare tool?

A. to save data that has been configured
B. to compare individual rules
C. to compare individual rule modules
D. to compare and merge configurations

Answer: D

QUESTION: 13
If a Solaris or Windows system is not rebooted after CSA installation, which three
rules are only enforced when new files are opened, new processes are invoked, or
new socket connections are made? (Choose three.)

A. COM component access rules
B. network shield rules
C. buffer overflow rules
D. network access control rules
E. file access control rules
F. demand memory access rules

Answer: C, D, E

QUESTION: 14
For which operating system is the network shield rule available?

A. OS2
B. Windows
C. Linux
D. Solaris

Answer: D

QUESTION: 15
What is the maximum number of characters that a policy name can contain?

A. 24
B. 32
C. 48
D. 64

Answer: D

QUESTION: 16
What information is logged for registry access control?

A. port and direction
B. registry key
C. registry access events
D. PROGID/CLSID

Answer: B

QUESTION: 17
Which protocol should never be disabled on the CSA MC?

A. SSH
B. Telnet
C. IPSec
D. SSL

Answer: D

QUESTION: 18
Which information is logged for file access control?

A. port and direction
B. registry key
C. process path
D. PROGID/CLSID

Answer: C

QUESTION: 19
Which action must be taken before a host can enforce rules when it has been moved
to a new group?

A. save
B. generate rules
C. deploy
D. clone

Answer: B

QUESTION: 20
What is a benefit of putting hosts into groups?

A. There is no need to configure rules.
B. There is no need to configure rule modules.
C. The administrator can deploy rules in test mode.
D. The administrator does not have to deploy rules in test mode.

Answer: C

With the complete collection of questions and answers, Pass4sure has assembled to take you through 69 Q&As to your 642-513 Exam preparation. In the 642-513 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 69 Q&As
Updated: March 27th , 2008
Market Price: $129.99
Member Price: $89.99

Free Down:Pass4sure Cisco CCSP 642-513 v2.93

Testking 642-513

password:www.certbible.net

* Secure your endpoint systems with host IPS
* Build and manipulate policies for the systems you wish to protect
* Learn how to use groups and hosts in the Cisco Security Agent architecture and how the components are related
* Install local agent components on various operating systems
* Explore the event database on the management system to view and filter information
* Examine Cisco Security Agent reporting mechanisms for monitoring system activity
* Apply Application Deployment Investigation to report on installed applications, hotfixes, and service packs
* Collect detailed information on processes and see how they use and are used by system resources
* Create and tune policies to control your environment without impacting usability
* Learn how to maintain the Cisco Security Agent architecture, including administrative access roles and backups

Cisco Security Agent presents a detailed explanation of Cisco Security Agent, illustrating the use of host Intrusion Prevention Systems (IPS) in modern self-defending network protection schemes. At the endpoint, the deployment of a host IPS provides protection against both worms and viruses. Rather than focusing exclusively on reconnaissance phases of network attacks a host IPS approaches the problem from the other direction, preventing malicious activity on the host by focusing on behavior. By changing the focus to behavior, damaging activity can be detected and blocked–regardless of the attack.

Cisco Security Agent is an innovative product in that it secures the portion of corporate networks that are in the greatest need of protection–the end systems. It also has the ability to prevent a day-zero attack, which is a worm that spreads from system to system, taking advantage of vulnerabilities in networks where either the latest patches have not been installed or for which patches are not yet available. Cisco Security Agent utilizes a unique architecture that correlates behavior occurring on the end systems by monitoring clues such as file and memory access, process behavior, COM object access, and access to shared libraries as well as other important indicators.

Cisco Security Agent is the first book to explore the features and benefits of this powerful host IPS product. Divided into seven parts, the book provides a detailed overview of Cisco Security Agent features and deployment scenarios. Part I covers the importance of endpoint security. Part II examines the basic components of the Cisco Security Agent architecture. Part III addresses agent installation and local use. Part IV discusses the Cisco Security Agent management console’s reporting and monitoring capabilities. Part V covers advanced Cisco Security Agent analysis features. Part VI covers Cisco Security Agent policy, implementation, and management. Part VII presents additional installation and management information.

Whether you are evaluating host IPS in general or looking for a detailed deployment guide for Cisco Security Agent, this book will help you lock down your endpoint systems and prevent future attacks.

“While there are still a lot of ways that security can go wrong, Cisco Security Agent provides a defense even when something is wrong. I remember the email that came around from our system administrator that said, ‘There’s something attacking our web server. We’re not sure what it is, but Stormwatch is blocking it.’ That was the Nimda worm–the first of a long line of attacks stopped by Cisco Security Agent.”

–Ted Doty, Product Manager, Security Technology Group, Cisco Systems®

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

More info:CISCO SECURITY DESKTOP AGENT ( CSA-B25-DTOP-K9 )

Exam Description
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v3.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe and deploy the CSA and CSA MC products

* Explain the concept of network defense in depth
* Describe Cisco Security Agent architecture
* Describe the life cycle of an attack
* Explain how Cisco Security Agent protects against attacks
* Identify the CSA MC and CSA system requirements
* Identify the administration workstation requirements
* Install the CSA MC
* Configure basic settings on the CSA MC
* Install the CSA using a default group

Use CSA MC to configure groups, manage hosts, and build policies

* Describe various components of the menu bar and its function in the CSA MC interface
* Create, save, and delete data on the CSA MC
* Create groups to ease host management and security policy deployment
* Build Agent kits for the newly created groups
* View host status and modify host configuration
* Distribute software updates to hosts
* Discuss components of a policy
* Configure policies and rule modules

Use CSA MC to configure rules

* Describe the basics of rule construction and functionality
* Configure rules common to Windows and UNIX systems
* Configure Windows-Only rules
* Configure UNIX-Only rules
* Describe the individual rules you can add to your policies that allow CSA MC to categorize processes and correlate events across multiple systems
* Describe and configure the system API Control Rule
* Describe and configure the Network Shield Rule
* Describe and configure the Buffer Overflow Control Rule
* Describe and configure the Email Worm Protection Rule module
* Describe and configure the Installation Applications Policy
* Describe and configure Global Event Correlation

Define application classes and work with variables

* Explain the use of application classes in creating security policies
* Discuss the preconfigured application classes included in the CS AMC
* Configure a static application class
* Create a dynamic application class and an application-builder rule
* Discuss how events sets are used to ease administration of security policies
* Configure data, file and network address sets
* Create registry, COM component and network services sets
* Use the COM extraction utility to gather PROGIDs and CLSIDs for the software installed on a system
* Configure Query Settings variables to be used with Query rules

Use CSA Analysis and define and generate reports

* Understand and configure application deployment investigation
* Understand and configure product associations for application deployment investigation
* Configure and run application deployment reports
* Understand and configure application behavior investigation
* Understand and use behavior analysis reports
* Import and use behavior analysis rule modules
* Explain the features of the Event Log and Event Monitor
* Configure filtering of events for logging, reports, and alerts
* Create event-based alerts
* Generate reports on events selected by sorting criteria