642-513 - HIPS - Securing Hosts Using Cisco Security Agent Exam
Go back to
What is the purpose of the Compare tool?
to compare and merge configurations
Which of these is a reason for using groups to administer Agents?
to apply the same policy to hosts with similar security requirements
How can the Agent kit be sent out to host machines?
via a URL that is e-mailed to clients
What application is installed on the server after the CSA MC is installed?
What are the three options that can be given to a user when a Query User window appears? (Choose three.)
Which two of the following file access rule criteria can you use to allow or deny the operations that the selected applications can perform on files? (Choose two.)
the application attempting to access the service or address
the direction of the communications
Which protocol should never be disabled on the CSA MC?
Which information is logged for file access control?
Which two types of rules apply to Windows systems only? (Choose two.)
clipboard access control rules
COM component access control rules
What is the purpose of the rootkit/kernel protection rule?
to restrict access to the operating system
Which application loads when installing the CSA MC to run the local database?
Microsoft SQL Server Desktop Engine
What action must happen before a system that has CSA can download policies configured for it?
The system must register with the CSA MC.
Which view within the CSA MC allows users to see overall system status information, including a summary of recorded events, agent configuration, and activity?
What is a benefit of putting hosts into groups?
The administrator can deploy rules in test mode.
In which type of rules are network address sets used?
network access control rules
What is the maximum number of characters that a policy name can contain?
When should you use preconfigured application classes for application deployment investigation?
What is the purpose of connection rate limit rules?
to limit the number of network connections within a specified time frame
Choose three types of rules that apply to both Windows and UNIX systems. (Choose three.)
Agent service control rules
Agent UI control rules
application control rules
What is the purpose of network access control rules?
to control access to both network services and network addresses
For which operating system is the network shield rule available?
Which operating system does not allow Query User options?
Which portion of an HTTP request is examined by data access control rules?
the URI portion of the request
Cisco Security Agent provides Day Zero attack prevention by using which of these methods?
using algorithms that compare application calls for system resources to the security policies
Which two of the following network access rules can you use to control access to specified network services? (Choose two.)
the application attempting to access the file
the operation attempting to act on the file
What action is taken on user query windows when the Agent UI is not present on a system?
The default action is always taken.
Which two items make up Agent kits? (Choose two.)
What are three types of variables used for CSA? (Choose three.)
network address sets
Which rules will not be enforced if you fail to reboot a Windows system following installation of the CSA?
network shield rules
What is the purpose of the sniffer and protocol detection rule?
to cause an event to be logged when non-IP protocols and sniffer programs are detected running on systems
What is the purpose of the Audit Trail function?
to display a detailed history of configuration changes
What is the purpose of the network interface control rule?
to prevent applications from opening devices and acting as a sniffer
Which one of the five phases of an attack attempts to become resident on a target?
Which Agent kit should be installed on the CSA MC?
the Agent kit that is automatically installed
Which action do you take when you are ready to deploy your CSA configuration to systems?
What happens if the Agent UI control rule is not present in any active rule modules?
The Agent UI is visible on the system.
For which operating system is the system API control rule available?
Which view within the CSA MC allows users to see a continuously refreshed view of the most recently logged event records?
What information is logged for registry access control?
When a rule is cloned, which part of the rule is not cloned?
Which two types of rules are UNIX-only rules?
network interface control rules
rootkit/kernel protection rules
Which protocol is required for the administrative workstation to communicate with the CSA MC?
Which view would you use to create a new policy within the CSA MC?
Configuration > Policies
What can you optionally install when you choose the Quiet Install option when creating a new Windows Agent kit?
the network shim
Which port is used to access the CSA MC from the administrative workstation?
What status is shown when an Agent kit is prepared for downloading to hosts?
Which two attacks could an attacker use during the probe phase of an attack? (Choose two.)
In which type of rules are file sets used?
file access control rules
Which action must be taken before a host can enforce rules when it has been moved to a new group?
Which type of privileges must you have on a host system to install CSA?