642-513 - HIPS - Securing Hosts Using Cisco Security Agent Exam

Go back to Cisco

Example Questions

What is the purpose of the Compare tool? Which of these is a reason for using groups to administer Agents? How can the Agent kit be sent out to host machines? What application is installed on the server after the CSA MC is installed? What are the three options that can be given to a user when a Query User window appears? (Choose three.) Which two of the following file access rule criteria can you use to allow or deny the operations that the selected applications can perform on files? (Choose two.) Which protocol should never be disabled on the CSA MC? Which information is logged for file access control? Which two types of rules apply to Windows systems only? (Choose two.) What is the purpose of the rootkit/kernel protection rule? Which application loads when installing the CSA MC to run the local database? What action must happen before a system that has CSA can download policies configured for it? Which view within the CSA MC allows users to see overall system status information, including a summary of recorded events, agent configuration, and activity? What is a benefit of putting hosts into groups? In which type of rules are network address sets used? What is the maximum number of characters that a policy name can contain? When should you use preconfigured application classes for application deployment investigation? What is the purpose of connection rate limit rules? Choose three types of rules that apply to both Windows and UNIX systems. (Choose three.) What is the purpose of network access control rules? For which operating system is the network shield rule available? Which operating system does not allow Query User options? Which portion of an HTTP request is examined by data access control rules? Cisco Security Agent provides Day Zero attack prevention by using which of these methods? Which two of the following network access rules can you use to control access to specified network services? (Choose two.) What action is taken on user query windows when the Agent UI is not present on a system? Which two items make up Agent kits? (Choose two.) What are three types of variables used for CSA? (Choose three.) Which rules will not be enforced if you fail to reboot a Windows system following installation of the CSA? What is the purpose of the sniffer and protocol detection rule? What is the purpose of the Audit Trail function? What is the purpose of the network interface control rule? Which one of the five phases of an attack attempts to become resident on a target? Which Agent kit should be installed on the CSA MC? Which action do you take when you are ready to deploy your CSA configuration to systems? What happens if the Agent UI control rule is not present in any active rule modules? For which operating system is the system API control rule available? Which view within the CSA MC allows users to see a continuously refreshed view of the most recently logged event records? What information is logged for registry access control? When a rule is cloned, which part of the rule is not cloned? Which two types of rules are UNIX-only rules? Which protocol is required for the administrative workstation to communicate with the CSA MC? Which view would you use to create a new policy within the CSA MC? What can you optionally install when you choose the Quiet Install option when creating a new Windows Agent kit? Which port is used to access the CSA MC from the administrative workstation? What status is shown when an Agent kit is prepared for downloading to hosts? Which two attacks could an attacker use during the probe phase of an attack? (Choose two.) In which type of rules are file sets used? Which action must be taken before a host can enforce rules when it has been moved to a new group? Which type of privileges must you have on a host system to install CSA?