642-533 - IPS - Implementing Cisco Intrusion Prevention Systems

Go back to Cisco

Example Questions

What two steps must you perform to initialize a Cisco IPS Sensor appliance? (Choose two.) Which command provides a snapshot of the current internal state of a sensor service, enabling you to check the status of automatic upgrades and NTP? How does a Cisco network sensor detect malicious network activity? You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next? You have configured your sensor to use risk ratings to determine when to deny traffic into the network. How could you best leverage this configuration to provide the highest level of protection for the mission-critical web server on your DMZ? Which two are not forwarded to the NM-CIDS? (Choose two.) Which two tasks must you complete in Cisco IDM to configure the sensor to allow an SNMP network management station to obtain the sensor's health and welfare information? (Choose two.) Which statement accurately describes what the External Product Interface feature included in the Cisco IPS 6.0 software release allows the Cisco IPS Sensor to do? With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single platform? Which statement is true about using the Cisco IDM to configure automatic signature and service pack updates? Your Cisco router is hosting an NM-CIDS. The router configuration contains an inbound ACL. Which action does the router take when it receives a packet that should be dropped, according to the inbound ACL? What is the best way to mitigate the risk that executable-code exploits will perform malicious acts such as erasing your hard drive? You recently noticed a large volume of alerts generated by attacks against your web servers. Because these are mission-critical servers, you keep them up to date on patches. As a result, the attacks fail and your inline sensor generates numerous false positives. Your assistant, who monitors the alerts, is overwhelmed. Which two actions will help your assistant manage the false positives? (Choose two.) Which statement is true about viewing sensor events? Which two statements accurately describe the software bypass mode? (Choose two.) What are three differences between inline and promiscuous sensor functionality? (Choose three.) When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses? Under which tab in the Cisco IDM can you find the Custom Signature Wizard? Why would an attacker saturate the network with noise while simultaneously launching an attack? What is a false-negative alarm situation? Which statement is incorrect about Cisco IPS 6.0 Sensor Anomaly Detection? Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.) You think users on your corporate network are disguising the use of file-sharing applications by tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity? What is a configurable weight that is associated with the perceived importance of a network asset? Which statement is true about inline sensor functionality? Which character must precede a variable to indicate that you are using a variable rather than a string? Which command resets all signature settings back to the factory defaults? What is used to perform password recovery for the "cisco" admin account on a Cisco IPS 4200 Series Sensor? Which command displays the statistics for Fast Ethernet interface 0/1? Which value is not used to calculate the risk rating for an event? Which action is available only to signatures supported by the Normalizer engine? In which file format are IP logs stored? What is the purpose of an interface pair? What is the hostld entry in a Cisco IPS alert? You would like to examine all high-severity alert events generated by your sensor since 1:00 a.m. January 1, 2005. Which command should you use? Which two communication protocols does Cisco IEV support for communications with Cisco IPS Sensors? (Choose two.) Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario? You are in charge of Securing Networks with Cisco Routers and Switches for your company .What is not the role of the Cisco IPS Sensor interface. What is the primary function of a Master Blocking Sensor? Please match the inline and inline VLAN pair descriptions to the proper categories. (l) also known as inline on a stick (2) IPS appliance is installed between two network devices (3) Two monitoring interfaces are configured as a pair (4) IPS appliance bridges traffic between pairs of VLAN (I) Inline Interface Pair (Il) Inline VLAN Pair Which one of the following statements is true regarding tuned signatures? Which TCP stream reassembly mode disables TCP window-evasion checking? In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose? You are the network security administrator for a company. You want to create a user account for your assistant that gives the assistant the second-highest level of privileges. You want to ensure that your assistant can view all events and tune signatures. Which role would you assign to the account for your assistant? Which of the following is a valid file name for a Cisco IPS 6.0 system image? Which two protocols can be used for automatic signature anc service pack updates? (Choose two. Which command can be used to retrieve Cisco Product Evolution Program (PEP) unique device identifier (UDI) information to help you manage certified hardware versions within your network? How is automatic IP logging enabled on a sensor? Which of the following statements best describes how IP logging should be used? When performing a signature update on a Cisco IDS Sensor, which three server types are supported for retrieving the new software? (Choose three.)