642-627 - Implementing Cisco Intrusion Prevention System (IPS) v7.0

Go back to Cisco

Example Questions

OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value? Which two statements are true with respect to IPS false negatives? (Choose two.) What is a best practice to follow before tuning a Cisco IPS signature? In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose? When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch CLI command is used to configure SPAN on the switch? From the Cisco IPS appliance CLI setup command, one of the options is "Modify default threat prevention settings? [no]". What is this option related to? A Cisco Catalyst switch is experiencing packet drops on a SPAN destination port that is connected to an Cisco IPS appliance. Which three configurations should be considered to resolve the packet drops issue? (Choose three.) Which mode consolidates alarms where the Cisco IPS appliance will generate an alert the first time that a signature fires on an address set and then only send a summary alert for all address sets over a given time interval? Which option is best to use to capture only a subset of traffic (capturing traffic per-IP-address, per-protocol, or per-application) off the switch backplane and copy it to the Cisco IPS appliance? In which CLI configuration mode is the Cisco IPS appliance management IP address configured? Which three actions does the Cisco IDM custom signature wizard provide? (Choose three.) Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.) Which parameter is used to configure a signature to fire if the activity it detects happens a certain number of times for the same address set within a specified period of time? Numerous attacks using duplicate packets, changed packets, or out-of-order packets are able to successfully evade and pass through the Cisco IPS appliance when it is operating in inline mode. What could be causing this problem? Threat rating calculation is performed based on which factors? Which option is best to use to capture only a subset of traffic (capturing traffic per-IP-address, per- protocol, or per-application) off the switch backplane and copy it to the Cisco IPS appliance? Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.) Which two switching-based mechanisms are used to deploy high availability IPS using multiple Cisco IPS appliances? (Choose two.) Which configuration is required when setting up the initial configuration on the Cisco ASA 5505 to support the Cisco ASA AIP-SSC? A Cisco IPS appliance running in a network environment with asymmetrical traffic flow is experiencing many false positive alerts that are triggered by the 13000 signature ID. What can the IPS administrator tune on the IPS to reduce the false positives? Which two interface modes can be implemented with a single physical sensing interface on the Cisco IPS 4200 Series appliance? (Choose two.) Referring to the monitor session 1 destination GigabitEthernet0/47 ingress Cisco Catalyst switch command, what does the "ingress" command option enable? What about this configuration command is true: ips inline fail-open sensor sensor_name? Which Cisco IPS appliance feature has the following three potential settings: off, partial, and full? In tuning a Cisco IPS signature, you need to edit the regexp string of the Cisco IPS signature, but when editing the signature, the regexp string of the signature cannot be edited. What should you do? During Cisco IPS appliance troubleshooting, you notice that all the signatures are set to Fire All. What can cause this situation to occur? Which Cisco IPS appliance TCP session tracking mode should be used if packets of the same session are coming to the sensor over different interfaces, but should be treated as a single session? What will happen if you try to recover the password on the Cisco IPS 4200 Series appliance on which password recovery is disabled? The Cisco IPS appliance risk category is used with which other feature? Which two Cisco IPS modules support sensor virtualization? (Choose two.) When upgrading a Cisco IPS AIM or IPS NME using manual upgrade, what must be performed before installing the upgrade? When using the Cisco IPS signature and engine auto updates feature from Cisco.com, which password must be configured on the IDM Auto/Cisco.com Update pane? Which signature action should be selected to cause the attacker's traffic flow to terminate when the Cisco IPS appliance is operating in promiscuous mode? What must be configured to enable Cisco IPS appliance reputation filtering and global correlation? Which two operations would put an inline Cisco IPS sensor in detection mode? (Choose two.) Which two statements are true with respect to the AIP-SSC? (Choose two.) Which statement about the 4-port GigabitEthernet card with hardware bypass is true? W hat must be configured to enable Cisco IPS appliance reputation filtering and global correlation? Which two statements are true with respect to the AIP-SSM? (Choose two.) The Cisco IPS sensor can obtain operating system identification data from which two sources? (Choose two.) Which statement about inline VLAN pair deployment with the Cisco IPS 4200 Series appliance is true? When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch command is used to display information about all SPAN and remote SPAN sessions on the switch? Regarding the Cisco IPS appliance anomaly detection feature, which two of these would be considered scan events? (Choose two.) All signatures in the Cisco IPS signature set include which three parameters that can be tuned according to the environment? (Choose three.) Which two statements are true regarding the Cisco IPS appliance traffic normalizer? (Choose two.) In which three ways can you achieve better Cisco IPS appliance performance? (Choose three.) the Cisco IPS appliance behind a firewall. On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.) on the active signature window, there is a advanced option on bottom right corner, when we drill down that window to miscellaneous tab ? on the exam it shows that window with few answers, so please navigate that window and understand the options there. You are tasked to create a custom IPS signature using the IDM Custom Signature Wizard to detect a network reconnaissance attack in which one system makes connections to multiple hosts on multiple TCP ports. Which Cisco IPS signature engine should be selected to configure this custom IPS signature? From Cisco Security Manager, which external component or service is used to access in-depth signature information?

Study Guides