Cisco Certification Training

642-513 : Securing Hosts Using Cisco Security Agent Last Updated Wednesday, July 02, 2008 with 69 Questions

Securing Hosts Using Cisco Security Agent Exam (HIPS)
Exam Number: 642-513 Exam
Associated Certifications: Securing Hosts Using Cisco Security Agent Exam (HIPS)
Duration: 69 Q&As
Available Language(s): English
Exam Details
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v2.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.
Free 642-513 Exams’s PDF Download
Free Actualtests offers free demo for 642-513 PDF(Securing Hosts Using Cisco Security Agent Exam (HIPS)). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Securing Hosts Using Cisco Security Agent Exam (HIPS).

Recommended Training about 642-513 exam PDF
The following courses are the recommended training for 642-513 exam PDF.
642-513 Q & A with Explanations
642-513 Audio Exam
642-513 Study Guide
642-513 Preparation Lab
642-513 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
642-513 Exam: Actualtests’s Securing Hosts Using Cisco Security Agent Exam (HIPS) PDF
The Securing Hosts Using Cisco Security Agent Exam (HIPS) PDF for preparing for the 642-513 exam -Actualtests ’s Securing Hosts Using Cisco Security Agent Exam (HIPS). Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.

QUESTION 1:
Certkiller chose the Cisco CSA product to protect the network against the newest
attacks. Cisco Security Agent provides Day Zero attack prevention by using which
of these methods?
A. Using signatures to enforce security policies
B. Using API control to enforce security policies
C. Using stateful packet filtering to enforce security policies
D. Using algorithms that compare application calls for system resources to the security
policies
E. None of the above
Answer: D
Explanation:
Because Cisco Security Agent analyzes behavior rather than relying on signature
matching, it never needs updating to stop a new attack. This zero-update architecture
provides protection with reduced operational costs and can identify so-called “Day Zero”
threats.”
At a high level, Cisco(r) Security Agent is straightforward. It intercepts system calls
between applications and the operating system, correlates them, compares the correlated
system calls against a set of behavioral rules, and then makes an “allow” or”deny”
decision based on the results of its comparison. This process is called INCORE, which
stands for intercept, correlate, rules engine.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_white_paper0900aecd8020f448.shtml
QUESTION 2:
Certkiller has implemented the CSA product to provide security for all of their
devices. For which layers of the OSI reference model does CSA enforce security?
A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7
Answer: D
Explanation:
Cisco Security Agent provides threat protection for server and desktop computing
systems, also known as endpoints. It helps to reduce operational costs by identifying,
preventing, and eliminating known and unknown security threats. The Cisco Security
Agent consolidates endpoint security functions in a single agent, providing:
642-513
Actualtests.com - The Power of Knowing
1. Host intrusion prevention
2. Spyware/adware protection
3. Protection against buffer overflow attacks
4. Distributed firewall capabilities
5. Malicious mobile code protection
6. Operating-system integrity assurance
7. Application inventory
8. Audit log-consolidation
This provides security for endpoints at the network layer (layer 3) through the application
layer (layer 7).
QUESTION 3:
The CSA architecture model is made up of three major components. Which three
are they? (Choose three)
A. Cisco Trust Agent
B. Cisco Security Agent
C. Cisco Security Agent Management Center
D. Cisco Intrusion Prevention System
E. An administrative workstation
F. A syslog server
Answer: B, C, E
Explanation:
The CSA MC architecture model consists of a central management center which
maintains a database of policies and system nodes, all of which have Cisco Security
Agent software installed on their desktops and servers. The agents themselves, and an
administrative workstations, combined with the Management Center, comprise the three
aspects of the CSA architecture.
Agents register with CSA MC. CSA MC checks its configuration database for a record of
the system. When the system is found and authenticated, CSA MC deploys a configured
policy for that particular system or grouping of systems.
QUESTION 4:
DRAG DROP
As a Certkiller trainee you are required to matchthe Cisco Trust Agent posture state
with its definition.
642-513
Actualtests.com - The Power of Knowing
Answer:
QUESTION 5:
DRAG DROP
As a Certkiller student you are required to match the CSA MC view with the
corresponding definition.
642-513
Actualtests.com - The Power of Knowing
Answer:
QUESTION 6:
A hacker is attacking the Certkiller network and is currently in the penetration
phase. Which two attacks could an attacker use during the penetrate phase of an
attack? (Choose two)
A. Install new code
642-513
Actualtests.com - The Power of Knowing
B. Modify configuration
C. Ping scans
D. Buffer overflow
E. Erase files
F. E-mail attachment
G. ICMP Flood
Answer: D, F
Explanation:
Exploit code is transferred to the vulnerable target in the penetrate phase. The goal of this
phase is to get the target executing the exploit code through some attack vector like a
buffer overflow or email attachment. The life cycle of an attack is shown in the following
diagram:
Reference:
www.cisco.com/application/pdf/en/us/guest/products/ps5057/c1244/cdccont_0900aecd800ae55e.pdf
QUESTION 7:
Of the following choices, which could an attacker use during the propagate phase of
an attack?
A. Ping scans
B. Crash systems
C. Attack other targets
D. Erase files
E. Steal data
F. Penetrate systems
G. All of the above
Answer: C
Explanation:
The different phases of an attack are shown in the diagram below:
642-513
Actualtests.com - The Power of Knowing
Reference:
http://www.cisco.com/hk/learning/security_day/files/outbreak_prevention_soln_nac_csa.pdf
QUESTION 8:
A hacker has penetrated a network and now wants to reside on host. Which one of
the five phases of an attack attempts to become resident on a target?
A. Probe phase
B. Penetrate phase
C. Persist phase
D. Propagate phase
E. Paralyze phase
Answer: C
Explanation:
The system attack cycle consists of 5 phases described below:
1. Vulnerable targets are identified in the probe phase. The goal of this phase is to find
computers that can be subverted.
2. Exploit code is transferred to the vulnerable target in the penetrate phase. The goal of
this phase is to get the target executing the exploit code through some attack vector like a
buffer overflow.
3. When an exploit has been successful, the exploit code tries to make itself persistent on
the target. The goal of the persist phase is to ensure that the attacker’s code will be
running and available to the attacker even if the target system reboots.
4. When an attacker has access to the organization’s network, it extends the attack to
other targets. The propagate phase looks for vulnerable neighboring devices to which it
can spread the exploit code.
5. Only in the paralyze phase is damage done. Files are erased, systems fail, and
distributed denial-of-service (DDoS) attacks are launched.
642-513
Actualtests.com - The Power of Knowing
Reference:
www.cisco.com/application/pdf/en/us/guest/products/ps5057/c1244/cdccont_0900aecd800ae55e.pdf
QUESTION 9:
Which two attacks could an attacker use on network during the probe phase of an
attack? (Choose two)
A. Buffer overflow
B. Install new code
C. Ping scans
D. Erase files
E. Port scans
Answer: C, E
Explanation:
The system attack cycle consists of 5 phases described below:
1. Vulnerable targets are identified in the probe phase. The goal of this phase is to find
computers that can be subverted.
2. Exploit code is transferred to the vulnerable target in the penetrate phase. The goal of
this phase is to get the target executing the exploit code through some attack vector like a
buffer overflow.
3. When an exploit has been successful, the exploit code tries to make itself persistent on
the target. The goal of the persist phase is to ensure that the attacker’s code will be
running and available to the attacker even if the target system reboots.
4. When an attacker has access to the organization’s network, it extends the attack to
other targets. The propagate phase looks for vulnerable neighboring devices to which it
can spread the exploit code.
5. Only in the paralyze phase is damage done. Files are erased, systems fail, and
distributed denial-of-service (DDoS) attacks are launched.
642-513
Actualtests.com - The Power of Knowing
Reference:
www.cisco.com/application/pdf/en/us/guest/products/ps5057/c1244/cdccont_0900aecd800ae55e.pdf
QUESTION 10:
A CSA Query User window has popped up on a Certkiller user’s PC. What are the
three options that can be given to a user when a Query User window appears?
(Choose three)
A. Allow
B. Accept
C. Deny
D. Kill
E. Terminate
F. Block
Answer: A, C, E
Explanation:
Query User: Some application behaviors will be legitimate under some circumstances
and suspicious at other times. For example, when an application is writing a DLL file to
the System32 directory, it could be part of a user-initiated software installation, or it
could be a virus being installed without the user being aware of it. To manage events
where the user’s intent is a critical determining factor, Cisco Security Agent can be
configured to query the user with a pop-up window. The text of the user query is
configurable by the Cisco security Agent administrator;careful consideration should be
given to make the query text as clear as possible to the common user. The user query
pop-up window can be designed to offer the user any or all of these radio button options:
Allow, Deny, or Terminate.

Free download?pass4sure 642-513
Free download?testking 642-513

Type	Exam Bible	New Questions & Answers	Latest Updated	Download link
	All Cisco 's Exam Pack	589	1 days ago	Download