Pass4sure Cisco CCSP Exam 642-533 v2.93
Implementing Cisco Intrusion Prevention System (IPS) : 642-533 Exam
Exam Number/Code: 642-533
Exam Name: Implementing Cisco Intrusion Prevention System (IPS)
Exam : Cisco 642533
Title :
Implementing Cisco Intrusion
Prevention System (IPS)
Update : Demo
1. You think users on your corporate network are disguising the use of filesharing applications by
tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?
A. Enable all signatures in the Service HTTP engine.
B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.
C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.
D. Enable the alarm for the nonHTTP traffic signature. Then create an Event Action Override that adds the Deny Packet Inline action to events triggered by the signature if the traffic originates from your corporate network.
E. Enable both the HTTP application policy and the alarm on nonHTTP traffic signature. Answer: E
2. A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for advanced troubleshooting purposes when directed to do so by Cisco TAC?
A. administrator
B. operator C. viewer D. service E. root
F. super
Answer: D
3. Which character must precede a variable to indicate that you are using a variable rather than a string?
A. percent sign
B. dollar sign C. ampersand D. pound sign E. asterisk Answer: B
4. Which statement accurately describes Cisco IPS Sensor automatic signature and service pack updates?
A. The Cisco IPS Sensor can automatically download service pack and signature updates from
Cisco.com.
B. The Cisco IPS Sensor can download signature and service pack updates only from an FTP or HTTP
server.
C. You must download service pack and signature updates from Cisco.com to a locally accessible server before they can be automatically applied to your Cisco IPS Sensor.
D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates hourly.
E. If multiple signature or service pack updates are available when the sensor checks for an update, the
Cisco IPS Sensor installs the first update it detects. Answer: C
5. LAB
Answer: Sorry , No Correct Answer!
6. LAB
Answer: Sorry , No Correct Answer!
7. How can you clear events from the event store?
A. You do not need to clear the event store; it is a circular log file, so once it reaches the maximum size it will be overwritten by new events.
B. You must use the CLI clear events command.
C. If you have Administrator privileges, you can do this by selecting Monitoring > Events > Reset button in
Cisco IDM.
D. You should select File > Clear IDM Cache in Cisco IDM.
E. You cannot clear events from the event store; they must be moved off the system using the copy command.
Answer: B
8. Refer to the exhibit. Based on the partial output shown, which of these statements is true?
A. The module installed in slot 1 needs to be a type 5540 module to be compatible with the ASA 5540
Adaptive Security Appliance module type.
B. The module installed in slot 1 needs to be upgraded to the same software revision as module 0 or it will not be recognized.
C. Module 0 system services are not running.
D. There is a Cisco IPS security services module installed. Answer: D
9. Which action does the copy /erase ftp://172.26.26.1/sensor_config01 currentconfig command perform?
A. erases the sensor_config01 file on the FTP server and replaces it with the current configuration file from the Cisco IPS Sensor
B. copies and saves the running configuration to the FTP server and replaces it with the source configuration file
C. overwrites the backup configuration and applies the source configuration file to the system default configuration
D. merges the source configuration file with the current configuration
Answer: C
10. Which of the following is a valid file name for a Cisco IPS 6.0 system image? A. IPSK9pkg6.0sys_img.sys
B. IPS4240K9img6.0sys.sys
C. IPSK9cd11a6.01E1.img
D. IPS4240K9sys1.1a6.01E1.img
Answer: D
11. What are the three roles of the Cisco IPS Sensor interface? (Choose three.)
A. alternate TCP reset
B. blocking
C. command and control D. sensing (monitoring) E. logging
F. bypass
Answer: ACD
12. Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)
A. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for
90 days.
B. A license key is required to obtain signature updates.
C. A Cisco Services for IPS contract must be purchased to obtain signature updates. D. Cisco IDM requires a valid license key to operate normally.
E. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet contract exists.
Answer: BC
13. With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single platform?
A. the number depends on the amount of device memory
B. two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type configurations
C. two D. four E. six
Answer: D
14. In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.)
A. enable all antievasive measures to reduce noise
B. place the Cisco IPS Sensor behind a firewall
C. always enable unidirectional capture
D. disable unneeded signatures
E. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events
F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors
Answer: BDE
15. What is used to perform password recovery for the “cisco” admin account on a Cisco IPS 4200 Series
Sensor?
A. setup mode
B. ROMMON CLI C. GRUB menu
D. recovery partition
E. Cisco IDM Answer: C
16. What is the best way to mitigate the risk that executablecode exploits will perform malicious acts such
as erasing your hard drive?
A. assign deny actions to signatures that are controlled by the Trojan engines
B. assign the TCP reset action to signatures that are controlled by the Normalizer engine
C. enable blocking
D. enable application policy enforcement
E. assign blocking actions to signatures that are controlled by the State engine
Answer: A
17. Refer to the exhibit. Which interfaces are assigned to an inline VLAN pair? A. GigabitEthernet0/1 with GigabitEthernet0/2
B. GigabitEthernet0/1 with GigabitEthernet0/3
C. GigabitEthernet0/2 with GigabitEthernet0/3
D. None in this virtual sensor
Answer: D
18. In which three ways does a Cisco IPS network sensor protect the network from attacks? (Choose
three.)
A. It uses a blend of intrusion detection technologies to detect malicious network activity.
B. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C. It permits or denies traffic into the protected network based on access lists that you create on the sensor.
D. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E. It uses behaviorbased technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.
F. It uses anomaly detection technology to prevent evasive techniques such as obfuscation, fragmentation, and encryption.
Answer: ABD
19. Which two of the following parameters affect the risk rating of an event? (Choose two.)
A. alert severity
B. global summary threshold
C. signature fidelity rating
D. scanner threshold
E. engine type
F. event count key
Answer: AC
20. You are using Cisco IDM. What precaution must you keep in mind when adding, editing, or deleting allowed hosts on a Cisco IPS Sensor?
A. You must not allow entire subnets to access the Cisco IPS Sensor
B. When using access lists to permit remote access, you must specify the direction of allowed communications.
C. You must not delete the IP address used for remote management. D. You can only configure the allowed hosts using the CLI.
E. You must use an inverse mask, such as 10.0.2.0 0.0.0.255, for the specified network mask for the IP
address. Answer: C
21. Which statement is true about inline sensor functionality?
A. Inline functionality is available on any sensor that supports Cisco IPS Sensor Software Version 5.0 or later.
B. If your sensor has a sufficient number of monitoring interfaces, you can use inline and promiscuous modes simultaneously.
C. Any sensor that supports inline functionality can operate in either inline or promiscuous mode, but not
in both modes simultaneously.
D. If you switch a sensor between inline and promiscuous modes, you must reboot the sensor. Answer: B
22. Which one of the following statements is true regarding tuned signatures?
A. require that you create subsignatures that can then be tuned to your needs
B. require that you create custom signatures that can then be tuned to your needs
C. contain modified parameters of builtin signatures
D. begin with signature number 60000
E. are tuned using the Cisco IDM Custom Signature Wizard
Answer: C
23. You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next?
A. Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents.
B. Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager
to decode the IP log.
C. Use Cisco IDM to download the IP log to a management station then use a packet analyzer like
Ethereal to decode the IP log.
D. Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content.
E. Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation.
Answer: C
24. Refer to the exhibit. Which three statements correctly describe the configuration depicted in this Cisco
IDM virtual sensors list? (Choose three.)
A. inline dropping of packets can occur on the Gig0/0.1 subinterface
B. subinterfaces Gig0/2.0 and Gig0/3.0 are operating in IPS mode
C. the Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode simultaneously
D. the vs1 virtual sensor is misconfigured for inline operations since only one subinterface is assigned to vs1
E. inline dropping of packets can occur on the Gig0/2.0 subinterface or Gig0/3.0 subinterface or both
F. the vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201
Answer: ACF
25. Refer to the exhibit. Which further action must you take in order to create a new virtual sensor?
A. assign a unique name
B. create and assign a unique Signature Definition Policy
C. create and assign a unique Event Action Rule Policy
D. set AD Operational Mode to Inactive as that is a global parameter
E. set Inline TCP Session Tracking Mode to Interface Only as there is only one interface available for assignment
F. assign a description
Answer: A
26. Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms, that exploit a number of different vulnerabilities and can trigger several different signatures?
A. Analysis engine
B. SensorApp
C. Application Policy Enforcement
D. Summarizer
E. Normalizer
F. Meta Event Generator
Answer: F
27. Which three statements accurately describe Cisco IPS 6.0 Sensor Anomaly Detection? (Choose three.)
A. It subdivides the network into two zones (internal and external).
B. It is used to identify worms which spread by scanning the network.
C. In the Anomaly Detection histograms, the number of source IP addresses is either learned or configured by the user.
D. In the Anomaly Detection histograms, the number of destination IP addresses is predefined.
E. It has three modes: learn mode, detect mode, and attack mode.
F. Anomaly Detection signatures have three subsignatures (single scanner, multiple scanners, and worms outbreak).
Answer: BCD
28. When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses?
A. excludes the defined IP addresses from automatic risk rating calculations so that you can specify the desired risk rating
B. allows you to configure separate OS maps within that IP address range
C. specifies which IP address range to import from the EPI for OS fingerprinting
D. limits the ARR to the defined IP addresses
Answer: D
29. Which statement accurately describes what the External Product Interface feature included in the
Cisco IPS
6.0 software release allows the Cisco IPS Sensor to do?
A. collaborate with Cisco Security MARS for incident investigations
B. collaborate with Cisco Security Manager for centralized events management
C. have Cisco IEV subscribe to it and receive events from it
D. receive host postures and quarantined IP address events from the CiscoWorks Management Center for Cisco Security Agent
E. perform Anomaly Detection by receiving events from external sources
Answer: D
30. When signature 3116 fires, you want your Cisco IPS Sensor to terminate the current packet and future packets on this TCP flow only. Which action should you assign to the signature?
A. Deny Attacker Inline
B. Deny Connection Inline
C. Reset TCP Connection
D. Request Block Connection
Answer: B
KillTest.com was founded in 2006. The safer,easier way to help you pass any IT
Certification exams . We provide high quality IT Certification exams practice questions and answers(Q&A). Especially Adob e, Apple, Cit rix, Compt ia, EM C,
HP, Hu aW ei, LPI, No rtel, Oracle , SUN, Vmw are and so on. And help you pass any IT Certification exams at the first try.
You can reach us at any of the email addresses listed below. English Customer: Chinese Customer: Sales : sales@Killtest.com sales@Killtest.net
Support: support@Killtest.com support@Killtest.com
“Implementing Cisco Intrusion Prevention System (IPS)”, also known as 642-533 exam, is a Cisco certification.
Preparing for the 642-533 exam? Searching 642-533 Test Questions, 642-533 Practice Exam, 642-533 Dumps?
With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-533 Exam preparation. In the 642-533 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 63 Q&As
Updated: May 15th , 2008
Market Price: $125.99
Member Price: $99.99
Free down:Pass4sure Cisco CCSP Exam 642-533 v2.93
Free down:testking Cisco CCSP Exam 642-533
password:www.ccna.cc
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Related Posts
[...] Networks with Cisco Routers and Switches Pass4sure 642-523 Securing Networks with PIX and ASA Pass4sure 642-533 Implementing Cisco Intrusion Prevention System [...]
[...] Cisco Intrusion Prevention System (IPS) : 642-533 Exam pass4sure 642-533 Questions and Answers : 63 Q&As Updated: Sep 15th , 2008 Market Price: $125.99 Member Price: [...]
[...] questions and answers. Pass4sureImplementing Cisco Intrusion Prevention System (IPS) : 642-533 Exam pass4sure 642-533 Questions and Answers : 63 Q&As Updated: Sep 15th , 2008 Market Price: $125.99 Member Price: [...]
[...] download: testking 642-533 Free download: pass4sure 642-533 Free download: actualtest 642-533 Free download: testinside [...]