TestInside ccsp 642-532
Securing Networks Using Intrusion Prevention Systems Exam (IPS) : 642-532 Exam
Exam Number/Code: 642-532
Exam Name: Securing Networks Using Intrusion Prevention Systems Exam (IPS)
Questions and Answers: 63 Q&As
Price: $79.00
Update Time: 2008-6-20
“Securing Networks Using Intrusion Prevention Systems Exam (IPS)”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam? Searching 642-532 Test Questions, 642-532 Practice Exam, 642-532 Dumps?
Free 642-532 Demo Download
TestInside offers free demo for 642-532 exam ( Securing Networks Using Intrusion Prevention Systems Exam (IPS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
1.What are three differences between inline and promiscuous sensor functionality? (Choose three.)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that is operating in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors.
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does. Ansewer:AEF
2.In which three ways does a Cisco network sensor protect network devices from attacks? (Choose three.)
A. It uses a blend of intrusion detection technologies to detect malicious network activity.
B. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C. It permits or denies traffic into the protected network that is based on access lists that you create
on the sensor.
D. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E. It uses behavior-based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.
Ansewer:ABD
3.How does a Cisco network sensor detect malicious network activity? A. by using a blend of intrusion detection technologies
B. by performing in-depth analysis of the protocols that are specified in the packets that are traversing the network
C. by comparing network activity to an established profile of normal network activity
D. by using behavior-based technology that focuses on the behavior of applications
Ansewer:A
4.Which two statements are true about Cisco IPS signatures? (Choose two.) A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but it can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the sensing engines to rebuild their configuration, which takes time and could delay the processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them. Ansewer:AC
5.Which two are necessary to take into consideration when preparing to tune your sensor? (Choose two.)
A. the security policy
B. the network topology
C. which outside addresses are statically assigned to the servers and which are DHCP addresses
D. the IP addresses of your inside gateway and outside gateway
E. which traffic the sensor denies by default
F. the current configuration for each virtual sensor
Ansewer:AB
6.In which file format are IP logs stored? A. Microsoft Word
B. Microsoft Excel
C. text
D. libpcap
Ansewer:D
7.Which three values are used to calculate the Risk Rating for an event? (Choose three.)
A. Attack Severity Rating
B. Signature Fidelity Rating
C. Target Value Rating
D. Target Fidelity Rating
E. Reply Ratio
F. Rate
Ansewer:ABC
8.Your network has only one entry point. However, you are concerned about internal attacks. Select the three best choices for your network. (Choose three.)
A. CSA Agents on corporate mail servers
B. CSA Agents on critical network servers and user desktops
C. the network sensor behind (inside) the corporate firewall
D. the network sensor in front of (outside) the corporate firewall
E. sensor and CSA Agents that report to management and monitoring servers that are located
inside the corporate firewall
F. sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall
Ansewer:BCE
9.Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.) A. on publicly accessible servers
B. on critical network servers
C. at network entry points
D. on user desktops
E. on corporate mail servers
F. on critical network segments
Ansewer:CF
10.Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario?
A. lowering the severity level of certain web signatures
B. raising the severity level of certain web signatures
C. disabling all web signatures
D. disabling the Meta Event Generator
E. retiring certain web signatures
Free download:pass4sure 642-532
Free download:testking 642-532
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Related Posts
[...] and Switches Exam(SNRS) Testinside Cisco 642-522 Securing Networks with PIX and ASA Exam(SNPA) Testinside Cisco 642-532 Securing Networks Using Intrusion Prevention Systems Exam (IPS) Testinside Cisco 642-513 Securing [...]