TestInside ccsp 642-533

Implementing Cisco Intrusion Prevention System (IPS) : 642-533 Exam
Exam Number/Code: 642-533
Exam Name: Implementing Cisco Intrusion Prevention System (IPS)
Questions and Answers: 63 Q&As
Price: $85.00
Update Time: 2008-6-27

“Implementing Cisco Intrusion Prevention System (IPS) “, also known as 642-533 exam, is a Cisco certification.
Preparing for the 642-533 exam? Searching 642-533 Test Questions, 642-533 Practice Exam, 642-533 Dumps?

Free 642-533 Demo Download
TestInside offers free demo for 642-533 exam ( Implementing Cisco Intrusion Prevention System (IPS) ). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

1. You think users on your corporate network are disguising the use of file-sharing applications by tunneling the

traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?

A. Enable all signatures in the Service HTTP engine.

B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.

C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny

Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.

D. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Override that adds the Deny

Packet Inline action to events triggered by the signature if the traffic originates from your corporate network.

E. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature. Answer: E

2. A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for advanced troubleshooting purposes when directed to do so by Cisco TAC?
A. administrator

B. operator C. viewer D. service E. root
F. super

Answer: D

3. Which character must precede a variable to indicate that you are using a variable rather than a string?

A. percent sign B. dollar sign C. ampersand D. pound sign E. asterisk Answer: B

4. Which statement accurately describes Cisco IPS Sensor automatic signature and service pack updates?

A. The Cisco IPS Sensor can automatically download service pack and signature updates from Cisco.com.

B. The Cisco IPS Sensor can download signature and service pack updates only from an FTP or HTTP server.

C. You must download service pack and signature updates from Cisco.com to a locally accessible server before they can be automatically applied to your Cisco IPS Sensor.
D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates hourly.

E. If multiple signature or service pack updates are available when the sensor checks for an update, the Cisco IPS Sensor installs the first update it detects.
Answer: C

5. Which two of the following parameters affect the risk rating of an event? (Choose two.) A. alert severity
B. global summary threshold

C. signature fidelity rating

D. scanner threshold

E. engine type

F. event count key

Answer: AC

6. You are using Cisco IDM. What precaution must you keep in mind when adding, editing, or deleting allowed hosts on a Cisco IPS Sensor?
A. You must not allow entire subnets to access the Cisco IPS Sensor

B. When using access lists to permit remote access, you must specify the direction of allowed communications.

C. You must not delete the IP address used for remote management. D. You can only configure the allowed hosts using the CLI.
E. You must use an inverse mask, such as 10.0.2.0 0.0.0.255, for the specified network mask for the IP address. Answer: C

7. How can you clear events from the event store?

A. You do not need to clear the event store; it is a circular log file, so once it reaches the maximum size it will be overwritten by new events.
B. You must use the CLI clear events command.

C. If you have Administrator privileges, you can do this by selecting Monitoring > Events > Reset button in Cisco

IDM.

D. You should select File > Clear IDM Cache in Cisco IDM.

E. You cannot clear events from the event store; they must be moved off the system using the copy command. Answer: B

8. Refer to the exhibit. Based on the partial output shown, which of these statements is true?

A. The module installed in slot 1 needs to be a type 5540 module to be compatible with the ASA 5540 Adaptive

Security Appliance module type.

B. The module installed in slot 1 needs to be upgraded to the same software revision as module 0 or it will not be recognized.
C. Module 0 system services are not running.

D. There is a Cisco IPS security services module installed. Answer: D

9. Which action does the copy /erase ftp://172.26.26.1/sensor_config01 current-config command perform?

A. erases the sensor_config01 file on the FTP server and replaces it with the current configuration file from the

Cisco IPS Sensor

B. copies and saves the running configuration to the FTP server and replaces it with the source configuration file

C. overwrites the backup configuration and applies the source configuration file to the system default

configuration

D. merges the source configuration file with the current configuration

Answer: C

10. Which of the following is a valid file name for a Cisco IPS 6.0 system image? A. IPS-K9-pkg-6.0-sys_img.sys
B. IPS-4240-K9-img-6.0-sys.sys

C. IPS-K9-cd-11-a-6.0-1-E1.img

D. IPS-4240-K9-sys-1.1-a-6.0-1-E1.img

Answer: D

11. What are the three roles of the Cisco IPS Sensor interface? (Choose three.) A. alternate TCP reset
B. blocking

C. command and control D. sensing (monitoring) E. logging
F. bypass

Answer: ACD

12. Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)

A. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90

days.

B. A license key is required to obtain signature updates.

C. A Cisco Services for IPS contract must be purchased to obtain signature updates. D. Cisco IDM requires a valid license key to operate normally.
E. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet contract exists.
Answer: BC

13. With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single

platform?

A. the number depends on the amount of device memory

B. two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type configurations

C. two D. four E. six
Answer: D

14. In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.)

A. enable all anti-evasive measures to reduce noise

B. place the Cisco IPS Sensor behind a firewall

C. always enable unidirectional capture

D. disable unneeded signatures

E. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events

F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors

Answer: BDE

15. What is used to perform password recovery for the “cisco” admin account on a Cisco IPS 4200 Series Sensor?

A. setup mode

B. ROMMON CLI C. GRUB menu
D. recovery partition E. Cisco IDM Answer: C

Free download：pass4sure 642-533
Free download：testking 642-533

TestKing - TestKing.com Help you pass Cisco exams

Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .

Related Posts

• Pass4sure Cisco ccsp 642-545 2.77
• Testking CCSP 642-515
• Actualtest cisco ccsp 642-504
• Testinside ccsp 642-504
• Testking Cisco ccsp 642-504
• Pass4sure Cisco CCSP Exam 642-504 2.75
• CBT Cisco CCSP - Exam-Pack 642-504: SNRS (update)
• 642-504 SNRS
• Security Threat Mitigation and Response:, Understanding Cisco Security MARS (Networking Technology)
• TestInside 642-565