Testking CCSP 642-532
Securing Networks Using Intrusion Prevention Systems Exam
Retired January 16, 2008
Exam Number: 642-532
Associated Certifications: CCSP, Cisco IPS Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
QUESTION 1:
A new IDSM2 module was installed in the Certkiller network. Which of the following features regarding the IDSM2 is true?
A. IDSM2 needs a separate management package
B. IDSM2 is limited to 62 signatures
C. IDSM2 can drop offending packets
D. IDSM2 makes use of the same code as the network appliance
E. None of the above
Answer: D Explanation:
IDSM-2 provides the following capabilities or features:
- Merged switching and security into a single chassis
- Ability to monitor multiple VLANs
- Does not impact switch performance
- Attacks and signatures equal to appliance sensor
- Uses the same code base of the appliance sensor
- Support for improved management techniques such as IDM Reference: Cisco Press CCSP CSIDS Guide, 2nd edition page 199
QUESTION 2:
A new NM-CIDS module is being inserted into the Certkiller network. Which versions of Cisco IOS software is needed to support the NM-CIDS module?
a. 3.1 and above. B. 4.1 and above C. 4.0 and above D. 2.0 and above
E. None of the above
Answer: B
TK
642-532
Explanation:
QUESTION 3:
A new Certkiller IPS sensor is being configured for inline operation. Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three)
A. Disable all interfaces except the inline pair
B. Add the inline pair to the default virtual sensor
C. Enable two interfaces for the pair
D. Disable any interfaces that are operating in promiscuous mode. E. Create the interface pair
F. Configure an alternate TCP-reset interface. Answer: B, C, E
Explanation:
Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus
TK
642-532
providing a protective service.
Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded
attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device.
In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface
of the pair unless that packet is being denied or modified by a signature.
To configure the interfaces for inline operation, you will need to create the interface pair, enable the two interfaces, and add the inline interface pair to the default sensor.
Reference: Configuring the Cisco Intrusion Prevention System Sensor Using the
Command Line Interface 5.1, Cisco Documentation, page 5-11.
QUESTION 4:
The Certkiller security administrator is determining whether to configure a new sensor in inline or promiscuous mode. What are three differences between inline and promiscuous sensor functionality? (Choose three)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that operates in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors.
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.
Answer: A, E, F Explanation:
In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a
copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented
by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an
attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the
promiscuous-based sensor can apply an ACL modification on a managed device (such as
Exam 642-532: Implementing Cisco Intrusion Prevention Systems (IPS)
Related Certifications: CCSP
Number of Questions: 60-70
Duration: 90 minutes
Exam Topics Include:
1. Describe how Cisco IPS sensors are used to mitigate network security threats
2. Install Cisco IPS sensors/modules and configure essential system parameters
3. Describe Cisco IPS sensor advanced system parameters
4. Tune Cisco IPS sensor advanced system parameters to optimize attack mitigation performance
5. Analyze Cisco IPS sensor events to determine the appropriate response to network attacks
6. Upgrade and maintain Cisco IDS and IPS sensors
7. Troubleshoot Cisco IDS/IPS sensor operation and configuration errors
Note: Last day to test 1/16/2008
The 642-532 IPS Implementing Cisco Intrusion Prevention Systems exam is one of the core exams associated with the Cisco Certified Security Professional (CCSP) certification. In all, you will need to pass five separate exams to become CCSP certified. This exam tests a candidate’s knowledge of implementing the Cisco IPS product.
Interactive Testing Engine Included!
110 Questions
Updated : 03/15/2008
Price : $87.99 $79.99
Free download?testking CCSP 642-532
Free download?pass4sure CCSP 642-532
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
