Ensurepass

QUESTION 121

Referring to the monitor session 1 destination GigabitEthernet0/47 ingress Cisco Catalyst switch command, what does the “ingress” command option enable?

 

A.      Allow the capture of bidirectional traffic on the GigabitEthernet0/47 switch port.

B.      Add .1Q headers on the SPAN port (GigabitEthernet0/47) to indicate the source VLAN to the Cisco IPS appliance in promiscuous mode.

C.      Allow the SPAN port (GigabitEthernet0/47) to be a source of traffic (for TCP resets).

D.      Enable flow-based SPAN session.

E.       Limit (filter) SPAN source traffic.

 

Answer: C

 

 

QUESTION 122

The Cisco IPS sensor can obtain operating system identification data from which two sources? (Choose two.)

 

A.      passive operating system fingerprinting

B.      imported from Cisco SensorBase

C.      imported from Cisco Security MARS

D.      manual operating system mappings configured on the Cisco IPS appliance

E.       imported from Cisco Secure Desktop OS scan

 

Answer: A,D

 

 

QUESTION 123

From Cisco Security Manager, which external component or service is used to access in-depth signature information?

 

A.      Cisco SensorBase

B.      Cisco Security MARS

C.      Cisco IntelliShield Service

D.      ScanSafe Service

 

Answer: C

 

 

QUESTION 124

Which mode consolidates alarms where the Cisco IPS appliance will generate an alert the first time that a signature fires on an address set and then only send a summary alert for all address sets over a given time interval?

 

A.      Fire Once

B.      Fire All

C.      Fire Summarize

D.      Summarize

E.       Global Summarize

 

Answer: E

 

 

QUESTION 125

Refer to the exhibit.

clip_image002Which option is affected by the IP Log parameters?

 

A.      the syslog operations of the Cisco IPS appliance

B.      the signature logging action

C.      SNMP trap operations

D.      the signature produce verbose alert action

E.       the SDEE operations of the Cisco IPS appliance

 

Answer: B

 

 

QUESTION 126

Refer to the exhibit.

clip_image004Configuring traffic flow notifications on the Cisco IPS appliance is most useful in what situation?

 

A.      to determine the IPS throughput rate when using inline mode

B.      to detect IPS performance issues

C.      to enable bypass mode when the Cisco IPS appliance fails

D.      to prevent DoS attacks

 

Answer: B

 

 

QUESTION 127

When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch command is used to display information about all SPAN and remote SPAN sessions on the switch?

 

A.      show span

B.      show sessions

C.      show interface

D.      show monitor

 

Answer: D

 

 

QUESTION 128

What about this configuration command is true: ips inline fail-open sensor sensor_name?

 

A.      will enable fail-open hardware bypass on the Cisco IPS 4200 Series appliance

B.      will enable inline operation on the Cisco IPS 4200 Series appliance

C.      will enable inline operation on the Cisco IDSM-2, IPS AIM, or IPS NME

D.      will enable the desired traffic to be diverted from the Cisco ASA to one of the Cisco ASA AIP-SSM virtual sensors

 

Answer: D

 

 

QUESTION 129

Which parameter is used to configure a signature to fire if the activity it detects happens a certain number of times for the same address set within a specified period of time?

 

A.      event action

B.      event counter

C.      summary count

D.      summary key

 

Answer: B

 

 

QUESTION 130

What is the maximum number of virtual sensors that a Cisco IPS 4200 Series appliance can support?

 

A.      depends on the Cisco IPS 4200 Series appliance model

B.      2

C.      3

D.      4

E.       5

F.       6

 

Answer: D

 

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Comments are closed.