Ensurepass

QUESTION 131

Refer to the exhibit.

clip_image002

What does an action of Rotate indicate?

 

A.      A new knowledge base is created, but is not loaded. You can view it to decide if you want to load it.

B.      A new knowledge base is created and loaded.

C.      The knowledge base is rolled back to the previous version.

D.      The knowledge base is rotated on a periodic schedule using the different existing knowledge bases.

 

Answer: B

 

 

QUESTION 132

Reports generated by Cisco IME can be saved in which two formats? (Choose two.)

 

A.      XML

B.      RTF

C.      HTML

D.      PDF E. XLS

E.       DOC

 

Answer: B,D

 

 

QUESTION 133

Which three configurations are the defaults on the Cisco IPS 4200 Series appliance? (Choose three.)

 

A.      IPS appliance default IP address = 192.168.1.2 and default gateway = 192.168.1.1

B.      password recovery enabled

C.      TLS and SSL access disabled

D.      Telnet access disabled

E.       Web Server Port = 80

 

Answer: A,B,D

 

 

QUESTION 134

Which Cisco IPS appliance CLI command is used to display information in the IPS Event Store?

 

A.      show config

B.      show events

C.      show database

D.      show sdee

E.       show log

F.       show event-store

G.      show alerts

 

Answer: B

 

 

QUESTION 135

With a Cisco IPS appliance running v7.0, which three event actions support IPv4 and IPv6? (Choose three.)

 

A.      log attacker/victim pair packets

B.      request block connection

C.      request rate limit

D.      reset TCP connection

E.       modify packet inline

F.       request block host

 

Answer: A,D,E

 

 

QUESTION 136

Which two statements accurately describe virtual sensor operations on the Cisco IPS appliance? (Choose two.)

 

A.      You must create a new instance of a signature set for each new virtual sensor.

B.      The packet processing policy is virtualized.

C.      Creating a new virtual sensor creates a “virtual” machine on the Cisco IPS appliance.

D.      vs0 can be cloned then deleted.

E.       Each virtual sensor can have its own unique event action rules.

 

Answer: B,E

 

 

QUESTION 137

When using the Cisco IPS signature and engine auto updates feature from Cisco.com, which password must be configured on the IDM Auto/Cisco.com Update pane?

 

A.      the IPS appliance “cisco” user account password

B.      the IPS appliance “service” user account password

C.      the IPS appliance “support” user account password

D.      the IPS appliance enable password

E.       the CCO user account password

 

Answer: E

 

 

QUESTION 138

Which three statements are true with respect to IPS false positives? (Choose three.)

 

A.      An example of a false positive is when the IPS appliance produces an alert in response to the normal activities of the company’s network management system.

B.      Increasing the set of TCP ports that a signature matches on may reduce false positives.

C.      False positives may be reduced by disabling certain signatures.

D.      Event action filters can be implemented to reduce false positives.

E.       An example of a false positive is the IPS not reacting to a successful denial of service attack.

 

Answer: A,C,D

 

 

QUESTION 139

Which rating is determined by adjusting the risk rating with respect to preventative actions taken by the sensor?

 

A.      attack severity rating

B.      attack relevancy rating

C.      damage assessment rating

D.      hazard rating

E.       threat rating

F.       event action delta

 

Answer: E

 

 

QUESTION 140

Passive operating system fingerprinting can be used to determine which aspect of the event risk rating?

 

A.      target value rating

B.      watch list rating

C.      signature fidelity rating

D.      attack severity rating

E.       promiscuous delta

F.       attack relevancy rating

 

Answer: F

 

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Comments are closed.