Ensurepass

QUESTION 141

What is the maximum number of virtual sensors that can be configured on a Cisco IPS 4260 Sensor appliance?

 

A.      2

B.      4

C.      6

D.      8

E.       16

F.       There is no fixed limit.

 

Answer: B

 

 

QUESTION 142

Which Cisco IPS appliance feature has the following three potential settings: off, partial, and full?

 

A.      anomaly detection

B.      POSFP

C.      reputation filtering

D.      global correlation network participation

E.       event action overrides

 

Answer: D

 

 

QUESTION 143

Defining the internal zone, external zone, and illegal zone is associated with which Cisco IPS appliance feature?

 

A.      reputation filtering

B.      threat detection

C.      event action overrides

D.      global correlation network participation

E.       threat rating adjustments

F.       anomaly detection

 

Answer: F

 

 

QUESTION 144

Which two are the functions of the learning feature of anomaly detection within a Cisco IPS appliance? (Choose two.)

 

A.      observes actual traffic patterns to the zones

B.      retrieves zero-day attack information from the Cisco SIO

C.      dynamically populates the host operating system database

D.      allows false-positive training by an IPS administrator

E.       builds the host reputation histogram

F.       learns which legitimate services have a scanning behavior

 

Answer: A,F

 

 

QUESTION 145

Regarding the Cisco IPS appliance anomaly detection feature, which two of these would be considered scan events? (Choose two.)

 

A.      an unacknowledged TCP SYN

B.      an online dictionary password attack

C.      exhaustive directory tree traversal on an FTP server

D.      a scan of all TCP ports on a single destination IP address

E.       a unidirectional UDP session

 

Answer: A,E

 

 

QUESTION 146

Which two are valid examples of String engines? (Choose two.)

 

A.      String HTTP

B.      String FTP

C.      String TCP

D.      String UDP

E.       String Trojan

F.       String IP

 

Answer: C,D

 

 

QUESTION 147

Which two operations would put an inline Cisco IPS sensor in detection mode? (Choose two.)

 

A.      subtract all aggressive actions using event action filters

B.      decrease the event count using event action filters

C.      increase the maximum inter-event interval using event action overrides

D.      remove the default event action override, which drops traffic with a risk rating of 90 to 100

E.       enable anomaly detection in detection mode only

 

Answer: A,D

 

 

QUESTION 148

What are the five possible values for the event count key parameter of an IPS signature? (Choose five.)

 

A.      attacker address

B.      victim address

C.      attacker and victim address

D.      victim address and port

E.       attacker and victim addresses and ports

F.       attacker address and victim port

G.      attacker and victim port

 

Answer: A,B,C,E,F

 

 

QUESTION 149

Which protocol or protocols does the Cisco Security Manager use to communicate with the Cisco IPS appliance?

 

A.      HTTPS only

B.      SSH only

C.      SNMPv3 only

D.      HTTPS and SNMPv3

E.       HTTPS and SSH

F.       HTTPS, SSH, and SNMPv3

 

Answer: A

 

 

QUESTION 150

The Cisco IPS appliance passive OS fingerprinting feature can use which three sources to determine the OS mappings information? (Choose three.)

 

A.      manually configured OS mappings

B.      OS mappings that are dynamically learned by the sensor through the fingerprinting of TCP packets with the SYN control bit set

C.      OS mappings information received from the Cisco Security Manager

D.      imported OS mappings from the Management Center for Cisco Security Agents

E.       OS mappings information learned by running Nessus scans

 

Answer: A,B,D

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Comments are closed.