Ensurepass

QUESTION 21

What are the three anomaly detection modes? (Choose three.)

 

A.      detect

B.      active

C.      inactive

D.      learn

E.       full

F.       partial

 

Answer: A,C,D

 

 

QUESTION 22

Which type of signature engine is best suited for creating custom signatures that inspect data at OSI Layer 5 and above?

 

A.      Atomic

B.      String

C.      Sweep

D.      Service

E.       Meta

F.       Flood

 

Answer: D

 

 

QUESTION 23 DRAG DROP

clip_image002

Answer:

 

clip_image003

 

QUESTION 24

A Cisco Catalyst switch is experiencing packet drops on a SPAN destination port that is connected to an Cisco IPS appliance. Which three configurations should be considered to resolve the packet drops issue? (Choose three.)

 

A.      Configure an additional SPAN session to a different Cisco IPS appliance interface connected to the same virtual sensor

B.      Configure an EtherChannel bundle as the SPAN destination port.

C.      Configure RSPAN.

D.      Configure VACL capture.

E.       Configure the Cisco IPS appliance to inline mode.

 

Answer: A,D,E

 

 

QUESTION 25 DRAG DROP

clip_image005

Answer:

clip_image007

 

 

QUESTION 26

Which signature action should be selected to cause the attacker’s traffic flow to terminate when the Cisco IPS appliance is operating in promiscuous mode?

 

A.      deny connection

B.      deny attacker

C.      reset TCP connection

D.      deny packet, reset TCP connection

E.       deny connection, reset TCP connection

 

Answer: C

 

 

 

QUESTION 27 DRAG DROP

clip_image009

Answer:

clip_image011

 

 

QUESTION 28

During Cisco IPS appliance troubleshooting, you notice that all the signatures are set to Fire All. What can cause this situation to occur?

 

A.      A new signature engine update package has been loaded to the Cisco IPS appliance.

B.      A new signature/virus update package has been loaded to the Cisco IPS appliance.

C.      Summarizer has been disabled globally.

D.      All the signatures have been set to the default state.

E.       All the signatures have been retired, and then unretired.

 

Answer: C

 

 

QUESTION 29

From which three sources does the Cisco IPS appliance obtain OS mapping information? (Choose three.)

 

A.      from manually configured OS mappings

B.      imported OS mappings from Management Center for Cisco Security Agent

C.      imported OS mappings from Cisco Security Manager

D.      learned OS mappings from passive OS fingerprinting

E.       learned OS mappings from Cisco SensorBase input

F.       from Cisco IPS signature updates

 

Answer: A,B,D 

 

 

QUESTION 30

Which IPS alert action is available only in inline mode?

 

A.      produce verbose alert

B.      request rate limit

C.      reset TCP connection

D.      log attacker/victim pair packets

E.       deny-packet-inline

F.       request block connection

 

Answer: E

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

 

Comments are closed.