QUESTION 41 DRAG DROP
On the Cisco IPS appliance, each virtual sensor can have its own instance of which three parameters? (Choose three.)
QUESTION 43 DRAG DROP
Refer to the exhibit. What happens when you click the Cisco Security MARS icon on the Cisco Security MARS query result screen?
A. Cross-launch Cisco Security Manager to link the Cisco Security MARS event back to the IPS signature and policy within the Cisco Security Manager that triggered it.
B. Cross-launch Cisco IDM so the signature that triggered it can be examined.
C. Cross-launch Cisco IDM to show the corresponding IPS alerts.
D. Cross-launch Cisco Security Manager to show the corresponding IPS alerts.
E. Cross-launch Cisco IME so the signature that triggered it can be examined.
Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.)
A. only operates in inline modes
B. ensures that Layer 4 to Layer 7 traffic conforms to the protocol specifications
C. tracks session states and stops packets that do not fully match session state
D. modifies ambiguously fragmented IP traffic
E. cannot analyze asymmetric traffic flows
Refer to the exhibit. What does the Deny Percentage setting affect?
A. the percentage of the signatures to be tuned by the event action filter
B. the percentage of the Risk Rating value to be tuned by the event action filter
C. the percentage of packets to be denied for the deny attacker actions
D. the percentage of the signatures to be tuned by the event action overrides
Which protocol is used by Encapsulated Remote SPAN?
In which three ways can you achieve better Cisco IPS appliance performance? (Choose three.)
A. Place the Cisco IPS appliance behind a firewall.
B. Disable unneeded signatures.
C. Enable unidirectional capture.
D. Have multiple Cisco IPS appliances in the path and configure them to detect different types of events
E. Enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series appliance.
F. Enable all anti-evasive measures to reduce noise.
What must be configured to enable Cisco IPS appliance reputation filtering and global correlation?
A. DNS server(s) IP address
B. full sensor based network participation
C. trusted hosts settings
D. external product interfaces settings
What is a best practice to follow before tuning a Cisco IPS signature?
A. Disable all the alert actions on the signature to be tuned.
B. Disable the signature to be tuned.
C. Create a clone of the signature to be tuned.
D. Increase the number of events required to trigger the signature to be tuned.
E. Decrease the attention span (maximum inter-event interval) of the signature to be tuned
Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.