Which three statements about the Cisco IntelliShield Alert Manager are true? (Choose three.)
A. Alert information is analyzed and validated by Cisco security analysts.
B. Alert analysis is vendor-neutral.
C. The built-in workflow system provides a mechanism for tracking vulnerability remediation and integration with Cisco Security Manager and Cisco Security MARS.
D. Users can customize the notification to deliver tailored information relevant to the needs of the organization
E. Customers are automatically subscribed to use Cisco Security IntelliShield Alert Manager Service with the Cisco IPS license.
F. More than 10 report types are available within the Cisco Security IntelliShield Alert Manager Service.
Which two configurations are required on the Cisco IPS appliance to allow Cisco Security Manager to log into the Cisco IPS appliance? (Choose two.)
A. Enable SNMPv2.
B. Enable SSH access.
C. Enable TLS/SSL to allow HTTPS access.
D. Enable NTP.
E. Enable Telnet access.
F. Enable the IP address of the Cisco Security Manager server as an allowed host.
What is the status of OS Identification?
A. It is only enabled to identify Cisco IOS” OS using statically mapped OS fingerprinting
B. OS mapping information will not be used for Risk Rating calculations.
C. It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.
D. It is enabled for passive OS fingerprinting for all networks.
Which signature definition is virtual sensor 0 assigned to use?
What action will the sensortake regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?
A. Global correlation is configured in Audit mode for testing the feature without actually denying any hosts.
B. Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.
C. It will not adjust risk rating values based on the known bad hosts list.
D. Reputation filtering is disabled.
To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?
A. It will not contribute to the SensorBase network.
B. It will contribute to the SensorBase network, but will withhold some sensitive information
C. It will contribute the victim IP address and port to the SensorBase network.
D. It will not contribute to Risk Rating adjustments that use information from the SensorBase network.
Which two statements about Signature 1104 are true? (Choose two.)
A. This is a custom signature.
B. The severity level is High.
C. This signature has triggered as indicated by the red severity icon.
D. Produce Alert is the only action defined.
E. This signature is enabled, but inactive, as indicated by the/0 to that follows the signature number.
Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)
A. The maximum number of denied attackers is set to 10000.
B. The block action duraton is set to 3600 seconds.
C. The Meta Event Generator is globally enabled.
D. Events Summarization is globally disabled.
E. Threat Rating Adjustment is globally disabled.
Which four statements about the blocking capabilities of the Cisco IPS appliance are true? (Choose four.)
A. The three types of blocks are: host, connection, and network.
B. Host and connection blocks can be initiated manually or automatically when a signature is triggered.
C. Network blocks can only be initiated manually.
D. The Device Login Profiles pane is used to configure the profiles that the network devices use when logging into the Cisco IPS appliance
E. Multiple Cisco IPS appliances can forward their blocking requests to the master blocking sensor.
F. Pre-Block and Post-Block ACLs are applicable for blocking or rate limiting.
OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value?
Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.