Ensurepass

QUESTION 81

When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch CLI command is used to configure SPAN on the switch?

 

A.      span source in interface configuration mode

B.      span session in global configuration mode

C.      monitor destination in interface configuration mode

D.      monitor session in global configuration mode

E.       mirror session in global configuration mode

 

Answer: D

 

 

QUESTION 82

The AIP-SSC differs from the AIP-SSM in which three ways? (Choose three.)

 

A.      It uses the ASA backplane as its monitoring interface.

B.      It does not support fail open operation.

C.      It does not support global correlation.

D.      It does not support custom signatures.

E.       It supports only one virtual sensor.

F.       It does not support inline operation.

 

Answer: C,D,E

 

 

QUESTION 83

Which ASA CLI command is used to configure the network parameters for downloading the AIP-SSM recovery image?

 

A.      hw-module 1 recover boot

B.      hw-module 1 recover configure

C.      sysopt ips recovery configure

D.      sysopt ips recover-location

E.       boot hw-module 1 tftp

F.       boot system tftp

 

Answer: B

 

 

QUESTION 84

Which global correlation data is sent to the Cisco SensorBase Network with full network participation that is not sent with partial network participation?

 

A.      attack type

B.      connecting IP address and port

C.      victim IP address and port

D.      protocol attributes

E.       IPS appliance CPU and memory usage information

 

Answer: C

 

 

QUESTION 85

Anomaly detection may send an alert under which two circumstances? (Choose two.)

 

A.      The attacker obfuscates a malicious HTTP request.

B.      Inbound traffic arrives from a source with a low reputation score.

C.      Outbound traffic is destined towards a known botnet system.

D.      A single worm-infected source enters the network and starts scanning for other vulnerable hosts.

E.       Benign traffic is misinterpreted as an attack.

F.       The network starts becoming congested by worm traffic.

 

Answer: D,F

 

 

QUESTION 86

Which Cisco IPS feature is most likely to respond to a zero-day attack?

 

A.      reputation filtering

B.      botnet filtering

C.      anomaly detection

D.      meta-engine

E.       de-obfuscation

F.       threat detection

 

Answer: C

 

 

QUESTION 87

Which two interface modes can be implemented with a single physical sensing interface on the Cisco IPS 4200 Series appliance? (Choose two.)

 

A.      inline interface pair

B.      inline VLAN groups

C.      inline VLAN pair

D.      promiscuous

E.       hardware bypass

 

Answer: C,D

 

 

QUESTION 88

Which Cisco IDM pane is used to add the public keys of all the SSH clients that are allowed to connect to the IPS appliance SSH server using RSA authentication?

 

A.      Configuration > Sensor Management > SSH > Authorized Keys

B.      Configuration > Sensor Management > SSH > Known Host Keys

C.      Configuration > Sensor Management > SSH > Sensor key

D.      Configuration > Sensor Management > Certificates > Trusted Hosts

E.       Configuration > Sensor Management > Certificates > Server Certificate

F.       Configuration > Sensor Management > Certificates > Known Host Keys

 

Answer: A

 

 

QUESTION 89

Refer to the exhibit of a Cisco IPS CLI configuration, which statement is true?

clip_image002

A.      The IPS administrator should be able to use Telnet to connect to the IP appliance 172.26.26.1 IP address.

B.      The IPS administrator should be able to use Telnet to connect to the IP appliance 172.26.26.2 IP address.

C.      The IP appliance default gateway IP address is 172.26.26.1.

D.      The IPS administrator will not be able to use Telnet to connect to the IP appliance.

E.       The IP appliance primary IP address is 172.26.26.1 with a secondary IP address of 172.26.26.2.

 

Answer: D

 

 

QUESTION 90

Which two statements are true with respect to IPS false negatives? (Choose two.)

 

A.      A false negative is the failure of the IPS to create an alert on malicious activity.

B.      Increasing event count thresholds can lead to false negatives.

C.      A false negative results in an IPS alert that is associated with an unsuccessful denial of service attack.

D.      Disabling anti-evasion features of the IPS can reduce false negatives.

E.       False negatives can only occur when an IPS sensor is in promiscuous mode.

 

Answer: A,B

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

 

 

Comments are closed.