Ips V7 Test B

20 Questions | Total Attempts: 155

SettingsSettingsSettings
Multiple Choice Questions Quizzes & Trivia

Cisco IPS v7 (642-627) 20 questions These are ONLY multiple choice questions, no drag/drop, hotspot or sim.


Questions and Answers
  • 1. 
    A Cisco Catalyst switch is experiencing packet drops on a SPAN destination port that is connected to an Cisco IPS appliance. Which three configurations should be considered to resolve the packet drops issue? (Choose three.)
    • A. 

      Configure an additional SPAN session to a different Cisco IPS appliance interface connected to the same virtual sensor.

    • B. 

      Configure an EtherChannel bundle as the SPAN destination port.

    • C. 

      Configure RSPAN.

    • D. 

      Configure VACL capture.

    • E. 

      Configure the Cisco IPS appliance to inline mode.

  • 2. 
    Which signature action should be selected to cause the attacker's traffic flow to terminate when the Cisco IPS appliance is operating in promiscuous mode?
    • A. 

      Deny connection

    • B. 

      Deny attacker

    • C. 

      Reset TCP connection

    • D. 

      Deny packet, reset TCP connection

    • E. 

      Deny connection, reset TCP connection

  • 3. 
    During Cisco IPS appliance troubleshooting, you notice that all the signatures are set to Fire All. What can cause this situation to occur?
    • A. 

      A new signature engine update package has been loaded to the Cisco IPS appliance.

    • B. 

      A new signature/virus update package has been loaded to the Cisco IPS appliance.

    • C. 

      Summarizer has been disabled globally.

    • D. 

      All the signatures have been set to the default state.

    • E. 

      All the signatures have been retired, and then unretired.

  • 4. 
    From which three sources does the Cisco IPS appliance obtain OS mapping information? (Choose three.)
    • A. 

      From manually configured OS mappings

    • B. 

      Imported OS mappings from Management Center for Cisco Security Agent

    • C. 

      Imported OS mappings from Cisco Security Manager

    • D. 

      Learned OS mappings from passive OS fingerprinting

    • E. 

      Learned OS mappings from CiscoSensorBase input

    • F. 

      From Cisco IPS signature updates

  • 5. 
    Which IPS alert action is available only in inline mode?
    • A. 

      Produce verbose alert

    • B. 

      Request rate limit

    • C. 

      Reset TCP connection

    • D. 

      Log attacker/victim pair packets

    • E. 

      Deny-packet-inline

    • F. 

      Request block connection

  • 6. 
    Refer to the exhibit. What does the Risk Threshold setting of 95 specify?
    • A. 

      The low risk rating threshold

    • B. 

      The low threat rating threshold

    • C. 

      The low target value rating threshold

    • D. 

      The high risk rating threshold

    • E. 

      The high threat rating threshold

    • F. 

      The high target value rating threshold

  • 7. 
    From the Cisco IPS appliance CLI setup command, one of the options is "Modify default threat prevention settings? [no]". What is this option related to?
    • A. 

      Anomaly detection

    • B. 

      Threat rating adjustment

    • C. 

      Event action override that denies high-risk network traffic with a risk rating of 90 to 100

    • D. 

      Risk rating adjustment with global correlation

    • E. 

      Reputation filters

  • 8. 
    In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?
    • A. 

      To enable the Cisco IPS appliance as a master blocking sensor

    • B. 

      To enable management hosts to access the Cisco IPS appliance

    • C. 

      To regenerate the Cisco IPS appliance SSH host key

    • D. 

      To regenerate the Cisco IPS appliance SSL RSA key pair

    • E. 

      To enable communications with a blocking device

  • 9. 
    Which configuration is required when setting up the initial configuration on the Cisco ASA 5505 to support the Cisco ASA AIP-SSC?
    • A. 

      Configure a VLAN interface as a management interface to access the Cisco ASA AIP-SSC.

    • B. 

      Using MPF, configure which virtual sensor to use.

    • C. 

      Configure a management access rule to allow Cisco ASDM access from the Cisco ASA AIPSSC management interface IP address.

    • D. 

      Configure a management access rule to allow SSH access from the Cisco ASA AIP-SSC management interface IP address.

  • 10. 
    The Cisco IPS appliance risk category is used with which other feature?
    • A. 

      Anomaly detection

    • B. 

      Event action overrides

    • C. 

      Global correlation

    • D. 

      Reputation filter

  • 11. 
    Which two Cisco IPS modules support sensor virtualization? (Choose two.)
    • A. 

      AIP-SSM

    • B. 

      AIP-SSC

    • C. 

      IPS AIM

    • D. 

      IPS NME

    • E. 

      IDSM-2

  • 12. 
    You are working with Cisco TAC to troubleshoot a software problem on the Cisco IPS appliance. TAC suspects a fault with the ARC software module in the Cisco IPS appliance. In this case, which Cisco IPS appliance operations may be most affected by the ARC software module fault?
    • A. 

      SDEE

    • B. 

      Global correlation

    • C. 

      Anomaly detection

    • D. 

      Remote blocking

    • E. 

      Virtual sensor

    • F. 

      OS fingerprinting

  • 13. 
    Threat rating calculation is performed based on which factors?
    • A. 

      Risk rating and adjustment based on the prevention actions taken

    • B. 

      Threat rating and event action overrides

    • C. 

      Event action overrides and event action filters

    • D. 

      Risk rating and target value rating

    • E. 

      Alert severity and alert actions

  • 14. 
    Refer to the exhibit. The scanner threshold is set to 120. Which two statements about this histogram are true? (Choose two.)
    • A. 

      From a single source you do not expect to see non stablished connections to more than 120 different destination IP addresses.

    • B. 

      From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses.

    • C. 

      You do not expect to see more than 5 sources generate nonestablished connections to 10 or more different destinations.

    • D. 

      You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations.

    • E. 

      A scanner threshold of 120 is not a valid value for this histogram.

    • F. 

      Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of destination IP addresses in the histogram.

    • G. 

      Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of source IP addresses in the histogram.

  • 15. 
    On the Cisco IPS appliance, each virtual sensor can have its own instance of which three parameters? (Choose three.)
    • A. 

      Signature-definition

    • B. 

      Event-action-rules

    • C. 

      Global-correlation-rules

    • D. 

      Anomaly-detection

    • E. 

      Reputation-filters

    • F. 

      External-product-interfaces

  • 16. 
    Refer to the exhibit. What happens when you click the Cisco Security MARS icon on the Cisco Security MARS query result screen?
    • A. 

      Cross-launch Cisco Security Manager to link the Cisco Security MARS event back to the IPS signature and policy within the Cisco Security Manager that triggered it.

    • B. 

      Cross-launch Cisco IDM so the signature that triggered it can be examined.

    • C. 

      Cross-launch Cisco IDM to show the corresponding IPS alerts.

    • D. 

      Cross-launch Cisco Security Manager to show the corresponding IPS alerts.

    • E. 

      Cross-launch Cisco IME so the signature that triggered it can be examined.

  • 17. 
    Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.)
    • A. 

      Only operates in inline modes

    • B. 

      Ensures that Layer 4 to Layer 7 traffic conforms to the protocol specifications

    • C. 

      Tracks session states and stops packets that do not fully match session state

    • D. 

      Modifies ambiguously fragmented IP traffic

    • E. 

      Cannot analyze asymmetric traffic flows

  • 18. 
    Refer to the exhibit. What does the Deny Percentage setting affect?
    • A. 

      The percentage of the signatures to be tuned by the event action filter

    • B. 

      The percentage of the Risk Rating value to be tuned by the event action filter

    • C. 

      The percentage of packets to be denied for the deny attacker actions

    • D. 

      the percentage of the signatures to be tuned by the event action overrides

  • 19. 
    Which protocol is used by Encapsulated Remote SPAN?
    • A. 

      ESP

    • B. 

      GRE

    • C. 

      TLS

    • D. 

      STP

    • E. 

      VTI

    • F. 

      802.1Q

  • 20. 
    In which three ways can you achieve better Cisco IPS appliance performance? (Choose three.)
    • A. 

      Place the Cisco IPS appliance behind a firewall.

    • B. 

      Disable unneeded signatures.

    • C. 

      Enable unidirectional capture.

    • D. 

      Have multiple Cisco IPS appliances in the path and configure them to detect different types of events.

    • E. 

      Enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series appliance.

    • F. 

      Enable all anti-evasive measures to reduce noise.

Back to Top Back to top