Ips V7 Test B

  • CCNP
  • Cisco Certification
Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Keoka
K
Keoka
Community Contributor
Quizzes Created: 3 | Total Attempts: 560
| Attempts: 206 | Questions: 20
Please wait...
Question 1 / 20
0 %
0/100
Score 0/100
1. Refer to the exhibit. What happens when you click the Cisco Security MARS icon on the Cisco Security MARS query result screen?

Explanation

Clicking the Cisco Security MARS icon on the Cisco Security MARS query result screen allows the user to cross-launch Cisco Security Manager. This enables the user to link the Cisco Security MARS event back to the IPS signature and policy within the Cisco Security Manager that triggered it.

Submit
Please wait...
About This Quiz
Ips V7 Test B - Quiz

Cisco IPS v7 (642-627) 20 questions
These are ONLY multiple choice questions, no drag/drop, hotspot or sim.

Personalize your quiz and earn a certificate with your name on it!
2. Which signature action should be selected to cause the attacker's traffic flow to terminate when the Cisco IPS appliance is operating in promiscuous mode?

Explanation

The correct answer is "reset TCP connection". When the Cisco IPS appliance is operating in promiscuous mode, it is not able to block or deny traffic directly. However, it can send a TCP reset packet to both the attacker and the target, causing the connection to terminate. This action helps to disrupt the attacker's traffic flow and prevent further malicious activity.

Submit
3. Which protocol is used by Encapsulated Remote SPAN?

Explanation

Encapsulated Remote SPAN uses the GRE (Generic Routing Encapsulation) protocol. GRE is a tunneling protocol that encapsulates packets from one network protocol within packets of another network protocol, allowing the packets to be transmitted over a network that does not support the original protocol. In the case of Encapsulated Remote SPAN, GRE is used to encapsulate and transmit SPAN traffic over an IP network.

Submit
4. Which IPS alert action is available only in inline mode?

Explanation

The IPS alert action "deny-packet-inline" is available only in inline mode. This action allows the IPS to block and deny packets in real-time when they are detected as malicious or violating security policies. In inline mode, the IPS sits directly in the network traffic flow and can actively block and prevent malicious packets from reaching their destination. This action is not available in other modes such as promiscuous or monitor mode, where the IPS only monitors and logs the traffic without actively blocking it.

Submit
5. Refer to the exhibit. What does the Deny Percentage setting affect?

Explanation

The Deny Percentage setting affects the percentage of packets that will be denied for the deny attacker actions. This means that if the Deny Percentage is set to 50%, then only 50% of the packets that trigger the deny attacker action will actually be denied, while the other 50% will be allowed. This setting allows for more granular control over the denial of packets and can be used to balance security measures with potential impact on network performance.

Submit
6. During Cisco IPS appliance troubleshooting, you notice that all the signatures are set to Fire All. What can cause this situation to occur?

Explanation

When the summarizer is disabled globally on a Cisco IPS appliance, all the signatures are set to "Fire All." This means that the appliance will generate an alert for every event that matches any signature, regardless of severity or priority. Disabling the summarizer removes the ability to group similar events together and reduces the efficiency of the IPS appliance.

Submit
7. From the Cisco IPS appliance CLI setup command, one of the options is "Modify default threat prevention settings? [no]". What is this option related to?

Explanation

This option is related to event action override that denies high-risk network traffic with a risk rating of 90 to 100. It allows the user to modify the default settings for how the IPS appliance handles high-risk network traffic with a risk rating within the specified range. By enabling this option, the appliance will automatically deny any network traffic that is deemed to be high-risk based on its risk rating.

Submit
8. In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?

Explanation

The Configuration > Sensor Setup > SSH > Known Host Keys screen in Cisco IDM is used to enable communications with a blocking device. This suggests that the Cisco IPS appliance can establish a connection and communicate with a blocking device, possibly for the purpose of preventing or mitigating network threats.

Submit
9. Which configuration is required when setting up the initial configuration on the Cisco ASA 5505 to support the Cisco ASA AIP-SSC?

Explanation

To set up the initial configuration on the Cisco ASA 5505 to support the Cisco ASA AIP-SSC, it is necessary to configure a VLAN interface as a management interface. This will allow access to the Cisco ASA AIP-SSC for management purposes. By configuring a VLAN interface as a management interface, the Cisco ASA AIP-SSC can be accessed and managed effectively.

Submit
10. The Cisco IPS appliance risk category is used with which other feature?

Explanation

The Cisco IPS appliance risk category is used in conjunction with event action overrides. Event action overrides allow administrators to customize the response to specific events based on their risk category. By assigning a risk category to an event, administrators can define specific actions to be taken, such as blocking or allowing traffic, based on the severity of the event. This helps to ensure that appropriate actions are taken to mitigate potential threats based on their level of risk.

Submit
11. You are working with Cisco TAC to troubleshoot a software problem on the Cisco IPS appliance. TAC suspects a fault with the ARC software module in the Cisco IPS appliance. In this case, which Cisco IPS appliance operations may be most affected by the ARC software module fault?

Explanation

If there is a fault with the ARC software module in the Cisco IPS appliance, the operation that may be most affected is remote blocking. The ARC (Application Response Control) software module is responsible for analyzing network traffic and blocking any malicious or unauthorized connections. If there is a fault with the ARC module, it may not be able to accurately detect and block remote connections, potentially leaving the network vulnerable to attacks.

Submit
12. Threat rating calculation is performed based on which factors?

Explanation

The threat rating calculation is performed based on the risk rating, which assesses the potential impact and likelihood of a threat event occurring. Additionally, the calculation takes into account the adjustment based on the prevention actions taken. This means that if effective preventive measures have been implemented, the threat rating may be adjusted accordingly to reflect the reduced risk.

Submit
13. Which two Cisco IPS modules support sensor virtualization? (Choose two.)

Explanation

The AIP-SSM and IDSM-2 are the two Cisco IPS modules that support sensor virtualization. The AIP-SSM module is a security services module for the Cisco ASA firewall, which provides intrusion prevention system (IPS) capabilities. The IDSM-2 module is an intrusion detection and prevention system (IDPS) module for the Cisco Catalyst 6500 Series switches, which also supports sensor virtualization. Both modules allow for the creation of multiple virtual sensors within a single physical device, enabling the monitoring and protection of multiple network segments or virtual LANs (VLANs) simultaneously.

Submit
14. Refer to the exhibit. What does the Risk Threshold setting of 95 specify?

Explanation

The Risk Threshold setting of 95 specifies the threshold at which a risk is considered high. A risk rating below 95 would be considered low, while a risk rating above 95 would be considered high.

Submit
15. From which three sources does the Cisco IPS appliance obtain OS mapping information? (Choose three.)

Explanation

The Cisco IPS appliance obtains OS mapping information from three sources: manually configured OS mappings, imported OS mappings from Management Center for Cisco Security Agent, and learned OS mappings from passive OS fingerprinting. This means that the appliance can gather information about operating systems from configurations made by the user, import mappings from the Management Center for Cisco Security Agent, and learn mappings through passive OS fingerprinting techniques.

Submit
16. On the Cisco IPS appliance, each virtual sensor can have its own instance of which three parameters? (Choose three.)

Explanation

Each virtual sensor on the Cisco IPS appliance can have its own instance of signature-definition, event-action-rules, and anomaly-detection parameters. This means that each virtual sensor can have its own set of signatures, rules for event actions, and anomaly detection settings, allowing for customization and flexibility in monitoring and protecting the network.

Submit
17. Refer to the exhibit. The scanner threshold is set to 120. Which two statements about this histogram are true? (Choose two.)

Explanation

The given histogram shows the number of nonestablished connections from different sources to different destinations. The scanner threshold is set to 120. The statement "From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses" is true because the histogram does not have any bar that exceeds the value of 100. The statement "You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations" is also true because there are only a few bars that exceed the value of 5 on the x-axis.

Submit
18. In which three ways can you achieve better Cisco IPS appliance performance? (Choose three.)

Explanation

To achieve better Cisco IPS appliance performance, three strategies can be implemented. Firstly, placing the Cisco IPS appliance behind a firewall can enhance performance by reducing the amount of traffic that the appliance needs to inspect. Secondly, disabling unneeded signatures can improve performance by reducing the processing load on the appliance. Lastly, having multiple Cisco IPS appliances in the path and configuring them to detect different types of events can distribute the workload and enhance overall performance.

Submit
19. Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.)

Explanation

The Cisco IPS appliance normalizer feature has the following characteristics: it only operates in inline modes, it tracks session states and stops packets that do not fully match session state, and it modifies ambiguously fragmented IP traffic.

Submit
20. A Cisco Catalyst switch is experiencing packet drops on a SPAN destination port that is connected to an Cisco IPS appliance. Which three configurations should be considered to resolve the packet drops issue? (Choose three.)

Explanation

To resolve the packet drops issue on the SPAN destination port connected to a Cisco IPS appliance, three configurations should be considered. Firstly, configuring an additional SPAN session to a different Cisco IPS appliance interface connected to the same virtual sensor can distribute the load and prevent packet drops. Secondly, configuring VACL capture can help in capturing the packets without causing drops. Lastly, configuring the Cisco IPS appliance to inline mode allows it to inspect and drop packets directly, reducing the chances of drops.

Submit
View My Results

Quiz Review Timeline (Updated): Mar 18, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 18, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Apr 04, 2012
    Quiz Created by
    Keoka
Cancel
  • All
    All (20)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Refer to the exhibit. What happens when you click the Cisco Security...
Which signature action should be selected to cause the attacker's...
Which protocol is used by Encapsulated Remote SPAN?
Which IPS alert action is available only in inline mode?
Refer to the exhibit. What does the Deny Percentage setting affect?
During Cisco IPS appliance troubleshooting, you notice that all the...
From the Cisco IPS appliance CLI setup command, one of the options is...
In Cisco IDM, the Configuration > Sensor Setup > SSH > Known...
Which configuration is required when setting up the initial...
The Cisco IPS appliance risk category is used with which other...
You are working with Cisco TAC to troubleshoot a software problem on...
Threat rating calculation is performed based on which factors?
Which two Cisco IPS modules support sensor virtualization? (Choose...
Refer to the exhibit. What does the Risk Threshold setting of 95...
From which three sources does the Cisco IPS appliance obtain OS...
On the Cisco IPS appliance, each virtual sensor can have its own...
Refer to the exhibit. The scanner threshold is set to 120. Which two...
In which three ways can you achieve better Cisco IPS appliance...
Which three statements about the Cisco IPS appliance normalizer...
A Cisco Catalyst switch is experiencing packet drops on a SPAN...
Alert!

Advertisement