Latest CCNP Security 642-627 Real Exam Download 111-120

Ensurepass

QUESTION 111

Refer to the exhibit.

clip_image002When viewing the All Signatures pane, clicking on the Advanced option can be used to enable which two IPS configurations? (Choose two.)

 

A.      normalizer mode

B.      signature variables

C.      HTTP and FTP AIC

D.      network participation mode

E.       event action overrides

F.       event action filters

 

Answer: B,C

 

 

QUESTION 112

The Cisco IPS appliance anomaly detection signatures cover which three protocols? (Choose three.)

 

A.      TCP

B.      ICMP

C.      UDP

D.      NETBIOS

E.       IP

F.       other

 

Answer: A,C,F

 

 

QUESTION 113

When the Cisco IPS appliance is operating in inline mode, what is the default event actions rule?

 

A.      All alert events with a risk rating of 75 or higher will have a default action of deny packet inline.

B.      All alert events with a risk rating of 75 or higher will have a default action of deny attacker inline.

C.      High risk category attacks will have a default action of deny packet inline.

D.      High risk category attacks will have a default action of deny attacker inline.

E.       Attacks to any of the mission critical resources will have a default action of deny packet inline.

F.       Attacks to any of the mission critical resources will have a default action of deny attacker inline.

 

Answer: C

 

 

QUESTION 114

In tuning a Cisco IPS signature, you need to edit the regexp string of the Cisco IPS signature, but when editing the signature, the regexp string of the signature cannot be edited. What should you do?

 

A.      Create a new custom signature, then disable the original signature.

B.      Log in to the IPS appliance using a service account, which allows you to edit the regexp string of the signature.

C.      Clone the signature, then edit the cloned signature, then disable the original signature.

D.      Disable the signature first; then you can edit the regexp string of the signature and then re-enable the signature.

 

Answer: C

 

 

QUESTION 115

Which three Cisco IPS sensor features are configured within an event action rule? (Choose three.)

 

A.      event action overrides

B.      target value rating

C.      use global correlation

D.      use reputation filter

E.       event action filters

F.       enable TCP state bypass

G.      blocking properties

 

Answer: A,B,E

 

 

QUESTION 116

Which three statements about the Cisco IPS appliance Event Store are true? (Choose three.)

 

A.      The Event Store is accessible through the CLI, Cisco IDM, Cisco ASDM, or SDEE.

B.      The Event Store is a circular, first-in first-out buffer.

C.      The Event Store can be configured to be located on a remote server.

D.      The size of the Event Store depends on the Cisco IPS appliance platform.

E.       Each virtual sensor has its own Event Store.

F.       If the Event Store is full, the Cisco IPS appliance performs an automatic graceful shutdown.

 

Answer: A,B,D

 

 

QUESTION 117

Which application within the Cisco IPS appliance can modify the configurations of other devices on the network?

 

A.      SDEE

B.      POSFP

C.      ARC

D.      global correlation

E.       reputation filter

F.       anomaly detection

 

Answer: C

 

 

QUESTION 118

Refer to the exhibit.

clip_image004

A Cisco IPS appliance is connected to the FastEthernet 1/0/1 switch port. Referring to the switch show outputs shown below, what can be determined about the Cisco IPS appliance operations?

 

A.      The Cisco IPS appliance is operating in inline interface mode.

B.      A lot of traffic is bypassing the IPS appliance.

C.      The IPS appliance is dropping a lot of traffic inline.

D.      The IPS appliance is experiencing many false positive alerts.

E.       The IPS appliance sensing interface that is connected to the FastEthernet 1/0/1 switch port is shut down.

 

Answer: B

 

 

QUESTION 119

A Cisco IPS appliance running in a network environment with asymmetrical traffic flow is experiencing many false positive alerts that are triggered by the 13000 signature ID. What can the IPS administrator tune on the IPS to reduce the false positives?

 

A.      set the normalizer mode to strict mode

B.      set the AD operational mode to inactive

C.      enable TCP state bypass

D.      increase the default scanner threshold

E.       disable the uRPF check

 

Answer: B 

 

 

QUESTION 120

Which Cisco IPS appliance signature engine uses signature events as input to correlate different signatures into a higher level event?

 

A.      Atomic signature engine

B.      Service signature engine

C.      Meta signature engine

D.      Sweep signature engine

E.       Multistring signature engine

F.       Normalizer signature engine

 

Answer: C

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply