Latest CCNP Security 642-627 Real Exam Download 121-130



Referring to the monitor session 1 destination GigabitEthernet0/47 ingress Cisco Catalyst switch command, what does the “ingress” command option enable?


A.      Allow the capture of bidirectional traffic on the GigabitEthernet0/47 switch port.

B.      Add .1Q headers on the SPAN port (GigabitEthernet0/47) to indicate the source VLAN to the Cisco IPS appliance in promiscuous mode.

C.      Allow the SPAN port (GigabitEthernet0/47) to be a source of traffic (for TCP resets).

D.      Enable flow-based SPAN session.

E.       Limit (filter) SPAN source traffic.


Answer: C




The Cisco IPS sensor can obtain operating system identification data from which two sources? (Choose two.)


A.      passive operating system fingerprinting

B.      imported from Cisco SensorBase

C.      imported from Cisco Security MARS

D.      manual operating system mappings configured on the Cisco IPS appliance

E.       imported from Cisco Secure Desktop OS scan


Answer: A,D




From Cisco Security Manager, which external component or service is used to access in-depth signature information?


A.      Cisco SensorBase

B.      Cisco Security MARS

C.      Cisco IntelliShield Service

D.      ScanSafe Service


Answer: C




Which mode consolidates alarms where the Cisco IPS appliance will generate an alert the first time that a signature fires on an address set and then only send a summary alert for all address sets over a given time interval?


A.      Fire Once

B.      Fire All

C.      Fire Summarize

D.      Summarize

E.       Global Summarize


Answer: E




Refer to the exhibit.

clip_image002Which option is affected by the IP Log parameters?


A.      the syslog operations of the Cisco IPS appliance

B.      the signature logging action

C.      SNMP trap operations

D.      the signature produce verbose alert action

E.       the SDEE operations of the Cisco IPS appliance


Answer: B




Refer to the exhibit.

clip_image004Configuring traffic flow notifications on the Cisco IPS appliance is most useful in what situation?


A.      to determine the IPS throughput rate when using inline mode

B.      to detect IPS performance issues

C.      to enable bypass mode when the Cisco IPS appliance fails

D.      to prevent DoS attacks


Answer: B




When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch command is used to display information about all SPAN and remote SPAN sessions on the switch?


A.      show span

B.      show sessions

C.      show interface

D.      show monitor


Answer: D




What about this configuration command is true: ips inline fail-open sensor sensor_name?


A.      will enable fail-open hardware bypass on the Cisco IPS 4200 Series appliance

B.      will enable inline operation on the Cisco IPS 4200 Series appliance

C.      will enable inline operation on the Cisco IDSM-2, IPS AIM, or IPS NME

D.      will enable the desired traffic to be diverted from the Cisco ASA to one of the Cisco ASA AIP-SSM virtual sensors


Answer: D




Which parameter is used to configure a signature to fire if the activity it detects happens a certain number of times for the same address set within a specified period of time?


A.      event action

B.      event counter

C.      summary count

D.      summary key


Answer: B




What is the maximum number of virtual sensors that a Cisco IPS 4200 Series appliance can support?


A.      depends on the Cisco IPS 4200 Series appliance model

B.      2

C.      3

D.      4

E.       5

F.       6


Answer: D



Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply