Refer to the exhibit.
What does an action of Rotate indicate?
A. A new knowledge base is created, but is not loaded. You can view it to decide if you want to load it.
B. A new knowledge base is created and loaded.
C. The knowledge base is rolled back to the previous version.
D. The knowledge base is rotated on a periodic schedule using the different existing knowledge bases.
Reports generated by Cisco IME can be saved in which two formats? (Choose two.)
D. PDF E. XLS
Which three configurations are the defaults on the Cisco IPS 4200 Series appliance? (Choose three.)
A. IPS appliance default IP address = 192.168.1.2 and default gateway = 192.168.1.1
B. password recovery enabled
C. TLS and SSL access disabled
D. Telnet access disabled
E. Web Server Port = 80
Which Cisco IPS appliance CLI command is used to display information in the IPS Event Store?
A. show config
B. show events
C. show database
D. show sdee
E. show log
F. show event-store
G. show alerts
With a Cisco IPS appliance running v7.0, which three event actions support IPv4 and IPv6? (Choose three.)
A. log attacker/victim pair packets
B. request block connection
C. request rate limit
D. reset TCP connection
E. modify packet inline
F. request block host
Which two statements accurately describe virtual sensor operations on the Cisco IPS appliance? (Choose two.)
A. You must create a new instance of a signature set for each new virtual sensor.
B. The packet processing policy is virtualized.
C. Creating a new virtual sensor creates a “virtual” machine on the Cisco IPS appliance.
D. vs0 can be cloned then deleted.
E. Each virtual sensor can have its own unique event action rules.
When using the Cisco IPS signature and engine auto updates feature from Cisco.com, which password must be configured on the IDM Auto/Cisco.com Update pane?
A. the IPS appliance “cisco” user account password
B. the IPS appliance “service” user account password
C. the IPS appliance “support” user account password
D. the IPS appliance enable password
E. the CCO user account password
Which three statements are true with respect to IPS false positives? (Choose three.)
A. An example of a false positive is when the IPS appliance produces an alert in response to the normal activities of the company’s network management system.
B. Increasing the set of TCP ports that a signature matches on may reduce false positives.
C. False positives may be reduced by disabling certain signatures.
D. Event action filters can be implemented to reduce false positives.
E. An example of a false positive is the IPS not reacting to a successful denial of service attack.
Which rating is determined by adjusting the risk rating with respect to preventative actions taken by the sensor?
A. attack severity rating
B. attack relevancy rating
C. damage assessment rating
D. hazard rating
E. threat rating
F. event action delta
Passive operating system fingerprinting can be used to determine which aspect of the event risk rating?
A. target value rating
B. watch list rating
C. signature fidelity rating
D. attack severity rating
E. promiscuous delta
F. attack relevancy rating
Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.