Latest CCNP Security 642-627 Real Exam Download 141-150



What is the maximum number of virtual sensors that can be configured on a Cisco IPS 4260 Sensor appliance?


A.      2

B.      4

C.      6

D.      8

E.       16

F.       There is no fixed limit.


Answer: B




Which Cisco IPS appliance feature has the following three potential settings: off, partial, and full?


A.      anomaly detection

B.      POSFP

C.      reputation filtering

D.      global correlation network participation

E.       event action overrides


Answer: D




Defining the internal zone, external zone, and illegal zone is associated with which Cisco IPS appliance feature?


A.      reputation filtering

B.      threat detection

C.      event action overrides

D.      global correlation network participation

E.       threat rating adjustments

F.       anomaly detection


Answer: F




Which two are the functions of the learning feature of anomaly detection within a Cisco IPS appliance? (Choose two.)


A.      observes actual traffic patterns to the zones

B.      retrieves zero-day attack information from the Cisco SIO

C.      dynamically populates the host operating system database

D.      allows false-positive training by an IPS administrator

E.       builds the host reputation histogram

F.       learns which legitimate services have a scanning behavior


Answer: A,F




Regarding the Cisco IPS appliance anomaly detection feature, which two of these would be considered scan events? (Choose two.)


A.      an unacknowledged TCP SYN

B.      an online dictionary password attack

C.      exhaustive directory tree traversal on an FTP server

D.      a scan of all TCP ports on a single destination IP address

E.       a unidirectional UDP session


Answer: A,E




Which two are valid examples of String engines? (Choose two.)


A.      String HTTP

B.      String FTP

C.      String TCP

D.      String UDP

E.       String Trojan

F.       String IP


Answer: C,D




Which two operations would put an inline Cisco IPS sensor in detection mode? (Choose two.)


A.      subtract all aggressive actions using event action filters

B.      decrease the event count using event action filters

C.      increase the maximum inter-event interval using event action overrides

D.      remove the default event action override, which drops traffic with a risk rating of 90 to 100

E.       enable anomaly detection in detection mode only


Answer: A,D




What are the five possible values for the event count key parameter of an IPS signature? (Choose five.)


A.      attacker address

B.      victim address

C.      attacker and victim address

D.      victim address and port

E.       attacker and victim addresses and ports

F.       attacker address and victim port

G.      attacker and victim port


Answer: A,B,C,E,F




Which protocol or protocols does the Cisco Security Manager use to communicate with the Cisco IPS appliance?


A.      HTTPS only

B.      SSH only

C.      SNMPv3 only

D.      HTTPS and SNMPv3

E.       HTTPS and SSH

F.       HTTPS, SSH, and SNMPv3


Answer: A




The Cisco IPS appliance passive OS fingerprinting feature can use which three sources to determine the OS mappings information? (Choose three.)


A.      manually configured OS mappings

B.      OS mappings that are dynamically learned by the sensor through the fingerprinting of TCP packets with the SYN control bit set

C.      OS mappings information received from the Cisco Security Manager

D.      imported OS mappings from the Management Center for Cisco Security Agents

E.       OS mappings information learned by running Nessus scans


Answer: A,B,D


Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply