Latest CCNP Security 642-627 Real Exam Download 31-40

Ensurepass

QUESTION 31

Refer to the exhibit. What does the Risk Threshold setting of 95 specify?

clip_image002

A.      the low risk rating threshold

B.      the low threat rating threshold

C.      the low target value rating threshold

D.      the high risk rating threshold

E.       the high threat rating threshold

F.       the high target value rating threshold

 

Answer: D

HIGHRISK = 90 – 100 – = Red Threat

 

 

QUESTION 32

From the Cisco IPS appliance CLI setup command, one of the options is “Modify default threat prevention settings? [no]”. What is this option related to?

 

A. anomaly detection

B. threat rating adjustment

C. event action override that denies high-risk network traffic with a risk rating of 90 to 100

D. risk rating adjustment with global correlation

E. reputation filters

 

Answer: C

 

 

QUESTION 33

In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?

 

A.      to enable the Cisco IPS appliance as a master blocking sensor

B.      to enable management hosts to access the Cisco IPS appliance

C.      to regenerate the Cisco IPS appliance SSH host key

D.      to regenerate the Cisco IPS appliance SSL RSA key pair

E.       to enable communications with a blocking device

 

Answer: E

 

 

QUESTION 34 DRAG DROP

clip_image004Answer:

clip_image006

 

 

QUESTION 35

Which configuration is required when setting up the initial configuration on the Cisco ASA 5505 to support the Cisco ASA AIP-SSC?

 

A.      Configure a VLAN interface as a management interface to access the Cisco ASA AIP-SSC.

B.      Using MPF, configure which virtual sensor to use.

C.      Configure a management access rule to allow Cisco ASDM access from the Cisco ASA AIP-SSC management interface IP address.

D.      Configure a management access rule to allow SSH access from the Cisco ASA AIP-SSC management interface IP address.

 

Answer: A

 

 

QUESTION 36

The Cisco IPS appliance risk category is used with which other feature?

 

A.      anomaly detection

B.      event action overrides

C.      global correlation

D.      reputation filter

 

Answer: B

 

 

QUESTION 37

Which two Cisco IPS modules support sensor virtualization? (Choose two.)

 

A.      AIP-SSM

B.      AIP-SSC

C.      IPS AIM

D.      IPS NME

E.       IDSM-2

 

Answer: A,E

 

 

QUESTION 38

You are working with Cisco TAC to troubleshoot a software problem on the Cisco IPS appliance. TAC suspects a fault with the ARC software module in the Cisco IPS appliance. In this case, which Cisco IPS appliance operations may be most affected by the ARC software module fault?

 

A.      SDEE

B.      global correlation

C.      anomaly detection

D.      remote blocking

E.       virtual sensor

F.       OS fingerprinting

 

Answer: D

 

 

QUESTION 39

Threat rating calculation is performed based on which factors?

 

A.      risk rating and adjustment based on the prevention actions taken

B.      threat rating and event action overrides

C.      event action overrides and event action filters

D.      risk rating and target value rating

E.       alert severity and alert actions

 

Answer: A

 

 

QUESTION 40

Refer to the exhibit.

clip_image008

The scanner threshold is set to 120. Which two statements about this histogram are true? (Choose two.)

 

A.      From a single source you do not expect to see nonestablished connections to more than 120 different destination IP addresses.

B.      From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses.

C.      You do not expect to see more than 5 sources generate nonestablished connections to 10 or more different destinations.

D.      You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations.

E.       A scanner threshold of 120 is not a valid value for this histogram.

F.       Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of destination IP addresses in the histogram.

G.      Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of source IP addresses in the histogram.

 

Answer: B,D

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply