Latest CCNP Security 642-627 Real Exam Download 51-60

Ensurepass

QUESTION 51

Which three statements about the Cisco IntelliShield Alert Manager are true? (Choose three.)

 

A.      Alert information is analyzed and validated by Cisco security analysts.

B.      Alert analysis is vendor-neutral.

C.      The built-in workflow system provides a mechanism for tracking vulnerability remediation and integration with Cisco Security Manager and Cisco Security MARS.

D.      Users can customize the notification to deliver tailored information relevant to the needs of the organization

E.       Customers are automatically subscribed to use Cisco Security IntelliShield Alert Manager Service with the Cisco IPS license.

F.       More than 10 report types are available within the Cisco Security IntelliShield Alert Manager Service.

 

Answer: A,B,D

 

 

QUESTION 52

Which two configurations are required on the Cisco IPS appliance to allow Cisco Security Manager to log into the Cisco IPS appliance? (Choose two.)

 

A.      Enable SNMPv2.

B.      Enable SSH access.

C.      Enable TLS/SSL to allow HTTPS access.

D.      Enable NTP.

E.       Enable Telnet access.

F.       Enable the IP address of the Cisco Security Manager server as an allowed host.

 

Answer: C,F

 

 

QUESTION 53

What is the status of OS Identification?

clip_image002

clip_image004

clip_image006

clip_image008

clip_image010

clip_image012

clip_image014

clip_image016

A.      It is only enabled to identify Cisco IOS” OS using statically mapped OS fingerprinting

B.      OS mapping information will not be used for Risk Rating calculations.

C.      It is configured to enable OS mapping and ARR only for the 10.0.0.0/24 network.

D.      It is enabled for passive OS fingerprinting for all networks.

 

Answer: C

 

 

QUESTION 54

Which signature definition is virtual sensor 0 assigned to use?

clip_image018

clip_image020

clip_image022

clip_image024

clip_image026

clip_image028

clip_image030

clip_image032

A.      rules0

B.      vs0

C.      sig0

D.      ad0

E.       ad1

F.       sigl

 

Answer: B

 

 

QUESTION 55

What action will the sensortake regarding IP addresses listed as known bad hosts in the Cisco SensorBase network?

clip_image034

clip_image036

clip_image038

clip_image040

clip_image042

clip_image044

clip_image046

clip_image048

A.      Global correlation is configured in Audit mode for testing the feature without actually denying any hosts.

B.      Global correlation is configured in Aggressive mode, which has a very aggressive effect on deny actions.

C.      It will not adjust risk rating values based on the known bad hosts list.

D.      Reputation filtering is disabled.

 

Answer: D

 

 

QUESTION 56

To what extent will the Cisco IPS sensor contribute data to the Cisco SensorBase network?

clip_image050

clip_image052

clip_image054

clip_image056

clip_image058

clip_image060

clip_image062

clip_image064

A.      It will not contribute to the SensorBase network.

B.      It will contribute to the SensorBase network, but will withhold some sensitive information

C.      It will contribute the victim IP address and port to the SensorBase network.

D.      It will not contribute to Risk Rating adjustments that use information from the SensorBase network.

 

Answer: B

 

 

QUESTION 57

Which two statements about Signature 1104 are true? (Choose two.)

clip_image066

clip_image068

clip_image070

clip_image072

clip_image074

clip_image076

clip_image078

A.      This is a custom signature.

B.      The severity level is High.

C.      This signature has triggered as indicated by the red severity icon.

D.      Produce Alert is the only action defined.

E.       This signature is enabled, but inactive, as indicated by the/0 to that follows the signature number.

 

Answer: B,D

 

 

QUESTION 58

Which three statements about the Cisco IPS appliance configurations are true? (Choose three.)

clip_image080

clip_image082

clip_image084

clip_image086

clip_image088

clip_image090

clip_image092

A.      The maximum number of denied attackers is set to 10000.

B.      The block action duraton is set to 3600 seconds.

C.      The Meta Event Generator is globally enabled.

D.      Events Summarization is globally disabled.

E.       Threat Rating Adjustment is globally disabled.

 

Answer: A,B,C

 

 

QUESTION 59

Which four statements about the blocking capabilities of the Cisco IPS appliance are true? (Choose four.)

 

A.      The three types of blocks are: host, connection, and network.

B.      Host and connection blocks can be initiated manually or automatically when a signature is triggered.

C.      Network blocks can only be initiated manually.

D.      The Device Login Profiles pane is used to configure the profiles that the network devices use when logging into the Cisco IPS appliance

E.       Multiple Cisco IPS appliances can forward their blocking requests to the master blocking sensor.

F.       Pre-Block and Post-Block ACLs are applicable for blocking or rate limiting.

 

Answer: A,B,C,E

 

 

QUESTION 60

OS mappings associate IP addresses with an OS type, which in turn helps the Cisco IPS appliance to calculate what other value?

 

A.      TVR

B.      SFR

C.      ARR

D.      PD

E.       ASR

 

Answer: C

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply