Latest CCNP Security 642-627 Real Exam Download 61-70

Ensurepass

QUESTION 61

Which signature engine is recommended for creating a custom signature for packet header matching?

 

A.      MULTI-STRING

B.      FLOOD.HOST

C.      ATOMIC.IP

D.      SERVICE

E.       SWEEP

F.       META

 

Answer: C

 

 

QUESTION 62

On the Cisco IPS appliance, the anomaly detection knowledge base is used to store which two types of information for each service? (Choose two.)

 

A.      scanner threshold

B.      packet per second rate limit

C.      anomaly detection mode

D.      histogram

E.       total bytes transferred

 

Answer: A,D

 

 

QUESTION 63

Which four features are supported on the Cisco ASA AIP-SSM but are not supported on the Cisco ASA AIP-SSC? (Choose four.)

 

A.      multiple virtual sensors

B.      anomaly detection

C.      promiscuous mode

D.      custom signatures

E.       fail open

F.       global correlation

 

Answer: A,B,D,F

 

 

QUESTION 64

Which Cisco IPS appliance TCP session tracking mode should be used if packets of the same session are coming to the sensor over different interfaces, but should be treated as a single session?

 

A.      interface and VLAN

B.      virtual sensor

C.      VLAN only

D.      promiscuous

E.       normalizer

 

Answer: B

 

 

QUESTION 65

Which two Cisco IPS appliance features are implemented using input data from the Cisco SensorBase? (Choose two.)

 

A.      global correlation

B.      anomaly detection

C.      reputation filters

D.      botnet traffic filters

E.       OS fingerprinting

F.       threat detection

 

Answer: A,C

 

 

QUESTION 66

Which four configuration elements can the virtual sensor of an Cisco IPS appliance have? (Choose four.)

 

A.      interfaces or VLAN pairs

B.      IPS reputation filters

C.      signature set definition

D.      global correlation rules

E.       event action rules (filters and overrides)

F.       anomaly detection policy

 

Answer: A,C,E,F

 

 

QUESTION 67

Which value is not used by the Cisco IPS appliance in the risk rating calculation?

 

A.      attack severity rating

B.      target value rating

C.      signature fidelity rating

D.      promiscuous delta

E.       threat rating adjustment

F.       watch list rating

 

Answer: E

 

 

QUESTION 68

Refer to the exhibit. Which General settings under the Event Action Rule affect the risk rating calculations?

clip_image002

A.      Use Summarizer

B.      Use Meta Event Generator

C.      Use Threat Rating Adjustment

D.      Use Event Action Filters

E.       Enable One Way TCP Reset

 

Answer: C

 

 

QUESTION 69

In a centralized Cisco IPS appliance deployment, it may not be possible to connect an IPS appliance to every switch or segment in the network. So, an IPS appliance can be deployed to inspect traffic on ports that are located on multiple remote network switches. In this case, which two configurations required? (Choose two.)

 

A.      IPS promiscuous mode operations

B.      in-line IPS operations

C.      RSPAN

D.      SPAN

E.       HSRP

F.       SLB

 

Answer: A,C

 

 

QUESTION 70

Which three actions does the Cisco IDM custom signature wizard provide? (Choose three.)

 

A.      selecting the signature engine to use or not to use any signature engine

B.      selecting the Layer 3 or Layer 4 protocol that the sensor will use to match malicious traffic

C.      selecting the attack relevancy rating

D.      selecting the signature threat rating

E.       selecting the scope of matching (for example, single packet)

 

Answer: A,B,E

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply