Latest CCNP Security 642-627 Real Exam Download 81-90



When setting up a Cisco IPS appliance in promiscuous mode, which Cisco Catalyst switch CLI command is used to configure SPAN on the switch?


A.      span source in interface configuration mode

B.      span session in global configuration mode

C.      monitor destination in interface configuration mode

D.      monitor session in global configuration mode

E.       mirror session in global configuration mode


Answer: D




The AIP-SSC differs from the AIP-SSM in which three ways? (Choose three.)


A.      It uses the ASA backplane as its monitoring interface.

B.      It does not support fail open operation.

C.      It does not support global correlation.

D.      It does not support custom signatures.

E.       It supports only one virtual sensor.

F.       It does not support inline operation.


Answer: C,D,E




Which ASA CLI command is used to configure the network parameters for downloading the AIP-SSM recovery image?


A.      hw-module 1 recover boot

B.      hw-module 1 recover configure

C.      sysopt ips recovery configure

D.      sysopt ips recover-location

E.       boot hw-module 1 tftp

F.       boot system tftp


Answer: B




Which global correlation data is sent to the Cisco SensorBase Network with full network participation that is not sent with partial network participation?


A.      attack type

B.      connecting IP address and port

C.      victim IP address and port

D.      protocol attributes

E.       IPS appliance CPU and memory usage information


Answer: C




Anomaly detection may send an alert under which two circumstances? (Choose two.)


A.      The attacker obfuscates a malicious HTTP request.

B.      Inbound traffic arrives from a source with a low reputation score.

C.      Outbound traffic is destined towards a known botnet system.

D.      A single worm-infected source enters the network and starts scanning for other vulnerable hosts.

E.       Benign traffic is misinterpreted as an attack.

F.       The network starts becoming congested by worm traffic.


Answer: D,F




Which Cisco IPS feature is most likely to respond to a zero-day attack?


A.      reputation filtering

B.      botnet filtering

C.      anomaly detection

D.      meta-engine

E.       de-obfuscation

F.       threat detection


Answer: C




Which two interface modes can be implemented with a single physical sensing interface on the Cisco IPS 4200 Series appliance? (Choose two.)


A.      inline interface pair

B.      inline VLAN groups

C.      inline VLAN pair

D.      promiscuous

E.       hardware bypass


Answer: C,D




Which Cisco IDM pane is used to add the public keys of all the SSH clients that are allowed to connect to the IPS appliance SSH server using RSA authentication?


A.      Configuration > Sensor Management > SSH > Authorized Keys

B.      Configuration > Sensor Management > SSH > Known Host Keys

C.      Configuration > Sensor Management > SSH > Sensor key

D.      Configuration > Sensor Management > Certificates > Trusted Hosts

E.       Configuration > Sensor Management > Certificates > Server Certificate

F.       Configuration > Sensor Management > Certificates > Known Host Keys


Answer: A




Refer to the exhibit of a Cisco IPS CLI configuration, which statement is true?


A.      The IPS administrator should be able to use Telnet to connect to the IP appliance IP address.

B.      The IPS administrator should be able to use Telnet to connect to the IP appliance IP address.

C.      The IP appliance default gateway IP address is

D.      The IPS administrator will not be able to use Telnet to connect to the IP appliance.

E.       The IP appliance primary IP address is with a secondary IP address of


Answer: D




Which two statements are true with respect to IPS false negatives? (Choose two.)


A.      A false negative is the failure of the IPS to create an alert on malicious activity.

B.      Increasing event count thresholds can lead to false negatives.

C.      A false negative results in an IPS alert that is associated with an unsuccessful denial of service attack.

D.      Disabling anti-evasion features of the IPS can reduce false negatives.

E.       False negatives can only occur when an IPS sensor is in promiscuous mode.


Answer: A,B


Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.



Leave a Reply