PrepKing. PrepKing
|
|
- Wesley Rolf Allen
- 5 years ago
- Views:
Transcription
1 PrepKing Number: Passing Score: 800 Time Limit: 120 min File Version: PrepKing
2 Exam A QUESTION 1 DRAG DROP Drop A. B. C. D. Correct Answer: /Reference:
3 : "Pass Any Exam. Any Time." QUESTION 2 What is the best way to mitigate the risk that executable-code exploits will perform malicious acts such as erasing your hard drive? A. assign blocking actions to signatures that are controlled by the State engine B. assign deny actions to signatures that are controlled by the Trojan engines
4 C. assign the TCP reset action to signatures that are controlled by the Normalizer engine D. enable blocking E. enable application policy enforcement Correct Answer: B /Reference: QUESTION 3 Which type of signature engine is best suited for creating custom signatures that inspect data at Layer 5 and above? A. Service B. AIC C. String D. Sweep E. Flood F. ATOMIC Correct Answer: A /Reference: QUESTION 4 Refer to the exhibit. As an administrator, you need to change the Event Action and Event Count settings for signature 1108 in the sig1 instance. Which of the following should you select to view and change the required parameters? "Pass Any Exam. Any Time." - 3
5 A. Miscellaneous tab B. Signature Variables tab C. Actions button D. Edit button Correct Answer: D /Reference: QUESTION 5 You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next?
6 A. Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents. B. Use Cisco IDM to download the IP log to a management station then use a packet analyzer like Ethereal to decode the IP log. C. Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation. D. Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager to decode the IP log. E. Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content. Correct Answer: B /Reference: "Pass Any Exam. Any Time." QUESTION 6 Which signature action or actions should be selected to cause the attacker's traffic flow to terminate when the Cisco IPS Sensor is operating in promiscuous mode? A. deny attacker B. reset tcp connection C. deny connection D. deny packet E. deny packet, reset tcp connection F. deny connection, reset tcp connection Correct Answer: B /Reference: QUESTION 7 You are using Cisco IDM. What precaution must you keep in mind when adding, editing, or deleting allowed hosts on a Cisco IPS Sensor? A. You must not allow entire subnets to access the Cisco IPS Sensor B. You must not delete the IP address used for remote management. C. When using access lists to permit remote access, you must specify the direction of allowed communications. D. You can only configure the allowed hosts using the CLI. E. You must use an inverse mask, such as , for the specified network mask for the IP address. Correct Answer: B /Reference:
7 QUESTION 8 Which action does the copy /erase ftp:// /sensor_config01 current-config command perform? A. erases the sensor_config01 file on the FTP server and replaces it with the current configuration file from the Cisco IPS Sensor B. merges the source configuration file with the current configuration C. copies and saves the running configuration to the FTP server and replaces it with the source configuration file D. overwrites the backup configuration and applies the source configuration file to the system default configuration "Pass Any Exam. Any Time." Correct Answer: D /Reference: QUESTION 9 Refer to the exhibit. Which interfaces are assigned to an inline VLAN pair? A. GigabitEthernet0/1 with GigabitEthernet0/3 B. None in this virtual sensor
8 C. GigabitEthernet0/1 with GigabitEthernet0/2 D. GigabitEthernet0/2 with GigabitEthernet0/3 Correct Answer: B /Reference: QUESTION 10 Which character must precede a variable to indicate that you are using a variable rather than a string? A. percent sign B. asterisk C. dollar sign D. pound sign "Pass Any Exam. Any Time." E. ampersand Correct Answer: C /Reference: QUESTION 11 In which three ways does a Cisco IPS network sensor protect the network from attacks? (Choose three.) A. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity. B. It permits or denies traffic into the protected network based on access lists that you create on the sensor. C. It uses a blend of intrusion detection technologies to detect malicious network activity. D. It uses behavior-based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature. E. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity. F. It uses anomaly detection technology to prevent evasive techniques such as obfuscation, fragmentation, and encryption. Correct Answer: ACE /Reference: QUESTION 12 Which CLI mode allows you to tune signatures? A. setup B. global configuration
9 C. service signature-definition D. privileged exec E. service analysis-engine F. virtual-sensor-configuration Correct Answer: C /Reference: QUESTION 13 Select the two correct general Cisco IPS Sensor tuning recommendations if the environment consists exclusively of Windows servers. (Choose two.) "Pass Any Exam. Any Time." A. enable all IIS signatures B. enable all NFS signatures C. enable all RPC signatures D. use "NT" IP fragment reassembly mode E. disable deobfuscation for all HTTP signatures F. use "Windows" TCP stream reassembly mode Correct Answer: AD /Reference: QUESTION 14 Which two management access methods are enabled by default on a Cisco IPS Sensor? (Choose two.) A. HTTPS B. SSH C. IPsec D. HTTP E. Telnet Correct Answer: AB /Reference: QUESTION 15 DRAG DROP Drop
10 A. B. C. D. Correct Answer: /Reference: "Pass Any Exam. Any Time." - 8
11 : QUESTION 16 DRAG DROP Drop A. B. C. D. Correct Answer: /Reference: "Pass Any Exam. Any Time." - 9
12 : QUESTION 17 In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.) A. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors B. always enable unidirectional capture C. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events D. disable unneeded signatures E. place the Cisco IPS Sensor behind a firewall F. enable all anti-evasive measures to reduce noise Correct Answer: CDE /Reference:
13 QUESTION 18 You have been made aware of new and unwanted traffic on your network. You want to create a signature to monitor and perform an action against that traffic when certain thresholds are reached. What would be the best way to configure this new signature? "Pass Any Exam. Any Time." A. Use the Anomaly Detection functions to learn about the unwanted traffic, then create a newmeta signature using Cisco IDM. B. Use the Custom Signature Wizard. C. Edit a built-in signature that closely matches the traffic you are trying to prevent. D. Clone and edit an existing signature that closely matches the traffic you are trying to prevent. E. Create a new signature definition, edit it, and then enable it. Correct Answer: B /Reference: QUESTION 19 Refer to the exhibit. As a network administrator, you want to assign a target value rating to your network assets. Which menu tree path would you need to follow to reach a location from which you can configure the Target Value Rating parameter?
14 A. Policies > Signature Definitions B. Policies > Event Action Rules C. Policies > Anomaly Detections "Pass Any Exam. Any Time." D. Analysis Engine > Global Variables E. Analysis Engine > Virtual Sensors Correct Answer: B /Reference: QUESTION 20 Refer to the exhibit. You are the security administrator for the network in the exhibit. You want your inline Cisco IPS sensor to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two of the following parameters should you set to protect your DMZ servers in the most timeefficient manner? (Choose two.) A. application policy B. event action override C. target value rating D. alert severity E. event action filter F. signature fidelity rating Correct Answer: BC
15 /Reference: QUESTION 21 How can you clear events from the event store? A. You should select File > Clear IDM Cache in Cisco IDM. "Pass Any Exam. Any Time." B. You do not need to clear the event store; it is a circular log file, so once it reaches the maximum size it will be overwritten by new events. C. If you have Administrator privileges, you can do this by selecting Monitoring > Events > Reset button in Cisco IDM. D. You cannot clear events from the event store; they must be moved off the system using the copy command. E. You must use the CLI clear events command. Correct Answer: E /Reference: QUESTION 22 Which two statements correctly describe Cisco ASA AIP-SSM based on Cisco IPS 6.0 and the ASA 7.x software release? (Choose two.) A. It supports inline VLAN pairs. B. It supports up to four virtual sensors. C. It does not have console port access. D. It requires two physical interfaces to operate in inline mode. E. It has two sensing interfaces. F. Its command and control interface is Gig0/0. Correct Answer: CF /Reference: QUESTION 23 You have configured your sensor to use risk ratings to determine when to deny traffic into the network. How could you best leverage this configuration to provide the highest level of protection for the mission-critical web server on your DMZ? A. Create an event action filter for the web server. B. Create a risk rating for the web server and assign a value of High to the risk rating. C. Assign a target value rating of Mission Critical to the web server. D. Assign deny actions to all signatures with risk ratings, and specify the IP address of the web server as the Destination Address parameter for each of those signatures. Correct Answer: C
16 /Reference: QUESTION 24 Which TCP stream reassembly mode disables TCP window-evasion checking? "Pass Any Exam. Any Time." A. Symmetric B. Loose C. Disable D. Asymmetric E. Strict Correct Answer: D /Reference: QUESTION 25 Refer to the exhibit. Which further action must you take in order to create a new virtual sensor?
17 A. set Inline TCP Session Tracking Mode to Interface Only as there is only one interface available for assignment B. assign a unique name C. set AD Operational Mode to Inactive as that is a global parameter D. assign a description E. create and assign a unique Event Action Rule Policy F. create and assign a unique Signature Definition Policy Correct Answer: B /Reference: "Pass Any Exam. Any Time." QUESTION 26 DRAG DROP Drop
18 A. B. C. D. Correct Answer: /Reference: :
19 QUESTION 27 Which statement accurately describes Cisco IPS Sensor automatic signature and service pack updates? A. The Cisco IPS Sensor can automatically download service pack and signature updates from Cisco.com. "Pass Any Exam. Any Time." B. You must download service pack and signature updates from Cisco.com to a locally accessible server before they can be automatically applied to your Cisco IPS Sensor. C. The Cisco IPS Sensor can download signature and service pack updates only from an FTP or HTTP server. D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates hourly. E. If multiple signature or service pack updates are available when the sensor checks for an update, the Cisco IPS Sensor installs the first update it detects. Correct Answer: B /Reference: QUESTION 28 With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single platform? A. two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type configurations B. two C. six D. the number depends on the amount of device memory E. four Correct Answer: E /Reference: QUESTION 29
20 Refer to the exhibit. Which three statements correctly describe the configuration depicted in this Cisco IDM virtual sensors list? (Choose three.) A. sub-interfaces Gig0/2.0 and Gig0/3.0 are operating in IPS mode B. the Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode simultaneously C. the vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201 "Pass Any Exam. Any Time." D. inline dropping of packets can occur on the Gig0/2.0 sub-interface or Gig0/3.0 sub-interface or both E. inline dropping of packets can occur on the Gig0/0.1 sub-interface F. the vs1 virtual sensor is misconfigured for inline operations since only one sub-interface is assigned to vs1 Correct Answer: BCE /Reference: QUESTION 30 Which one of the following statements is true regarding tuned signatures? A. begin with signature number B. contain modified parameters of built-in signatures C. are tuned using the Cisco IDM Custom Signature Wizard D. require that you create custom signatures that can then be tuned to your needs E. require that you create subsignatures that can then be tuned to your needs Correct Answer: B /Reference: QUESTION 31 Which statement is correct if "Use Threat Rating Adjustment" is enabled from the Event Action Rules > rules0 > General Settings menu?
21 A. The threat rating adjustment will enable a fast way to add event actions based on the risk rating. B. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the signature fidelity. C. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the target value rating. D. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the attack relevancy rating. E. The risk rating will be adjusted by the addition of the threat rating adjustment based on the action taken by the Cisco IPS Sensor. F. The threat rating adjustment will be subtracted from the risk rating based on the action taken by the IPS sensor to produce the threat rating. Correct Answer: F /Reference: "Pass Any Exam. Any Time." QUESTION 32 Refer to the exhibit. Based on this partial CLI output, what can be determined about anomaly detection? A. The virtual sensor vs1 has learned normal traffic patterns and is currently in detection mode. B. Learning mode has expired and the sensor is running normally. C. An attack is in progress and learning mode has been automatically disabled. D. Learning mode has been manually disabled. Correct Answer: C /Reference: QUESTION 33 Which statement accurately describes what the External Product Interface feature included in the Cisco IPS 6.0 software release allows the Cisco IPS Sensor to do? A. collaborate with Cisco Security Manager for centralized events management B. receive host postures and quarantined IP address events from theciscoworks Management Center for Cisco Security Agent C. collaborate with Cisco Security MARS for incident investigations
22 D. have Cisco IEV subscribe to it and receive events from it E. perform Anomaly Detection by receiving events from external sources Correct Answer: B /Reference: QUESTION 34 Which two are true regarding Cisco IPS Sensor licensing? (Choose two.) A. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet contract exists. B. A Cisco Services for IPS contract must be purchased to obtain signature updates. C. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90 days. "Pass Any Exam. Any Time." D. Cisco IDM requires a valid license key to operate normally. E. A license key is required to obtain signature updates. Correct Answer: BE /Reference: QUESTION 35 LAB
23 : configure terminal default service signature-definition sigo end copy current-config backup-config show events status 07:00 May exit A. B. C. D. Correct Answer: /Reference: QUESTION 36 You would like to have your inline sensor deny attackers inline when events occur that have risk ratings over 85. Which two actions, when taken in conjunction, will accomplish this? (Choose two.) A. create target value ratings of 85 to 100 B. enable event action overrides C. create an Event Action Filter, and assign the risk rating range of 85 to 100 to the filter "Pass Any Exam. Any
24 Time." D. create an event variable for the protected network E. assign the risk rating range of 85 to 100 to the Deny Attacker Inline event action F. enable Event Action Filters Correct Answer: BE /Reference: QUESTION 37 Which statement is true about inline sensor functionality? A. Any sensor that supports inline functionality can operate in either inline or promiscuous mode, but not in both modes simultaneously. B. If you switch a sensor between inline and promiscuous modes, you must reboot the sensor. C. Inline functionality is available on any sensor that supports Cisco IPS Sensor Software Version 5.0 or later. D. If your sensor has a sufficient number of monitoring interfaces, you can use inline and promiscuous modes simultaneously. Correct Answer: D /Reference: QUESTION 38 Which three of the following are tuning parameters that affect the Cisco IPS Sensor globally? (Choose three.) A. meta reset interval B. alert summarization C. IP logging D. TCP stream reassembly E. IP fragment reassembly F. alert frequency Correct Answer: CDE /Reference: QUESTION 39 DRAG DROP Drop "Pass Any Exam. Any Time."
25 A. B. C. D. Correct Answer: /Reference: :
26 QUESTION 40 What is used to perform password recovery for the "cisco" admin account on a Cisco IPS 4200 Series Sensor? A. setup mode B. recovery partition "Pass Any Exam. Any Time." C. GRUB menu D. ROMMON CLI E. Cisco IDM Correct Answer: C /Reference: QUESTION 41 How should you create a custom signature that will fire when a series of pre-defined signatures occur and you want the Cisco IPS Sensor to generate alerts only for the new custom signature, not for the individual signatures? A. Use the Normalizer engine and remove the Produce Alert action from the component signatures. B. Use the Normalizer engine and set the summary mode to Global Summarize. C. Use the ATOMIC engine and set the summary mode to Global Summarize. D. Use themeta engine and remove the Produce Alert action from the component signatures. E. Use the Service engine and set the summary mode to Global Summarize. F. Use the Trojan engine and remove the Produce Alert action from the component signatures. Correct Answer: D /Reference:
27 QUESTION 42 Which three values are used to calculate the risk rating for an event? (Choose three.) A. target value rating B. signature fidelity rating C. attack severity rating D. fidelity severity rating E. signature attack rating F. target fidelity rating Correct Answer: ABC /Reference: QUESTION 43 Which of the following statements best describes how IP logging should be used? A. be used to automatically correlate events with Cisco Security MARS for incident investigations B. only be used when you are also using inline IPS mode "Pass Any Exam. Any Time." C. always be enabled since it uses a FIFO buffer on the Cisco IPS Sensor flash memory D. only be used temporarily for such purposes as attack confirmation, damage assessment, or the collection of forensic evidence, because of its impact on performance E. be used sparingly because there is a 4-GB limit on the amount of data that can be logged Correct Answer: D /Reference: QUESTION 44 A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for advanced troubleshooting purposes when directed to do so by Cisco TAC? A. service B. super C. administrator D. operator E. root
28 F. viewer Correct Answer: A /Reference: QUESTION 45 Refer to the exhibit. Which of these statements is true concerning VLAN Pairs and the GigabitEthernet0/0 interface? A. You cannot add another VLAN pair to interface GigabitEthernet0/0 because it already has a pair assigned to it. B. To add another VLAN pair to interface GigabitEthernet0/0, you would need to edit the current configuration. C. You cannot delete the default VLAN pair on interface GigabitEthernet0/0 subinterface 1. D. To add another VLAN pair to interface GigabitEthernet0/0, you would need to click the Add button and enter the appropriate information into the current configuration. "Pass Any Exam. Any Time." Correct Answer: D /Reference: QUESTION 46 You think users on your corporate network are disguising the use of file-sharing applications by tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity? A. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network. B. Enable both the HTTP application policy and the alarm on non-http traffic signature. C. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.
29 D. Enable the alarm for the non-http traffic signature. Then create an Event Action Override that adds the Deny Packet Inline action to events triggered by the signature if the traffic originates from your corporate network. E. Enable all signatures in the Service HTTP engine. Correct Answer: B /Reference: QUESTION 47 When signature 3116 fires, you want your Cisco IPS Sensor to terminate the current packet and future packets on this TCP flow only. Which action should you assign to the signature? A. Reset TCP Connection B. Request Block Connection C. Deny Connection Inline D. Deny Attacker Inline Correct Answer: C /Reference: QUESTION 48 You want to create multiple event filters that use the same parameter value. What would be the most efficient way to accomplish this task? A. create a global variable B. create a target value rating C. clone and edit an event filter D. create an event variable "Pass Any Exam. Any Time." Correct Answer: D /Reference: QUESTION 49 Which of the following is a valid file name for a Cisco IPS 6.0 system image? A. IPS-K9-cd-11-a E1.img B. IPS-K9-pkg-6.0-sys_img.sys C. IPS-4240-K9-img-6.0-sys.sys D. IPS-4240-K9-sys-1.1-a E1.img Correct Answer: D
30 /Reference: QUESTION 50 You are configuring Cisco IPS Sensor Anomaly Detection and have just set the scanner threshold to 48. What will this accomplish? A. A maximum of 48 scanners can be present on the network before an Anomaly Detection signature will be triggered. B. If there are more than 48 unestablished connections from a single source to different destination IP addresses, an Anomaly Detection signature will be triggered. C. The scheduler will replace the knowledge base every 48 hours. D. If there are more than 48 sources generating at least one unestablished connection to different destination IP addresses, an Anomaly Detection signature will be triggered. E. The histogram high threshold will be set to 48 destination IP addresses. Correct Answer: B /Reference: QUESTION 51 What are the three roles of the Cisco IPS Sensor interface? (Choose three.) A. blocking B. bypass C. logging D. alternate TCP reset E. sensing (monitoring) F. command and control Correct Answer: DEF /Reference: "Pass Any Exam. Any Time." QUESTION 52 LAB "Pass Any Exam. Any Time."
31
32 : 1. Choose Configuraton->Policies->Event Action Rules->rulesO->Event Action Overrides 2. Check Use Event Action Override box "Pass Any Exam. Any Time." Choose Target Value Rating 4. Delete whatever is there - since you cannot edit, only add and delete 5. Add: there choose Mission Critical, range of IP addresses Click OK, then Apply 7. Go to Event Action tab 8. Delete whatever is there (Deny Packet Inline for RR >=90) 9. Add Deny Packet Inline for the range of 80 to 100 (Minimum and Maximum fields). Enabled and Active should be true. 10. OK and Apply 11. Now go to rules0-> Event Action Filters and Add new one 12. Enter filter name - for example, PermitMS 13. Change Attacker Address field to Change attacked destionation adresses to Choose Deny Packet Inline from the actions to substract 16. OK and Apply A. B. C. D. Correct Answer: /Reference: QUESTION 53 In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose? A. to regenerate the Cisco IPS Sensor SSH host key B. to enable management hosts to access the Cisco IPS Sensor C. to enable communications with a blocking device D. to regenerate the Cisco IPS Sensor SSL RSA key pair E. to enable communications with the Master Blocking Sensor Correct Answer: C /Reference: QUESTION 54 What two steps must you perform to initialize a Cisco IPS Sensor appliance? (Choose two.)
33 A. connect to the sensor via SSH B. enable Telnet and then configure basic sensor parameters C. connect a serial cable to the console port of the sensor D. use the Cisco IDM Setup Wizard E. issue the setup command via the CLI Correct Answer: CE /Reference: "Pass Any Exam. Any Time." QUESTION 55 Which three statements accurately describe Cisco IPS 6.0 Sensor Anomaly Detection? (Choose three.) A. It sub-divides the network into two zones (internal and external). B. In the Anomaly Detection histograms, the number of source IP addresses is either learned or configured by the user. C. It is used to identify worms which spread by scanning the network. D. It has three modes: learn mode, detect mode, and attack mode. E. Anomaly Detection signatures have three sub-signatures (single scanner, multiple scanners, and worms outbreak). F. In the Anomaly Detection histograms, the number of destination IP addresses is predefined. Correct Answer: BCF /Reference: QUESTION 56 Refer to the exhibit. Based on the partial output shown, which of these statements is true?
34 A. The module installed in slot 1 needs to be upgraded to the same software revision as module 0 or it will not be recognized. B. The module installed in slot 1 needs to be a type 5540 module to be compatible with the ASA 5540 Adaptive Security Appliance module type. C. There is a Cisco IPS security services module installed. D. Module 0 system services are not running. Correct Answer: C /Reference: "Pass Any Exam. Any Time." QUESTION 57 Which two communication protocols does Cisco IEV support for communications with Cisco IPS Sensors? (Choose two.) A. SSH B. IPsec C. HTTP D. SCP E. HTTPS Correct Answer: CE
35 /Reference: QUESTION 58 When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses? A. specifies which IP address range to import from the EPI for OS fingerprinting B. limits the ARR to the defined IP addresses C. excludes the defined IP addresses from automatic risk rating calculations so that you can specify the desired risk rating D. allows you to configure separate OS maps within that IP address range Correct Answer: B /Reference: QUESTION 59 Which two of the following parameters affect the risk rating of an event? (Choose two.) A. signature fidelity rating B. event count key C. engine type D. scanner threshold E. global summary threshold F. alert severity Correct Answer: AF /Reference: "Pass Any Exam. Any Time." QUESTION 60 Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms, that exploit a number of different vulnerabilities and can trigger several different signatures? A. SensorApp B. Normalizer C. Analysis engine D. Summarizer E. Meta Event Generator F. Application Policy Enforcement Correct Answer: E
36 /Reference: QUESTION 61 Which two statements accurately describe virtual sensor configuration? (Choose two.) A. Creating a new virtual sensor creates a "virtual" machine. B. You cannot delete vs0. C. The packet processing policy is virtualized. D. You must create a new instance of a signature set, such as sig1, and assign it to vs1. E. The sensor's interfaces are virtualized. Correct Answer: BC /Reference: QUESTION 62 Which three of these steps are used to initialize and verify the Cisco ASA AIP-SSM? (Choose three.) A. connect a management station directly to the AIP-SSM console port via a serial cable B. access the Cisco IDM from a management station using C. use the ASA#show module command to verify the AIP-SSM status D. use the ASA#telnet sensor-ip-address command to access the AIP-SSM to setup the basic configuration on the sensor E. use the sensor#setup command to configure the basic sensor settings F. use the ASA#session 1 command to access the AIP-SSM CLI Correct Answer: CEF /Reference: "Pass Any Exam. Any Time." QUESTION 63 HOTSPOT Hotspot
37
38 A. B. C. D. Correct Answer:
39 /Reference: "Pass Any Exam. Any Time." :
40 QUESTION 64 HOTSPOT Hotspot "Pass Any Exam. Any Time."
41
42 "Pass Any Exam. Any Time."
43 A. B. C. D. Correct Answer: /Reference:
44 : "Pass Any Exam. Any Time."
45 QUESTION 65 HOTSPOT Hotspot
46 "Pass Any Exam. Any Time."
47
48 A. B. C. D. Correct Answer: /Reference:
49 : "Pass Any Exam. Any Time."
50 QUESTION 66 How would you copy packets that have been captured from the data interfaces to a location off the Cisco IDS or IPS sensor? A. Use the copy command with the capture keyword. B. Press Ctrl-C when the capture is complete and paste the capture to your local host. C. Use the packet display command D. Use the copy command with the packet-file keyword Correct Answer: D /Reference: QUESTION 67 Which sensor process is used to initiate the blocking response action? A. Network Access Controller B. blockd C. shunstart D. EXEC Correct Answer: A
51 /Reference: QUESTION 68 "Pass Any Exam. Any Time." How does a Cisco network sensor detect malicious network activity? A. by performing in-depth analysis of the protocols that are specified in the packets that are traversing the network B. by comparing network activity to an established profile of normal network activity C. by using behavior-based technology that focuses on the behavior of applications D. by using a blend of intrusion detection technologies Correct Answer: D /Reference: QUESTION 69 Which statement is true about using the Cisco IDM to configure automatic signature and service pack updates? A. You must select the Enable Auto Update check box in the Auto Update panel in order to configure automatic updates B. You can schedule updates to occur daily, weekly, or monthly. C. If you configure updates to occur daily, the sensor checks for updates at12:00 a.m. each day. D. You access the Automatic Update panel from the IDM Monitoring tab. Correct Answer: A /Reference: QUESTION 70 You are the network security administrator for a company. You want to create a user account for your assistant that gives the assistant the second-highest level of privileges. You want to ensure that your assistant can view all events and tune signatures. Which role would you assign to the account for your assistant? A. Service B. Administrator C. Viewer D. Operator Correct Answer: D /Reference:
52 QUESTION 71 What are three differences between inline and promiscuous sensor functionality? (Choose three.) "Pass Any Exam. Any Time." A. A sensor that is operating in inline mode supports more signatures than a sensor that is operating in promiscuous mode. B. Inline operation provides more protection from Internet worms than promiscuous mode does. C. Inline operation provides more protection from atomic attacks than promiscuous mode does. D. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot. Correct Answer: BCD /Reference: QUESTION 72 Which command provides a snapshot of the current internal state of a sensor service, enabling you to check the status of automatic upgrades and NTP? A. show statistics B. show statistics host C. show service statistics D. show settings Correct Answer: B /Reference: QUESTION 73 Which of the following is not tuning parameters that affect the Cisco IPS Sensor globally? A. alert summarization B. IP fragment reassembly C. TCP stream reassembly D. IP logging Correct Answer: A /Reference: QUESTION 74 Which two protocols can be used for automatic signature anc service pack updates? (Choose two.
53 A. SSH B. FTP C. HTTP D. 5CP "Pass Any Exam. Any Time." Correct Answer: BD /Reference: QUESTION 75 When performing a signature update on a Cisco IDS Sensor, which three server types are supported for retrieving the new software? (Choose three.) A. SCP B. RCP C. HTTP D. FTP Correct Answer: ACD /Reference: QUESTION 76 Which two statements are true about applying a system image file to a Cisco IPS 4240 sensor? (Choose two.) A. The same system-image file can be applied to any sensor platform. B. The system image has an rpm.pkg extension. C. You can use ROMMON to use the TFTP facility to copy the system image onto the sensor D. The system image file contains a sys identifier Correct Answer: AD /Reference: QUESTION 77 Under which circumstance would only the translated address be sent to the NM-QDS for processing? A. when using it inside NAT B. when using it outside PAT C. when using it inside PAT D. when using it outside NAT
54 Correct Answer: D /Reference: QUESTION 78 "Pass Any Exam. Any Time." You would like to examine all high-severity alert events generated by your sensor since 1:00 a.m. January 1, Which command should you use? A. show events alert B. show events high C. show events alert high1:00 jan D. show events high1:00 jan Correct Answer: C /Reference: QUESTION 79 What is the hostld entry in a Cisco IPS alert? A. the globally unique identifier for the attacker B. the sensor that originated the alert C. the IP address of the attacked host D. the blocking device that blocked the attack Correct Answer: B /Reference: QUESTION 80 Which command displays the statistics for Fast Ethernet interface 0/1? A. show interface intl B. show statistics FastEthernet0/l C. show statistics virtual-sensor D. show interfaces FastEthernet0/l Correct Answer: D /Reference:
55 QUESTION 81 In which file format are IP logs stored? A. Microsoft Excel B. text C. limpkin D. Microsoft Word Correct Answer: C /Reference: "Pass Any Exam. Any Time." QUESTION 82 Which two are not forwarded to the NM-CIDS? (Choose two.) A. TCP packets B. UDP packets C. ARP packets D. GRE encapsulated packets Correct Answer: CD /Reference: QUESTION 83 Your Cisco router is hosting an NM-CIDS. The router configuration contains an inbound ACL. Which action does the router take when it receives a packet that should be dropped, according to the inbound ACL? A. The router drops the packet and does not forward it to the NM-CIDS for inspection. B. The router filters the packet through the inbound ACL, tags it for drop action, and forwards the packet to the NM-CIDS. Then the router drops it if it triggers any signature, even a signature with no action configured. C. The router filters the packet through the inbound ACL, forwards the packet to the NM-CIDS for inspection only if it is an ICMP packet, and then drops the packet. D. The router forwards the packet to the NM-CIDS for inspection, then drops the packet Correct Answer: A /Reference: QUESTION 84 Please match the inline and inline VLAN pair descriptions to the proper categories. (l) also known as inline on a stick (2) IPS appliance is installed between two network devices (3) Two monitoring interfaces are configured as a pair (4) IPS appliance bridges traffic between pairs of VLAN (I) Inline Interface Pair
56 (Il) Inline VLAN Pair A. (I)-(l 3); (II)-(2 4) B. (I)-(2 4);(II)-(1 3) "Pass Any Exam. Any Time." C. (I)-(2 3);(II)-(1 4) D. (I)-(l 2);(II)-(3 4) Correct Answer: C /Reference: QUESTION 85 Which command can be used to retrieve Cisco Product Evolution Program (PEP) unique device identifier (UDI) information to help you manage certified hardware versions within your network? A. display B. show pep C. show inventory D. show tech-support Correct Answer: C /Reference: QUESTION 86 Which command initiates the Cisco ID5M2 system-initialization dialog? A. setup B. configure terminal C. session D. sysconfig-sensor Correct Answer: A /Reference: QUESTION 87 You recently noticed a large volume of alerts generated by attacks against your web servers. Because these are mission-critical servers, you keep them up to date on patches. As a result, the attacks fail and your inline sensor generates numerous false positives. Your assistant, who monitors the alerts, is overwhelmed. Which two actions will help your assistant manage the false positives? (Choose two.) A. Lower the severity level of signatures that are generating the false positives. B. Lower the fidelity ratings of signatures that are generating the false positives.
57 C. Raise the Target Value Ratings for your web servers. D. Create a policy that denies attackers inline and filters alerts for events with high Risk Ratings. "Pass Any Exam. Any Time." Correct Answer: CD /Reference: QUESTION 88 Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario? A. raising the severity level of certain web signatures B. disabling all web signatures C. disabling the Meta Event Generator D. lowering the severity level of certain web signatures Correct Answer: D /Reference: QUESTION 89 What is the purpose of an interface pair? A. inline monitoring B. multiple-subnet monitoring C. failover D. load balancing Correct Answer: A /Reference: QUESTION 90 Which value is not used to calculate the risk rating for an event? A. fidelity severity rating B. signature fidelity rating C. target value rating D. attack severity rating Correct Answer: A
58 /Reference: QUESTION 91 Which statement is true about viewing sensor events? "Pass Any Exam. Any Time." A. You can use the Events panel in the Cisco IDM to filter and view events. B. In the Cisco IDM, you can filter events based on type or time but not both. C. The Cisco IDM does not limit the number of events that you can view at one time. D. You can view events from the CLI, but you cannot filter them. Correct Answer: A /Reference: QUESTION 92 Which signature description best describes a String signature engine? A. regular expression-based pattern inspection for multiple transport protocols B. Layer 5, 6, and 7 services that require protocol analysis C. state-based, regular expression-based pattern inspection and alarm functionality for TCP streams D. network reconnaissance detection Correct Answer: A /Reference: QUESTION 93 How is automatic IP logging enabled on a sensor? A. It is enabled by default for all master signatures only. B. It is enabled by default for all high-severity signature alarms. C. It must be manually configured for individual signatures. D. It is enabled by default for all signatures. Correct Answer: C /Reference: QUESTION 94 Which two statements accurately describe the software bypass mode? (Choose two.) A. When it is set to on, traffic inspection ceases without impacting network traffic.
59 B. The default setting is off. C. When it is set to off, traffic stops flowing if the sensor is down. D. When it is set to on, all Cisco IPS processing subsystems are bypassed and traffic is allowed to flow between the inline port or VLAN pairs directly. Correct Answer: AC /Reference: "Pass Any Exam. Any Time." QUESTION 95 Which action is available only to signatures supported by the Normalizer engine? A. Modify Packet Inline B. Deny Packet Inline C. Log Pair Packets D. Produce Verbose Alert Correct Answer: A /Reference: QUESTION 96 You are in charge of Securing Networks with Cisco Routers and Switches for your company.what is not the role of the Cisco IPS Sensor interface. A. blocking B. command and control C. sensing (monitoring) D. alternate TCP reset Correct Answer: A /Reference: QUESTION 97 Under which tab in the Cisco IDM can you find the Custom Signature Wizard? A. Configuration B. Monitoring C. Administration D. Device Correct Answer: B
60 /Reference: QUESTION 98 Which two tasks must you complete in Cisco IDM to configure the sensor to allow an SNMP network management station to obtain the sensor's health and welfare information? (Choose two.) "Pass Any Exam. Any Time." A. From the SNMP Traps Configuration panel, enable SNMP Traps and SNMP Gets/Sets. B. From the SNMP Traps Configuration panel, enable SNMP Traps C. From the SNMP General Configuration panel, enable SNMP Gets/Sets. D. From the SNMP General Configuration panel, configure the SNMP agent parameters Correct Answer: CD /Reference: QUESTION 99 What is the primary function of a Master Blocking Sensor? A. to serve as the central point of configuration in the Cisco IDS MC for blocking B. to manage and distribute blocking configurations to other slave sensors C. to directly communicate the blocking requests that are sent by other sensors D. to serve as the central point of configuration in the Cisco IDM for blocking Correct Answer: C /Reference: QUESTION 100 What is a false-negative alarm situation? A. A signature is fired when offending traffic is not detected B. Normal traffic or a benign action causes a signature to fire C. A signature is not fired when offending traffic is present D. Normal traffic does not cause a signature to fire Correct Answer: C /Reference: QUESTION 101
61 What is a configurable weight that is associated with the perceived importance of a network asset? A. parameter value B. Target Value Rating C. severity level D. Risk Rating Correct Answer: B /Reference: "Pass Any Exam. Any Time." QUESTION 102 For which purpose is a sensor license needed? A. signature updates B. all sensor operations C. service pack updates D. Cisco IDM functionality Correct Answer: A /Reference: QUESTION 103 Which three are types of events that are generated by the sensor? (Choose three.) A. everror: application errors B. evstatus; status changes, such as a software upgrade, that are being completed C. evlog: IP logging requests D. evidsalert: intrusion detection alerts Correct Answer: ABD /Reference: QUESTION 104 To use the upgrade command to retain the sensor configuration when upgrading to Cisco IPS software version 5.0, which version of Cisc IDS software must the sensor be running prior to upgrade? A. 4.0 B. 4.1 C. 4.2 D. 3.5
62 Correct Answer: B /Reference: QUESTION 105 Why would an attacker saturate the network with noise while simultaneously launching an attack? A. An attack may go undetected B. It will have no effect on the ability of the sensor to detect attacks. C. It will initiate asymmetric attack techniques. "Pass Any Exam. Any Time." D. It causes the Cisco IDS to fire multiple false negative alarms. Correct Answer: A /Reference: QUESTION 106 Which two are necessary to take into consideration when preparing to tune your sensor? (Choose two. A. the network topology B. which outside addresses are statically assigned to the servers and which are DHCP addresses C. the IP addresses of your inside gateway and outside gateway D. the security policy Correct Answer: AD /Reference: QUESTION 107 By manipulating the TTL on a TCP packet, an attacker could desynchronize inspection. Signature 1308 (TTL evasicn) fires when the TTL for any packet in a TCP session is higher than the lowest- observed TTL for that session. Signature 1308 rewrites all TTLs to the lowest-observed TTL, and produces an alert. You would like to have the signature continue to modify packets inline but avoid generating alerts. How could this be done? A. Remove the Produce Alert action from the signature. B. Create an Event Variable. C. Create an Event Action Override that is based on the Produce Alert action. D. This cannot be done; an alert is always generated when a signature fires Correct Answer: A
63 /Reference: QUESTION 108 Which four tasks must you complete in the Cisco IDM to have the sensor automatically look for and install signature and service pack updates? (Choose four.) A. Select the protocol that is used for transferring the file. B. Specify whether the sensor should look for an update file on Cisco.com or on a local server. C. Schedule the updates. "Pass Any Exam. Any Time." D. Enter the IP address of the remote server that contains the updates. E. Enter your Cisco.com username and passv/ord F. Enter the path to the update file. Correct Answer: ACDF /Reference: QUESTION 109 Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.) A. on critical network servers B. at network entry points C. on critical network segments D. on publicly accessible servers Correct Answer: BC /Reference: QUESTION 110 Which statement is incorrect about Cisco IPS 6.0 Sensor Anomaly Detection? A. It is used to identify worms which spread by scanning the network. B. In the Anomaly Detection histograms, the number of source IP addresses is either learned or configured by the user. C. In the Anomaly Detection histograms, the number of destination IP addresses is predefined. D. It sub-divides the network into two zones. Correct Answer: D /Reference:
64 QUESTION 111 Which command resets all signature settings back to the factory defaults? A. reset signatures B. default service signature-definition C. reset signatures all D. default signatures Correct Answer: B /Reference: "Pass Any Exam. Any Time." QUESTION 112 Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three.) A. Add the inline pair to the default virtual sensor B. Enable two interfaces for the pair C. Create the interface pair D. Disable all interfaces except the inline pair. Correct Answer: ABC /Reference: QUESTION 113 Which command captures live traffic on Fast Ethernet interface 0/1? A. packet display FastEthernetO/1 B. show interfaces FastEthernetO/1 include real-time C. show traffic FastEthernetO/1 D. packet capture FastEthernetO/1 Correct Answer: D /Reference: "Pass Any Exam. Any Time." QUESTION 114 You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next? A. Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents.
65 B. Use Cisco IDM to download the IP log to a management station then use a packet analyzer like Ethereal to decode the IP log. C. Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation. D. Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager to decode the IP log. E. Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content. Correct Answer: B /Reference: "Pass Any Exam. Any Time." QUESTION 115 What is the hostld entry in a Cisco IPS alert? A. the globally unique identifier for the attacker B. the sensor that originated the alert C. the IP address of the attacked host D. the blocking device that blocked the attack Correct Answer: B /Reference: QUESTION 116 You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next? A. Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents. B. Use Cisco IDM to download the IP log to a management station then use a packet analyzer like Ethereal to decode the IP log. C. Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation. D. Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager to decode the IP log. E. Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content. Correct Answer: B /Reference: "Pass Any Exam. Any Time." - 4
66 QUESTION 117 Which two are true regarding Cisco IPS Sensor licensing? (Choose two.) A. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet contract exists. B. A Cisco Services for IPS contract must be purchased to obtain signature updates. C. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90 days. "Pass Any Exam. Any Time." D. Cisco IDM requires a valid license key to operate normally. E. A license key is required to obtain signature updates. Correct Answer: BE /Reference: QUESTION 118 "Pass Any Exam. Any Time." How does a Cisco network sensor detect malicious network activity? A. by performing in-depth analysis of the protocols that are specified in the packets that are traversing the network B. by comparing network activity to an established profile of normal network activity C. by using behavior-based technology that focuses on the behavior of applications D. by using a blend of intrusion detection technologies Correct Answer: D /Reference: QUESTION 119 Which three are types of events that are generated by the sensor? (Choose three.) A. everror: application errors B. evstatus; status changes, such as a software upgrade, that are being completed C. evlog: IP logging requests D. evidsalert: intrusion detection alerts Correct Answer: ABD /Reference: QUESTION 120
Configuring Event Action Rules
CHAPTER 7 This chapter explains how to add event action rules policies and how to configure event action rules. It contains the following sections: Understanding Security Policies, page 7-1 Event Action
More informationWorking With Configuration Files
CHAPTER 15 This chapter describes how to use commands that show, copy, and erase the configuration file. It contains the following sections: Displaying the Current Configuration, page 15-1 Displaying the
More informationConfiguring Event Action Rules
CHAPTER 8 This chapter explains how to add event action rules policies and how to configure event action rules. It contains the following sections: Understanding Policies, page 8-1 Understanding Event
More informationNumerics INDEX. 4GE bypass interface card configuration restrictions 5-9 described 5-8 illustration 5-8
INDEX Numerics 4GE bypass interface card configuration restrictions 5-9 described 5-8 illustration 5-8 A accessing IPS software 18-2 access-list command 4-5 configuring 4-5 misconfiguration C-11 account
More informationExam : : Implementing Cisco Intrusion Prevention Systems. Title. Ver :
Exam : 642-532 Title : Implementing Cisco Intrusion Prevention Systems Ver : 09.27.07 QUESTION 1: A new IDSM2 module was installed in the Certkiller network. Which of the following features regarding the
More informationFundamentals of Network Security v1.1 Scope and Sequence
Fundamentals of Network Security v1.1 Scope and Sequence Last Updated: September 9, 2003 This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document
More informationUsing the Startup Wizard
CHAPTER 3 This chapter describes the Startup wizard and how to use it to configure your sensor. It contains the following sections: Startup Wizard Introduction Window, page 3-1 Setting up the Sensor, page
More informationCisco IPS Actual Tests by.dd.152q
Cisco IPS Actual Tests 2012-08-31.by.dd.152q Number: 642-627 Passing Score: 790 Time Limit: 60 min File Version: V5.0 http://www.gratisexam.com/ Exam - Cisco 642-627 Version - v1.2 Question - 76q Modified
More informationConfiguring Anomaly Detection
CHAPTER 12 This chapter describes how to create multiple security policies and apply them to individual virtual sensors. It contains the following sections: Understanding Policies, page 12-1 Anomaly Detection
More informationCisco Intrusion Prevention Solutions
Cisco Intrusion Prevention Solutions Proactive Integrated, Collaborative, and Adaptive Network Protection Cisco Intrusion Prevention System (IPS) solutions accurately identify, classify, and stop malicious
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationConfiguring Anomaly Detection
CHAPTER 9 This chapter describes anomaly detection and its features and how to configure them. It contains the following topics: Understanding Security Policies, page 9-2 Understanding Anomaly Detection,
More informationCisco IPS Actual Tests by.dd.160q
Cisco IPS Actual Tests 2012-10-05-2012.by.dd.160q Number: 642-627 Passing Score: 790 Time Limit: 60 min File Version: V5.0 http://www.gratisexam.com/ Exam - Cisco 642-627 Version - v1.2 Question - 76q
More informationConfiguring Anomaly Detection
CHAPTER 9 Caution Anomaly detection assumes it gets traffic from both directions. If the sensor is configured to see only one direction of traffic, you should turn off anomaly detection. Otherwise, when
More informationConfiguring Virtual Sensors
CHAPTER 5 The AIM IPS and the NME IPS do not support virtualization. This chapter explains the function of the Analysis Engine and how to create, edit, and delete virtual sensors. It also explains how
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 642-618 EXAM QUESTIONS & ANSWERS Number: 642-618 Passing Score: 800 Time Limit: 120 min File Version: 39.6 http://www.gratisexam.com/ CISCO 642-618 EXAM QUESTIONS & ANSWERS Exam Name: Deploying Cisco
More informationConfiguring the AIP SSM
CHAPTER 18 The number of concurrent CLI sessions is limited based on the platform. IDS 4215 and NM CIDS are limited to three concurrent CLI sessions. All other platforms allow ten concurrent sessions.
More informationAvailable Commands CHAPTER
CHAPTER 2 This chapter contains the Cisco IPS 6.2 commands listed in alphabetical order. It contains the following sections:. anomaly-detection load, page 2-4 anomaly-detection save, page 2-5 banner login,
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More informationCisco IPS AIM Deployment, Benefits, and Capabilities
Cisco IPS AIM Abstract The Cisco IPS Advanced Integration Module (AIM) for Cisco modular integrated services routers integrates a high-performance, feature-rich intrusion prevention system (IPS) into the
More informationConfiguring Event Action Rules
CHAPTER 6 This chapter explains how to configure event action rules. It contains the following sections: Understanding Event Action Rules, page 6-1 Signature Event Action Processor, page 6-2 Event Actions,
More informationConfiguring Dashboards
CHAPTER 2 This chapter describes dashboards, and how to add and delete them. It contains the following topics: Understanding Dashboards, page 2-1 Adding and Deleting Dashboards, page 2-1 Understanding
More informationCisco WAAS Software Command Summary
2 CHAPTER This chapter summarizes the Cisco WAAS 4.0.7 software commands. lists the WAAS commands (alphabetically) and indicates the command mode for each command. The commands used to access modes are
More informationASA Access Control. Section 3
[ 39 ] CCNP Security Firewall 642-617 Quick Reference Section 3 ASA Access Control Now that you have connectivity to the ASA and have configured basic networking settings on the ASA, you can start to look
More informationCisco CISCO Securing Networks with ASA Advanced. Practice Test. Version
Cisco 642-515 CISCO 642-515 Securing Networks with ASA Advanced Practice Test Version 3.1 QUESTION NO: 1 Cisco 642-515: Practice Exam Which two statements correctly describe configuring active/active failover?
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationExam : Title : Security Solutions for Systems Engineers. Version : Demo
Exam : 642-566 Title : Security Solutions for Systems Engineers Version : Demo 1. Which one of the following elements is essential to perform events analysis and correlation? A. implementation of a centralized
More informationSetting Up the Sensor
CHAPTER 4 This chapter provides information for setting up the sensor. This chapter contains the following sections: Understanding Initialization, page 4-1 Configuring Network Settings, page 4-1 Configuring
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces. 2016 Cisco and/or its affiliates. All
More informationChapter 6: IPS. CCNA Security Workbook
Chapter 6: IPS Technology Brief As the awareness of cyber and network security is increasing day by day, it is very important to understand the core concepts of Intrusion Detection/Defense System (IDS)
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationPrepKing. PrepKing
PrepKing Number: 642-176 Passing Score: 800 Time Limit: 120 min File Version: 9.8 http://www.gratisexam.com/ PrepKing 642-176 Exam A QUESTION 1 Refer to the exhibit. What are the two options available
More informationChapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM
Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet Interfaces.
More informationCisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers
Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers The Cisco Intrusion Prevention System Advanced Integration Module (IPS AIM) and Network Module Enhanced
More informationNetwork Security Platform Overview
Quick Tour Revision B McAfee Network Security Platform 8.1 Network Security Platform Overview McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : 300-210 Title : Implementing Cisco Threat Control Solutions Vendor : Cisco Version : DEMO Get Latest & Valid 300-210
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 642-504 Title : Securing Networks with Cisco Routers and Switches Vendors
More informationTroubleshooting. Testing Your Configuration CHAPTER
82 CHAPTER This chapter describes how to troubleshoot the ASA and includes the following sections: Testing Your Configuration, page 82-1 Reloading the ASA, page 82-8 Performing Password Recovery, page
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationexam. Number: Passing Score: 800 Time Limit: 120 min CISCO Interconnecting Cisco Networking Devices Part 1 (ICND)
100-105.exam Number: 100-105 Passing Score: 800 Time Limit: 120 min CISCO 100-105 Interconnecting Cisco Networking Devices Part 1 (ICND) Exam A QUESTION 1 Which route source code represents the routing
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationCertifyMe. CertifyMe
CertifyMe Number: 642-176 Passing Score: 800 Time Limit: 120 min File Version: 8.8 http://www.gratisexam.com/ CertifyMe 642-176 Exam A QUESTION 1 Refer to the exhibit. What are the two options available
More informationChapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM
Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces. 2015 Cisco and/or its affiliates. All rights
More informationConfigure the ASA for Dual Internal Networks
Configure the ASA for Dual Internal Networks Document ID: 119195 Contributed by Dinkar Sharma, Bratin Saha, and Prashant Joshi, Cisco TAC Engineers. Aug 05, 2015 Contents Introduction Prerequisites Requirements
More informationExam Questions
Exam Questions 300-206 SENSS Implementing Cisco Edge Network Security Solutions https://www.2passeasy.com/dumps/300-206/ 1.. What are three of the RBAC views within Cisco IOS Software? (Choose three.)
More informationCisco Passguide Exam Questions & Answers
Cisco Passguide 642-648 Exam Questions & Answers Number: 642-648 Passing Score: 800 Time Limit: 120 min File Version: 61.8 http://www.gratisexam.com/ Cisco 642-648 Exam Questions & Answers Exam Name: Deploying
More informationCCNA Security 1.0 Student Packet Tracer Manual
1.0 Student Packet Tracer Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationUniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL
UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL Contents: UniNets CCNA Security LAB MANUAL Section 1 Securing Layer 2 Lab 1-1 Configuring Native VLAN on a Trunk Links Lab 1-2 Disabling
More informationPlatform Settings for Firepower Threat Defense
Platform settings for devices configure a range of unrelated features whose values you might want to share among several devices. Even if you want different settings per device, you must create a shared
More informationEnabling ALGs and AICs in Zone-Based Policy Firewalls
Enabling ALGs and AICs in Zone-Based Policy Firewalls Zone-based policy firewalls support Layer 7 application protocol inspection along with application-level gateways (ALGs) and application inspection
More informationDevice Management Basics
The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Adding Devices to the Firepower Management
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationConfiguring the Cisco NAM 2220 Appliance
CHAPTER 5 This section describes how to configure the Cisco NAM 2220 appliance to establish network connectivity, configure IP parameters, and how to perform other required administrative tasks using the
More informationInspection of Router-Generated Traffic
Inspection of Router-Generated Traffic The Inspection of Router-Generated Traffic feature allows Context-Based Access Control (CBAC) to inspect traffic that is originated by or destined to the router on
More informationEnabling ALGs and AICs in Zone-Based Policy Firewalls
Enabling ALGs and AICs in Zone-Based Policy Firewalls Zone-based policy firewalls support Layer 7 application protocol inspection along with application-level gateways (ALGs) and application inspection
More informationCisco IOS Inline Intrusion Prevention System (IPS)
Cisco IOS Inline Intrusion Prevention System (IPS) This data sheet provides an overview of the Cisco IOS Intrusion Prevention System (IPS) solution. Product Overview In today s business environment, network
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-618 Title : Deploying Cisco ASA Firewall Solutions (FIREWALL v2.0) Vendors : Cisco
More informationThe IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.
I n t r o d u c t i o n The CCNA Security IINS exam topics have been refreshed from version 2.0 to version 3.0. This document will highlight exam topic changes between the current 640-554 IINS exam and
More informationChapter 11: It s a Network. Introduction to Networking
Chapter 11: It s a Network Introduction to Networking Small Network Topologies Typical Small Network Topology IT Essentials v5.0 2 Device Selection for a Small Network Factors to be considered when selecting
More informationCisco Security Monitoring, Analysis and Response System 4.2
Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System
More informationExam Actual. Higher Quality. Better Service! QUESTION & ANSWER
Higher Quality Better Service! Exam Actual QUESTION & ANSWER Accurate study guides, High passing rate! Exam Actual provides update free of charge in one year! http://www.examactual.com Exam : 642-617 Title
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationEXAM - JN ACX, Specialist (JNCIS-ACX) Buy Full Product.
Juniper EXAM - JN0-740 ACX, Specialist (JNCIS-ACX) Buy Full Product http://www.examskey.com/jn0-740.html Examskey Juniper JN0-740 exam demo product is here for you to test the quality of the product. This
More informationMultiple Context Mode
This chapter describes how to configure multiple security contexts on the Cisco ASA. About Security Contexts, page 1 Licensing for, page 12 Prerequisites for, page 13 Guidelines for, page 14 Defaults for,
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationPermitting PPTP Connections Through the PIX/ASA
Permitting PPTP Connections Through the PIX/ASA Contents Introduction Prerequisites Requirements Components Used Background Theory Conventions PPTP with the Client Inside and the Server Outside Network
More informationWhat is New in Cisco ACE 4710 Application Control Engine Software Release 3.1
What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches
More informationSkills Assessment Student Training Exam
Skills Assessment Student Training Exam Topology Assessment Objectives Part 1: Initialize Devices (2 points, 5 minutes) Part 2: Configure Device Basic Settings (18 points, 20 minutes) Part 3: Configure
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationImplementing Cisco Network Security (IINS) 3.0
Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using
More informationNetwork Address Translation (NAT)
The following topics explain and how to configure it. Why Use NAT?, page 1 NAT Basics, page 2 Guidelines for NAT, page 8 Configure NAT, page 12 Translating IPv6 Networks, page 40 Monitoring NAT, page 51
More informationTroubleshooting the Security Appliance
CHAPTER 43 This chapter describes how to troubleshoot the security appliance, and includes the following sections: Testing Your Configuration, page 43-1 Reloading the Security Appliance, page 43-6 Performing
More informationConfiguring Network Address Translation
Finding Feature Information, on page 1 Network Address Translation (NAT), on page 2 Benefits of Configuring NAT, on page 2 How NAT Works, on page 2 Uses of NAT, on page 3 NAT Inside and Outside Addresses,
More informationDoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel
CCNA4 Chapter 4 * DoS Attacks DoS attacks are the most publicized form of attack and also among the most difficult to eliminate. DoS attacks prevent authorized people from using a service by consuming
More informationTest Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version
Test Accredited Configuration Engineer (ACE) Exam PAN OS 6.0 Version ACE Exam Question 1 of 50. Which of the following statements is NOT True regarding a Decryption Mirror interface? Supports SSL outbound
More informationOER uses the following default value if this command is not configured or if the no form of this command is entered: timer: 300
holddown holddown To configure the Optimized Edge Routing (OER) prefix route dampening timer to set the minimum period of time that a new exit must be used before an alternate exit can be selected, use
More informationManaging Services Modules
CHAPTER 58 This chapter describes how to manage the following module types: Security Services Cards (SSCs) Security Services Modules (SSMs) Security Services Processors (SSPs) Modules run advanced security
More informationSymbols INDEX > 12-14
INDEX Symbols > 12-14 A AAA accounting configuring 6-32 AAA-based management systems 2-25, 6-2 acceleration about 1-6, 12-1 features 1-6 TCP settings 12-17 accounts creating 7-3 creation process 7-2 deleting
More informationCorrigendum 3. Tender Number: 10/ dated
(A premier Public Sector Bank) Information Technology Division Head Office, Mangalore Corrigendum 3 Tender Number: 10/2016-17 dated 07.09.2016 for Supply, Installation and Maintenance of Distributed Denial
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationIntroducing Cisco Data Center Networking [AT]
Introducing Cisco Data Center Networking [AT] Number: 640-911 Passing Score: 825 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ Cisco 640-911 Introducing Cisco Data Center Networking
More informationDC-228. ADSL2+ Modem/Router. User Manual. -Annex A- Version: 1.0
DC-228 ADSL2+ Modem/Router -Annex A- User Manual Version: 1.0 TABLE OF CONTENTS 1 PACKAGE CONTENTS...3 2 PRODUCT LAYOUT...4 3 NETWORK + SYSTEM REQUIREMENTS...6 4 DC-228 PLACEMENT...6 5 SETUP LAN, WAN...7
More informationConfiguring Control Plane Policing
21 CHAPTER This chapter describes how to configure control plane policing (CoPP) on the NX-OS device. This chapter includes the following sections: Information About CoPP, page 21-1 Guidelines and Limitations,
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationCisco Intrusion Detection and Prevention Signatures
[ 25 ] CCNP Security IPS 642-627 Quick Reference Chapter 3 Cisco Intrusion Detection and Prevention Signatures Configuring Signatures and Alerts Signatures are the foundation of an intrusion prevention
More informationAccessEnforcer Version 4.0 Features List
AccessEnforcer Version 4.0 Features List AccessEnforcer UTM Firewall is the simple way to secure and manage your small business network. You can choose from six hardware models, each designed to protect
More informationUsing the Cisco NX-OS Setup Utility
This chapter contains the following sections: Configuring the Switch, page 1 Configuring the Switch Image Files on the Switch The Cisco Nexus devices have the following images: BIOS and loader images combined
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More informationMcAfee Network Security Platform
McAfee Network Security Platform 9.2 (Quick Tour) McAfee Network Security Platform [formerly McAfee IntruShield ] is a combination of network appliances and software that accurately detects and prevents
More informationCisco Exam Questions & Answers
Cisco 640-911 Exam Questions & Answers Number: 640-911 Passing Score: 825 Time Limit: 120 min File Version: 24.8 http://www.gratisexam.com/ Cisco 640-911 Exam Questions & Answers Exam Name: Introducing
More informationAbout This Guide. Document Objectives. Audience
This preface introduce the, and includes the following sections: Document Objectives, page xxxv Audience, page xxxv Related Documentation, page xxxvi Document Organization, page xxxvi Document Conventions,
More informationAutoSecure. Finding Feature Information. Last Updated: January 18, 2012
AutoSecure Last Updated: January 18, 2012 The AutoSecure feature secures a router by using a single CLI command to disable common IP services that can be exploited for network attacks, enable IP services
More informationConfiguring Access Rules
Configuring Access Rules Rules > Access Rules About Access Rules Displaying Access Rules Specifying Maximum Zone-to-Zone Access Rules Changing Priority of a Rule Adding Access Rules Editing an Access Rule
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.3 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.3-111215-01-1215
More informationConfiguring Management Access
37 CHAPTER This chapter describes how to access the ASA for system management through Telnet, SSH, and HTTPS (using ASDM), how to authenticate and authorize users, how to create login banners, and how
More informationConfiguring Antivirus Devices
CHAPTER 9 Revised: November 11, 2007 Antivirus (AV) devices provide detection and prevention against known viruses and anomalies. This chapter describes how to configure and add the following devices and
More information