642-532 Exam
Securing Networks Using Intrusion Prevention Systems Exam (IPS)
- Exam Number/Code : 642-532
- Exam Name : Securing Networks Using Intrusion Prevention Systems Exam (IPS)
- Questions and Answers : 67 Q&As
- Update Time: 2011-09-21
- Price:
$ 119.00$ 69.00
Free 642-532 Demo Download
Test4pass offers free demo for CCSP 642-532 exam (Securing Networks Using Intrusion Prevention Systems Exam (IPS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 642-532 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 642-532 real test . It is the examination of the perfect combination and it will help you pass 642-532 exam at the first time!
Why choose Test4pass 642-532 braindumps
Quality and Value for the 642-532 Exam
100% Guarantee to Pass Your 642-532 Exam
Downloadable, Interactive 642-532 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Cisco CCSP 642-532 exam braindumps questions and answers
¡¡
Exam : Cisco 642-532
Title : Securing Networks Using Intrusion Prevention Systems Exam (IPS)
1. How does a Cisco network sensor detect malicious network activity?
A. by using a blend of intrusion detection technologies
B. by performing in-depth analysis of the protocols that are specified in the packets that are traversing the network
C. by comparing network activity to an established profile of normal network activity
D. by using behavior-based technology that focuses on the behavior of applications
Answer: A
2. Which three values are used to calculate the Risk Rating for an event? (Choose three.)
A. Attack Severity Rating
B. Signature Fidelity Rating
C. Target Value Rating
D. Target Fidelity Rating
E. Reply Ratio
F. Rate
Answer: ABC
3. Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.)
A. on publicly accessible servers
B. on critical network servers
C. at network entry points
D. on user desktops
E. on corporate mail servers
F. on critical network segments
Answer: CF
4. Refer to the exhibit.
You are the security administrator for the network in the exhibit. You want your inline Cisco IPS 4255 sensor to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ.
Which two should you use to accomplish your goal in the most time-efficient manner? (Choose two.)
A. Event Action Filter
B. Signature Fidelity Rating
C. Alert Severity
D. Event Action Override
E. Application Policy
F. Target Value Rating
Answer: DF
5. Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario?
A. lowering the severity level of certain web signatures
B. raising the severity level of certain web signatures
C. disabling all web signatures
D. disabling the Meta Event Generator
E. retiring certain web signatures
Answer: A
6. Which two statements are true about Cisco IPS signatures? (Choose two.)
A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but it can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the sensing engines to rebuild their configuration, which takes time and could delay the processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them.
Answer: AC
7. In which three ways does a Cisco network sensor protect network devices from attacks? (Choose three.)
A. It uses a blend of intrusion detection technologies to detect malicious network activity.
B. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C. It permits or denies traffic into the protected network that is based on access lists that you create on the sensor.
D. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E. It uses behavior-based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.
Answer: ABD
8. What are three differences between inline and promiscuous sensor functionality? (Choose three.)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that is operating in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors.
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.
Answer: AEF
9. Which two are necessary to take into consideration when preparing to tune your sensor? (Choose two.)
A. the security policy
B. the network topology
C. which outside addresses are statically assigned to the servers and which are DHCP addresses
D. the IP addresses of your inside gateway and outside gateway
E. which traffic the sensor denies by default
F. the current configuration for each virtual sensor
Answer: AB
10. What is a configurable weight that is associated with the perceived importance of a network asset?
A. Risk Rating
B. parameter value
C. Target Value Rating
D. severity level
E. storage key
F. rate parameter
Answer: C
11. Your network has only one entry point. However, you are concerned about internal attacks. Select the three best choices for your network. (Choose three.)
A. CSA Agents on corporate mail servers
B. CSA Agents on critical network servers and user desktops
C. the network sensor behind (inside) the corporate firewall
D. the network sensor in front of (outside) the corporate firewall
E. sensor and CSA Agents that report to management and monitoring servers that are located inside the corporate firewall
F. sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall
Answer: BCE
12. What would best mitigate the executable-code exploits that can perform a variety of malicious acts, such as erasing your hard drive?
A. assigning deny actions to signatures that are controlled by the Trojan engines
B. assigning the TCP reset action to signatures that are controlled by the Normalizer engine
C. enabling blocking
D. enabling Application Policy Enforcement
E. assigning blocking actions to signatures that are controlled by the State engine
Answer: A
13. In which file format are IP logs stored?
A. Microsoft Word
B. Microsoft Excel
C. text
D. libpcap
Answer: D
14. Which user account role on a Cisco IPS sensor must you specifically create in order to allow special root access for troubleshooting purposes only?
A. Operator
B. Viewer
C. Service
D. Administrator
Answer: C
Click Online chat to talk with us , get more informations about Cisco CCSP 642-532 practice exam study guides questions and answers
Test4pass 642-532 Exam Features
Quality and Value for the 642-532 Exam
Test4pass Practice Exams for Cisco 642-532 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-532 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCSP 642-532 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Cisco 642-532 Downloadable, Printable Exams (in PDF format)
Our Exam 642-532 Preparation Material provides you everything you will need to take your 642-532 Exam. The 642-532 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
642-532 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-532 Exam will provide you with free 642-532 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-532 Exam:100% Guarantee to Pass Your CCSP exam and get your CCSP Certification.
Test4pass 642-532 examTest4pass 642-532 pdf exam
Test4pass 642-532 braindumps
Test4pass 642-532 study guides
Test4pass 642-532 trainning materials
Test4pass 642-532 simulations
Test4pass 642-532 testing engine
Test4pass 642-532 vce
Test4pass 642-532 torrent
Test4pass 642-532 dumps
free download 642-532
Test4pass 642-532 practice exam
Test4pass 642-532 preparation files
Test4pass 642-532 questions
Test4pass 642-532 answers
http://www.test4pass.com/642-532-exam.html The safer.easier way to get CCSP Certification
.
