Published on February 26, 2014
P a g e | 1 642 7 2‐627 Imple ementin ng Cisco Intrusio on Preve ention Sy ystem (IPS v7.0) ) Cisco o To purch hase Full version o Practic exam click belo of ce ow; www.ce ertshome.com/6 642‐627‐ ‐practice e‐test.ht tml OR Cisco o 642‐627 Exam C Candidates s WWW.CER RTSHOME.C COM Offer rs Two Prod ducts: FO • First is 6 642‐627 Exam m Questions s And Answers in PDF Format. An Easy to use Prod duct that Con ntains Real 642‐627 Exa am Question ns. • y We have 6 642‐627 Exam Practice T Tests. Secondly • tain Real 64 42‐627 Exam Question but in a Self‐Assess m ns sment Envir ronment. Th here are They also Cont ltiple Practic ce Modes, R Reports, you u can Check your Histor ry as you Take the Test Multiple Tim mes and Mul Man ny More Fea atures. Thes se Products are Prepare ed by Cisco S Subject Mat tter Experts, , Who know w what it Take es to Pass 6 642‐627 Exa am. Moreover, We Prov vide you 100 0% Surety o of Passing 64 42‐627 Exam m in First Atte empt or We e Will give y you your Mo oney Back. Both Products Come W With Free DE EMOS, So go o Ahead and Try Yoursel lf The Variou us Features of the Product.
P a g e | 2 Question: : 1 ree are global correlation network part ticipation mod des? (Choose e three.) Which thr A. off B. partial participation C. reputat tion filtering D. detect E. full part ticipation F. learning g A, B, E Answer: A Explanatio on: www.cisco.com/en/US S/docs/securi ity/ips/7.0/co onfiguration/g guide/idm/idm_collaborat tion.html : 2 Question: DRAG DRO OP Answer: : 3 Question:
P a g e | 3 What are four properties of an IPS signature? (Choose four.) A. reputation rating B. fidelity rating C. summarization strategy D. signature engine E. global correlation mode F. signature ID and signature status Answer: B, C, D, F Explanation: www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ security_manager/3.1/user/guide/ipsvchap.html#wp1912551 Reputation and correaltion are NOT Question: 4 The custom signature ID of a Cisco IPS appliance has which range of values? A. 10000 to 19999 B. 20000 to 29999 C. 50000 to 59999 D. 60000 to 65000 E. 80000 to 90000 F. 1 to 20000 Answer: D Explanation: www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/idm/dmsigwiz.html Signature Identification Field Definitions The following fields and buttons are found in the Signature Identification window of the Custom Signature Wizard. Field Descriptions: •Signature ID—Identifies the unique numerical value assigned to this signature. The signature ID lets the sensor identify a particular signature. The signature ID is reported to the Event Viewer when an alert is generated. The valid range is between 60000 and 65000. Question: 5 When upgrading a Cisco IPS AIM or IPS NME using manual upgrade, what must be performed before installing the upgrade? A. Disable the heartbeat reset on the router. B. Enable fail‐open IPS mode. C. Enable the Router Blade Configuration Protocol. D. Gracefully halt the operating system on the Cisco IPS AIM or IPS NME. Answer: A
P a g e | 4 Explanation: www.cisco.com/en/US/docs/security/ips/7.0/release/notes/18483_01.html Using manual upgrade: –If you want to manually update your sensor, copy the 7.0(1)E3 update files to the directory on the server that your sensor polls for updates. –When you upgrade the AIM IPS or the NME IPS using manual upgrade, you must disable heartbeat reset on the router before installing the upgrade. You can reenable heartbeat reset after you complete the upgrade. If you do not disable heartbeat reset, the upgrade can fail and leave the AIM IPS or the NME IPS in an unknown state, which can require a system reimage to recover. Question: 6 Which Cisco IPS NME interface is visible to the NME module but not visible in the router configuration and acts as the sensing interface of the NME module? A. ids‐sensor 0/1 interface B. ids‐sensor 1/0 interface C. gigabitEthernet 0/1 D. gigabitEthernet 1/0 E. management 0/1 F. management 1/0 Answer: C Explanation: www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_nme.html#wp1057817 Question: 7 Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.) A. Subtract all aggressive actions using event action filters. B. Enable anomaly detection learning mode. C. Enable verbose alerts using event action overrides. D. Decrease the number of events required to trigger the signature. E. Increase the maximum inter‐event interval of the signature. Answer: A, C Explanation: 1 > Remove all agressive actions from all signatures using event action filters 2 > Add verbose alerts using event action overrides 3 > Add logging packets between the attacker and the victim using event action overrides Question: 8 In which CLI configuration mode is the Cisco IPS appliance management IP address configured? A. global configuration ips(config)#
P a g e | 5 B. service network‐access ips(config‐net)# C. service host network‐settings ips(config‐hos‐net)# D. service interface ips(config‐int)# Answer: C Explanation: www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/cli/cli_setup.html#wp1031325 Question: 9 Which four parameters are used to configure how often the Cisco IPS appliance generates alerts when a signature is firing? (Choose four.) A. summary mode B. summary interval C. event count key D. global summary threshold E. summary key F. event count G. summary count H. event alert mode Answer: A, B, D, F Explanation:
P a g e | 6 NB: Watch for Summary Threshold instead of Ev vent Count Question: : 10 Which thr ree Cisco IPS cross‐launch h capabilities do Cisco Security Manage er and Cisco Security MAR RS support? (Choose thre ee.) S signatures in n Cisco Secur rity Manager f from a Cisco Security MAR RS query. A. Edit IPS B. Create custom signa atures in Cisco o Security Ma anager from a a Cisco Securi ity MARS que ery. C. Create event action filters in Cisc co Security Manager from a Cisco Secur rity MARS que ery. rity MARS dro op rule from C Cisco Security y Manager po olicy. D. Create a Cisco Secur rity MARS use er inspection rule from Cis sco Security M Manager polic cy. E. Create a Cisco Secur Cisco Security y MARS from Cisco Securit ty Manager po olicy. F. Query C A, C, F Answer: A Explanatio on: "...MARS creates queries that include a launch p point for CSM M. When CSM M is launched, , you can carry ollowing (cros ss‐connected actions): out the fo Edit an IPS S Signature Add an ev vent action filter to an IPS S configuratio on in Cisco Se ecurity Manag ger and when n you use CSM to cross‐la aunch MARS, you can query events tha at were origin nated by the s signatures in C CSM." my.safarib booksonline.c com/book/ce ertification/cc cnp/9780132372107/integ grating‐cisco‐ ‐ips‐with‐csm‐ andcisco‐security‐mars s/435# : 11 Question:
P a g e | 7 Which statement about inline VLAN pair deployment with the Cisco IPS 4200 Series appliance is true? A. The sensing interface acts as an 802.1q trunk port, and the Cisco IPS appliance performs VLAN translation between pairs of VLANs. B. The Cisco IPS appliance connects to two physically distinct switches using two paired physical interfaces. C. Two sensing interfaces connect to the same switch that forwards traffic between two VLANs. D. The pair of sensing interfaces can be selectively divided (virtualized) into multiple logical "wires" by VLANs that can be analyzed separately Answer: A Question: 12 Which four statements about Cisco IPS appliance anomaly detection histograms are true? (Choose four.) A. Histograms are learned or configured manually. B. Destination IP address row is the same for all histograms. C. Source IP address row can be learned or configured. D. Anomaly detection only builds a single histogram for all services in a zone. E. You can enable a separate histogram and scanner threshold for specific services, or use the default one for all other services F. Anomaly detection histograms only track source (attacker) IP addresses. Answer: A, B, C, E
P a g e | 8 CERT TSHOME Exam F E Features: : - CERTSHO C OME offers over 3500 Certification exams for professionals. s 0 50000+ Cu 5 ustomer fee edbacks inv volved in Pr roduct. A Average 10 00% Succe Rate. ess O Over 170 G Global Certification Ve endors Cove ered. S Services of Professional & Certified E Experts av vailable via support. F Free 90 da ays update to match real exam scenarios. es Instant Dow wnload Ac ccess! No S Setup requi ired. E Exam Histo and Pro ory ogress rep ports. V Verified an nswers rese earched by industry ex y xperts. S Study Material update on regula basis. ed ar Q Questions / Answers a downloa are adable in PDF format. P Practice / E Exam are do ownloadabl in Practice Test So le oftware form mat. C Customize your exam based on your object e m tives. S Self-Asses ssment feat tures. G Guaranteed Success d s. F Fast, helpfu support 2 ul 24x7. View list of All certification exa t ams offered d; www.ce ertshome.c com/all_certifications s.php Downloa Any Van ad nder Exam DEMO. www.ce ertshome.c com/all_certifications s-2.php Contact Us any Tim click bel me low; www.ce ertshome.c com/contac ctus.php AND MA ANY Other rs... See Co omplete Lis Here........ st
Buy 642-627 Exam Questions & Practice Tests by ... 642-627 Exam Question and Answers (PDF ... The Cisco 642-627 exam preparation material from ...
... Recently Updated Cisco 642-627 Exam Questions and ... Free Cisco 642-627 Demo. ... with our interactive software demo of your Cisco 642-627 exam.
Cisco 642-627 exam pdf ts, they sting with 642-627 demo free download the crowd slowly 642-627 Real Exam Questions and Answers toward the 642-627 ...
642-627 PDf is for Implementing ... 642-627 90 Days Free ... and have all the learning of modifications of the 642-627 exam questions ...
Prepare Cisco 642-627 exam in an easy way with ITExamVCE materials. 642-627 demo free download. ... 642-627 Questions & Answers. Vendor: ...
Pass your 642-627 exam with real Cisco 642-627 Exam Questions and Answers. Try 642-627 exam free ... Delivered in simple PDF ... Try 642-627 exam free demo ...
Cisco 642-627 Dumps - in .pdf . Printable 642-627 PDF Format; Prepared by 642-627 Experts; Instant Access to Download; Try free 642-627 pdf demo; Free Updates
... exam questions and 642-627 braindumps from Passleader. Pass the Cisco 642-627 exam with our 642-627 dumps. Free try the demo. ... "Implementing Cisco ...
Free study guide for exam .642-627 ... 642-627 Exam Questions & Answers. Exam Code: 642-627 ... started with our PDF real exam demo of your Cisco 642-627 ...
642-627 real latest exam questions and ... the many PDF readers that are available for free. ... 642-627 :- I went through many online demos for online ...