Latest CCNP Security 642-627 Real Exam Download 1-10

Ensurepass

QUESTION 1

Which three are global correlation network participation modes? (Choose three.)

 

A.      off

B.      partial participation

C.      reputation filtering

D.      detect

E.       full participation

F.       learning

 

Answer: A,B,E

 

 

QUESTION 2 DRAG DROP

clip_image002

Answer:

clip_image004

 

 

QUESTION 3

What are four properties of an IPS signature? (Choose four.)

 

A.      reputation rating

B.      fidelity rating

C.      summarization strategy

D.      signature engine

E.       global correlation mode

F.       signature ID and signature status

 

Answer: B,C,D,F

 

 

QUESTION 4

The custom signature ID of a Cisco IPS appliance has which range of values?

 

A.      10000 to 19999

B.      20000 to 29999

C.      50000 to 59999

D.      60000 to 65000

E.       80000 to 90000

F.       1 to 20000

 

Answer: D

 

 

QUESTION 5

When upgrading a Cisco IPS AIM or IPS NME using manual upgrade, what must be performed before installing the upgrade?

 

A.      Disable the heartbeat reset on the router.

B.      Enable fail-open IPS mode.

C.      Enable the Router Blade Configuration Protocol.

D.      Gracefully halt the operating system on the Cisco IPS AIM or IPS NME.

 

Answer: A

 

 

QUESTION 6

Which Cisco IPS NME interface is visible to the NME module but not visible in the router configuration and acts as the sensing interface of the NME module?

 

A.      ids-sensor 0/1 interface

B.      ids-sensor 1/0 interface

C.      gigabitEthernet 0/1

D.      gigabitEthernet 1/0

E.       management 0/1

F.       management 1/0

 

Answer: C

 

 

QUESTION 7

Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.)

 

A.      Subtract all aggressive actions using event action filters.

B.      Enable anomaly detection learning mode.

C.      Enable verbose alerts using event action overrides.

D.      Decrease the number of events required to trigger the signature.

E.       Increase the maximum inter-event interval of the signature.

 

Answer: A,C

 

 

QUESTION 8

In which CLI configuration mode is the Cisco IPS appliance management IP address configured?

 

A.      global configuration

ips(config)#

B.      service network-access

ips(config-net)#

C.      service host network-settings

ips(config-hos-net)#

D.      service interface

ips(config-int)#

 

Answer: C

 

 

QUESTION 9

Which four parameters are used to configure how often the Cisco IPS appliance generates alerts when a signature is firing? (Choose four.)

 

A.      summary mode

B.      summary interval

C.      event count key

D.      global summary threshold

E.       summary key

F.       event count

G.      summary count

H.      event alert mode

 

Answer: A,B,D,F

 

 

QUESTION 10

Which three Cisco IPS cross-launch capabilities do Cisco Security Manager and Cisco Security

MARS support? (Choose three.)

 

A.      Edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query.

B.      Create custom signatures in Cisco Security Manager from a Cisco Security MARS query.

C.      Create event action filters in Cisco Security Manager from a Cisco Security MARS query.

D.      Create a Cisco Security MARS drop rule from Cisco Security Manager policy.

E.       Create a Cisco Security MARS user inspection rule from Cisco Security Manager policy.

F.       Query Cisco Security MARS from Cisco Security Manager policy.

 

Answer: A,C,F

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.