Latest CCNP Security 642-627 Real Exam Download 41-50

Ensurepass

QUESTION 41 DRAG DROP

clip_image002Answer:

clip_image004

 

 

QUESTION 42

On the Cisco IPS appliance, each virtual sensor can have its own instance of which three parameters? (Choose three.)

 

A.      signature-definition

B.      event-action-rules

C.      global-correlation-rules

D.      anomaly-detection

E.       reputation-filters

F.       external-product-interfaces

 

Answer: A,B,D

 

 

QUESTION 43 DRAG DROP

clip_image006Answer:

clip_image008

 

 

QUESTION 44

Refer to the exhibit. What happens when you click the Cisco Security MARS icon on the Cisco Security MARS query result screen?

 

A.      Cross-launch Cisco Security Manager to link the Cisco Security MARS event back to the IPS signature and policy within the Cisco Security Manager that triggered it.

B.      Cross-launch Cisco IDM so the signature that triggered it can be examined.

C.      Cross-launch Cisco IDM to show the corresponding IPS alerts.

D.      Cross-launch Cisco Security Manager to show the corresponding IPS alerts.

E.       Cross-launch Cisco IME so the signature that triggered it can be examined.

 

Answer: A

 

 

QUESTION 45

Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three.)

 

A.      only operates in inline modes

B.      ensures that Layer 4 to Layer 7 traffic conforms to the protocol specifications

C.      tracks session states and stops packets that do not fully match session state

D.      modifies ambiguously fragmented IP traffic

E.       cannot analyze asymmetric traffic flows

 

Answer: A,C,D

 

 

QUESTION 46

Refer to the exhibit. What does the Deny Percentage setting affect?

clip_image010

A.      the percentage of the signatures to be tuned by the event action filter

B.      the percentage of the Risk Rating value to be tuned by the event action filter

C.      the percentage of packets to be denied for the deny attacker actions

D.      the percentage of the signatures to be tuned by the event action overrides

 

Answer: C

 

 

QUESTION 47

Which protocol is used by Encapsulated Remote SPAN?

 

A.      ESP

B.      GRE

C.      TLS

D.      STP

E.       VTI

F.       802.1Q

 

Answer: B

 

 

QUESTION 48

In which three ways can you achieve better Cisco IPS appliance performance? (Choose three.)

 

A.      Place the Cisco IPS appliance behind a firewall.

B.      Disable unneeded signatures.

C.      Enable unidirectional capture.

D.      Have multiple Cisco IPS appliances in the path and configure them to detect different types of events

E.       Enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series appliance.

F.       Enable all anti-evasive measures to reduce noise.

 

Answer: A,B,D

 

 

QUESTION 49

What must be configured to enable Cisco IPS appliance reputation filtering and global correlation?

 

A.      DNS server(s) IP address

B.      full sensor based network participation

C.      trusted hosts settings

D.      external product interfaces settings

 

Answer: A

 

 

QUESTION 50

What is a best practice to follow before tuning a Cisco IPS signature?

 

A.      Disable all the alert actions on the signature to be tuned.

B.      Disable the signature to be tuned.

C.      Create a clone of the signature to be tuned.

D.      Increase the number of events required to trigger the signature to be tuned.

E.       Decrease the attention span (maximum inter-event interval) of the signature to be tuned

 

Answer: C

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.