You want your inline Cisco IPS appliance to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two parameters should you set to protect your DMZ servers in the most-time-efficient manner? (Choose two.)
A. event action filter
B. reputation filter
C. target value rating
D. signature fidelity rating
E. global correlation
F. event action override
Which Cisco IPS appliance feature is best used to detect these two conditions? 1) The network starts becoming congested by worm traffic. 2) A single worm-infected source enters the network and starts scanning for other vulnerable hosts.
A. global correlation
B. anomaly detection
C. reputation filtering
D. custom signature
E. meta signature
F. threat detection
What will happen if you try to recover the password on the Cisco IPS 4200 Series appliance on which password recovery is disabled?
A. The GRUB menu will be disabled.
B. The ROM monitor command to reset the password will be disabled.
C. The password recovery process will proceed with no errors or warnings; however, the password is not reset.
D. The Cisco IPS appliance will reboot immediately.
Which four networking tools does Cisco IME include that can be invoked for specific events, to learn more about attackers and victims using basic network reconnaissance? (Choose four.)
C. packet tracer
Which two statements are true with respect to the AIP-SSM? (Choose two.)
A. The hosting ASA will always bypass the AIP-SSM if the AIP-SSM fails.
B. The AIP-SSM supports up to four virtual sensors.
C. Initial setup of the AIP-SSM is configured through its external console port.
D. The AIP-SSM supports both promiscuous and inline analysis.
E. The AIP-SSM must be managed by the IPS Device Manager.
Which two statements are true with respect to the AIP-SSC? (Choose two.)
A. The AIP-SSC is a module for the ASA 5510.
B. The AIP-SSC supports a maximum of two virtual sensors.
C. The AIP-SSC supports custom signatures.
D. The AIP-SSC supports fail open.
E. The AIP-SSC supports both promiscuous and inline analysis.
Refer to the exhibit of a partial Cisco IPS appliance CLI configurations, what is the purpose of the access-list CLI command?
A. to define network objects that are used for IPS policy application
B. to specify which traffic will be analyzed on the sensing interfaces of the IPS sensor
C. to configure manually blocked IP addresses
D. to specify trusted management IP addresses for SSH and HTTPS access to the IPS appliance
The AIP-SSM CLI can be accessed from the ASA CLI by using which command?
The Cisco IPS appliance global correlation and reputation filtering features depend on which two of these? (Choose two.)
A. anomaly detection
B. OS fingerprinting
C. Cisco SensorBase
D. watch list ratings
E. event action overrides
Which four statements are true about the Cisco IPS global correlation and reputation filtering features? (Choose four.)
A. Reputation filtering can adjust the risk rating of an alert.
B. Reputation filtering can be set to permissive, standard, or aggressive.
C. Global correlation can be trialed in with a test mode.
D. Reputation filtering can drop packets from untrusted source IP addresses.
E. Both global correlation and reputation filtering leverage Cisco SenderBase.
F. Global correlation can adjust the risk rating of an alert.
Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.