Latest CCNP Security 642-627 Real Exam Download 91-100

Ensurepass

QUESTION 91

You are tasked to create a custom IPS signature using the IDM Custom Signature Wizard to detect a network reconnaissance attack in which one system makes connections to multiple hosts on multiple TCP ports. Which Cisco IPS signature engine should be selected to configure this custom IPS signature?

 

A.      Atomic IP

B.      Atomic IP Advanced

C.      String TCP

D.      Sweep

E.       Meta

 

Answer: D

 

 

QUESTION 92

All signatures in the Cisco IPS signature set include which three parameters that can be tuned according to the environment? (Choose three.)

 

A.      vulnerable OS list

B.      alert severity rating

C.      inline mode delta

D.      signature fidelity rating

E.       threat rating

 

Answer: A,B,D

 

 

QUESTION 93

Which Cisco IPS signature parameter cannot be edited using IDM?

 

A.      signature name

B.      signature engine type

C.      signature type

D.      vulnerable OS list

E.       event count key

 

Answer: B

 

 

QUESTION 94

Which two IPS appliance configuration options are used in conjunction with the attack relevance rating feature? (Choose two.)

 

A.      OS mappings

B.      OS risk category levels

C.      passive OS fingerprinting

D.      OS target value rating

E.       OS event action filter

F.       OS event action override

 

Answer: A,C

 

 

QUESTION 95

Which three of these are true with respect to the numeric values associated with the target value rating? (Choose three.)

 

A.      Mission Critical = 100

B.      Mission Critical = 200

C.      High = 75

D.      Medium = 50

E.       Low = 75

F.       100 is the default target value rating

 

Answer: B,E,F

 

 

QUESTION 96

The threat rating is calculated using which two factors? (Choose two.)

 

A.      event action overrides

B.      attack severity rating

C.      risk rating

D.      preventative actions taken by the Cisco IPS sensor

E.       target value rating

F.       attack relevancy rating

 

Answer: C,D

 

 

QUESTION 97

Which of these depicts the correct process order of the Cisco IPS reputation filters and global correlation operations?

 

A.      IPS reputation filters > signature inspection > global correlation

B.      IPS reputation filters > global correlation > signature inspection

C.      global correlation > IPS reputation filters > signature inspection

D.      signature inspection > IPS reputation filters > global correlation

 

Answer: A

 

 

QUESTION 98

What are the three valid options for configuring Cisco SensorBase participation? (Choose three.)

 

A.      off

B.      test

C.      manual

D.      automatic

E.       partial

F.       full

 

Answer: A,E,F

 

 

QUESTION 99

Refer to the exhibit.

clip_image002

Which statement is true about the IPS signature shown?

 

A.      To match a string, the regular expression requires zero or more period characters (.) to immediately precede the newline character.

B.      A summary alert is sent once during each interval for each unique Summary Key entry.

C.      An alert is generated each time the signature triggers.

D.      This signature does not fire until three events are seen during 60 minutes with the same attacker and victim IP addresses and ports.

E.       This signature does not analyze traffic that is sent from the SMTP server to the client.

 

Answer: D

 

 

QUESTION 100

Refer to the exhibit.

clip_image004Which statement is true?

 

A.      The Service HTTP engine is disabled.

B.      The Cisco IPS sensor will send an alert if an attacker makes more than 10 HTTP requests to a single target server.

C.      The IP logging feature has been disabled by setting the Max IP Log Packets and Max IP Log Bytes to 0.

D.      Application inspection and control for HTTP is disabled.

E.       Automatic IP Log actions will capture the specified traffic for 30 minutes.

 

Answer: D

 

Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.