You are tasked to create a custom IPS signature using the IDM Custom Signature Wizard to detect a network reconnaissance attack in which one system makes connections to multiple hosts on multiple TCP ports. Which Cisco IPS signature engine should be selected to configure this custom IPS signature?
A. Atomic IP
B. Atomic IP Advanced
C. String TCP
All signatures in the Cisco IPS signature set include which three parameters that can be tuned according to the environment? (Choose three.)
A. vulnerable OS list
B. alert severity rating
C. inline mode delta
D. signature fidelity rating
E. threat rating
Which Cisco IPS signature parameter cannot be edited using IDM?
A. signature name
B. signature engine type
C. signature type
D. vulnerable OS list
E. event count key
Which two IPS appliance configuration options are used in conjunction with the attack relevance rating feature? (Choose two.)
A. OS mappings
B. OS risk category levels
C. passive OS fingerprinting
D. OS target value rating
E. OS event action filter
F. OS event action override
Which three of these are true with respect to the numeric values associated with the target value rating? (Choose three.)
A. Mission Critical = 100
B. Mission Critical = 200
C. High = 75
D. Medium = 50
E. Low = 75
F. 100 is the default target value rating
The threat rating is calculated using which two factors? (Choose two.)
A. event action overrides
B. attack severity rating
C. risk rating
D. preventative actions taken by the Cisco IPS sensor
E. target value rating
F. attack relevancy rating
Which of these depicts the correct process order of the Cisco IPS reputation filters and global correlation operations?
A. IPS reputation filters > signature inspection > global correlation
B. IPS reputation filters > global correlation > signature inspection
C. global correlation > IPS reputation filters > signature inspection
D. signature inspection > IPS reputation filters > global correlation
What are the three valid options for configuring Cisco SensorBase participation? (Choose three.)
Refer to the exhibit.
Which statement is true about the IPS signature shown?
A. To match a string, the regular expression requires zero or more period characters (.) to immediately precede the newline character.
B. A summary alert is sent once during each interval for each unique Summary Key entry.
C. An alert is generated each time the signature triggers.
D. This signature does not fire until three events are seen during 60 minutes with the same attacker and victim IP addresses and ports.
E. This signature does not analyze traffic that is sent from the SMTP server to the client.
Refer to the exhibit.
A. The Service HTTP engine is disabled.
B. The Cisco IPS sensor will send an alert if an attacker makes more than 10 HTTP requests to a single target server.
C. The IP logging feature has been disabled by setting the Max IP Log Packets and Max IP Log Bytes to 0.
D. Application inspection and control for HTTP is disabled.
E. Automatic IP Log actions will capture the specified traffic for 30 minutes.
Download Latest CCNP 642-627 Real Free Tests , help you to pass exam 100%.