Cisco 642-533 New Questions, 100% Success Rate Cisco 642-533 Questions And Answers With Low Price

Hi,I just took CCNA Cisco 642-533 test and passed with a great score.All examcollection and securitytut dump are no longer valid anymore.I recommend studying Exampass Premium VCE.I can confirm that all Cisco 642-533 new questions appear on my test. Keep up the good work and good luck!

QUESTION 50
Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)
A. A license key is required to obtain signature updates
B. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90 days C. A Cisco Services for IPS contract must be purchased to obtain signature updates
D. The Cisco ASA 5500 Series does not require a Cisco Services for IPS Contract When a valid SMTARTnet contract exists
E. Cisco IDM requires a valid license key to operate normally

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
In Cisco IDM, the Configuration> Sensor Setup> SSH> Known Host Keys Screen is used for what purpose?
A. To enable communications with a blocking device
B. To enable communications with the Master Blocking Sensor
C. To regenerate the Cisco IPS Sensor SSH host key
D. To regenerate the Cisco IPS Sensor SSL RSA key pair
E. To enable management hosts to access the Cisco IPS Sensor

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which three of the following are tuning parameters that affect the Cisco IPS Sensor globally? (Choose three.)
A. TCP Stream reassembly
B. Meta reset interval
C. IP logging
D. IP Fragment reassembly
E. Alert frequency
F. Alert summarization

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which statement is true about inline sensor functionality?
A. If your sensor has a sufficient number of monitoring interfaces, you can use inline and promiscuous modes simultaneously
B. If you switch a sensor between inline and promiscuous modes, you must reboot the sensor
C. Any sensor that supports inline functionality can operate in either inline or promiscuous mode, but not in both modes simultaneously
D. Inline functionality is available on any sensor that supports Cisco IPS Sensor Software Version 5.0 or later
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 54
DRAG DROP You work as a network technician at Certkiller .com. Your boss, Mrs. Certkiller, is interested in evasive techniques. Match the techniques with proper categories.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 55

Which statement is correct if “use Threat Rating Adjustment” is enabled from the Event Action Rules > rules0 > General Settings menu?
A. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the attack relevancy rating
B. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the target value rating
C. The threat rating adjustment will enable a fast way to add event actions based on the risk rating
D. The threat rating adjustment will be subtracted from the risk rating based on the action taken by the IPS sensor to produce the threat rating
E. The risk rating will be adjusted by the addition of the threat rating adjustment based on the action taken by the Cisco IPS Sensor

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Exhibit

: Your work as a network technician at Certkiller .com. Study the exhibit carefully. Which three statements correctly describe the configuration depicted in this Cisco IDM Virtual sensors list? (Choose three.)
A. Inline dropping of packets can occur on the Gig0/0.1 sub-interface B. The vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201
C. The Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode simultaneously
D. The Vs1 virtual sensor is misconfigured for inline operations since only one sub-interface is assigned to vs1
E. Inline dropping of packets can occur on the Gig0/2.0 sub-interface or Gig0/3.0 sub-interface or both
F. Sub-interface Gig0/2.0 and Gig0/3.0 are operating in IPS mode

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 57
You think users on your corporate network are disguising the user of file-sharing applications by tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?
A. Enable all signature in the Service HTTP engine. Then create an event action override that adds the Deny packet inline action to events triggered by these signatures if the traffic originates form your corporate network
B. Enable all signatures in the Service HTTP engine
C. Assign the Deny Packet inline action to all signatures in the service HTTP Engine
D. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Override that adds the Deny Packet inline action to event triggered by the signature if the traffic originates from your corporate network
E. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 58
You want to create multiple event filters that use the same parameter value. What would be the most efficient way to accomplish this task?
A. Create an event variable
B. Create a global variable
C. Create a target value rating
D. Clone and edit an event filter

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which three statements accurately describe Cisco IPS 6.0 Sensor Anomaly Detection? ( Choose three.)
A. It sub-divides the network into two zones (internal and external)
B. It is used to identify worms which spread by scanning the network
C. In the Anomaly Detection histograms, the number of destination IP Addresses is predefined
D. In the anomaly detection histograms, the number of source IP Addresses is either learned or configured by the user
E. Anomaly detection signatures have three sub-signatures (single scanner, multiple scanners and worms outbreak)
F. It has three modes; learn mode, detect mode and attack mode

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Exhibit

Your work as a network technician at Certkiller .com. Study the exhibit carefully. As an administrator, you need to change the Event Action and Event Count settings for signature 1108 in the sig1 instance. Which of the following should you select to view and change the required parameters?
A. Signature Variable tab
B. Actions button
C. Miscellaneous tab
D. Edit button

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Exhibit : Your work as a network technician at Certkiller .com. Study the exhibit carefully. Based on this partial CLI output from Certkiller 2, what can be determined about anomaly detection?

A. Learning mode has expired and the sensor is running normally
B. Learning mode has been manually disabled
C. The virtual sensor Vs1 has learned normal traffic patterns and is currently in detection mode
D. An attach is in progress and learning mode has been automatically disabled

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which statement accurately describes what the External Product interface feature included in the Cisco IPS 6.0 software release allows the Cisco IPS Sensor to do?
A. Collaborate with Cisco Security Manager for Centralized events management
B. Receive host postures and quarantined IP Address events from the CiscoWorks Management Center for Cisco Security Agent
C. Have Cisco IEV subscribe to it and receive events from it
D. Perform Anomaly Detection by receiving events from external sources
E. Collaborate with Cisco Security MARS for incident Investigations

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 63
You have configured your sensor to use risk ratings to determine when to deny traffic into the network. How could you best leverage this configuration to provide the highest level of protection for the mission-critical web server on you DMZ?
A. Assign a target value rating of Mission Critical to the Web Server
B. Create an Event Action Filer for the web server
C. Assign deny actions to all signatures with risk ratings and specify the IP Address of the Web Server as the destination Address parameter for each of those signatures
D. Create a risk rating for the web server and assign a value of High to the risk rating
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 64
DRAG DROP You work as a network technician at Certkiller .com. Your boss, Mrs. Certkiller, is interested firewall sensor placement. Match the options with the proper sensor placement.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Certkiller .com, Scenario
Network Topology Exhibit:
IPS Sensor Exhibit:

You work as a network engineer at Certkiller .com. Your boss, Mrs. Certkiller, has asked to answer some
questions regarding the IPS sensors on the Certkiller .com WAN. In order to be able to answer her
questions you need to study both the network topology exhibit and the IPS Sensor exhbit.
Certkiller .com (6 Questions)

QUESTION 65
Exhibit:

Please study the exhibit carefully.
How many hosts belonging to the internal zone on TCP port 8081 needs to be scanned by a single
scanner before the anomaly detection configuration for vs1 will fire an alert?

A. 1000 or more hosts
B. 3 or more hosts
C. 500 or more hosts
D. 250 or more hosts
E. 9 or more hosts
F. 150 or more hosts
G. 200 or more hosts
H. 6 or more hosts

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Exhibit:

Please study the exhibit carefully.
Consider the IPS Sensor/CSANC communications configuration. What can be said? Select three.

A. Any attacks triggered by a host on the watch list will have its risk rating decreased by
B. The 172.26.26.51 management station is the CSAMC
C. TCP port 80 is used to communicate with the CSAMC
D. The username used to login to the CSAMC is “testing”
E. Watch list information is allowed to be passed from the CSAMC to the IPS sensor.
F. Host Postures information is not allowed to be passed from the CSAMC to the IPS sensor

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Exhibit:

Please study the exhibit carefully.
Consider parameter settings of the signature 1204 for the default signature definition. Which three are
correct? Select three.

A. Deny Packet Inline
B. Severity=informational
C. Fidelity Rating=85
D. Serverity=medium
E. Fidelity Rating=100
F. Base RR=63

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Exhibit:

Please study the exhibit carefully.
In regard to the virtual sensors configurations on the IPS sensors, select two correct statements. Choose
two.

A. vs1 operates inline between vlan 102 and vlan 201
B. vs0 and vs1 shares the same signature definition instance (vs0)
C. vs1 uses inline interface-pairs
D. vs0 was created by the system administrator
E. vs1 uses the ad1 anonly detection instance

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Exhibit:

Please study the exhibit carefully.
Which is the maximum figure of open IP log files that the sensor will permit?

A. 0
B. Unlimited
C. 1
D. 20
E. 50
F. 5
G. 15
H. 100
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Exhibit: Please study the exhibit carefully. Study the configuration for vs1 carefully. Which operating system type is the 172.26.26.51 host OS fingerprinting manually configured as?

A. CPM
B. AIX
C. Solaris
D. Mac OS
E. Linux
F. Windows
G. HP UX

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
MIXED QUESTION.
QUESTION 71
A new IDSM2 module was installed in the Certkiller network. Which of the following features regarding the IDSM2 is true?
A. IDSM2 needs a separate management package
B. IDSM2 is limited to 62 signatures
C. IDSM2 can drop offending packets
D. IDSM2 makes use of the same code as the network appliance E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
IDSM-2 provides the following capabilities or features:

-Merged switching and security into a single chassis
-Ability to monitor multiple VLANs
-Does not impact switch performance
-Attacks and signatures equal to appliance sensor
-Uses the same code base of the appliance sensor
-Support for improved management techniques such as IDM Reference: Cisco Press CCSP CSIDS Guide, 2nd edition page 199
QUESTION 72
Please refer to the exhibit.
A new NM-CIDS module is being inserted into the Certkiller network. Which versions of Cisco IOS software
is needed to support the NM-CIDS module?

A. 3.1 and above.
B. 4.1 and above
C. 4.0 and above
D. 2.0 and above
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 73
A new Certkiller IPS sensor is being configured for inline operation. Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three)
A. Disable all interfaces except the inline pair
B. Add the inline pair to the default virtual sensor
C. Enable two interfaces for the pair
D. Disable any interfaces that are operating in promiscuous mode.
E. Create the interface pair
F. Configure an alternate TCP-reset interface.

Correct Answer: BCE Section: (none) Explanation Explanation/Reference:
Explanation: Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device. In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature. To configure the interfaces for inline operation, you will need to create the interface pair, enable the two interfaces, and add the inline interface pair to the default sensor. Reference: Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1, Cisco Documentation, page 5-11.
QUESTION 74
The Certkiller security administrator is determining whether to configure a new sensor in inline or promiscuous mode. What are three differences between inline and promiscuous sensor functionality? (Choose three)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that operates in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors.
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
Explanation: In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the promiscuous-based sensor can apply an ACL modification on a managed device (such as a firewall, switch, or router). Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device. In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ products_configuration_guide_chapter09186a00805
QUESTION 75
New Cisco IPS sensors are being deployed within the Certkiller network. Which of the following are appropriate installation points for a Cisco IPS sensor? (Choose two)
A. On publicly accessible servers
B. On critical network servers
C. At network entry points
D. On user desktops
E. On corporate mail servers
F. On critical network segments

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
Explanation: IPS sensors are designed to be placed at Network entry points and on critical network sensors. The sensor is designed to monitor all traffic crossing a given network segment. You must consider all external network connections and remote access points you want to protect. Each of the four network entry locations includes the following:
1.
Internet Connections
2.
Extranets
3.
Intranets
4.
Remote Access
The most common sensor deployment location is between the trusted internal network and the Internet.
This deployment strategy is referred to as perimeter protection and the sensor is commonly paired with
one or more firewalls to enforce security policies.
Incorrect Answers:
A, B, D, E: Cisco network based sensors are designed to be placed on network segments, not on
individual hosts such as desktops or servers. Host based IDS/IPS applications should be used on these
types of devices.
Reference: CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide by Robert E.
Larson and Lance Cockcroft, ISBN:0072226919.

Flydumps Cisco 642-533 exam dumps are audited by our certified subject matter experts and published authors for development.Flydumps Cisco 642-533 exam dumps are one of the highest quality Cisco 642-533 Q&As in the world. It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass Cisco 642-533 exam at first attempt.