Cisco 642-533 Vce Dumps, Recenty Updated Cisco 642-533 Demo Questions And Answers Is What You Need To Take

Welcome to download the newest Pass4itsure sk0-003 VCE dumps: http://www.pass4itsure.com/sk0-003.html

With the help of Cisco 642-533 exam sample questions, candidates can measure themselves accurately against the pass requirement, track their progress and know that they’re ready for the exam not only this if you want to know the style of the exam interface and get some other Cisco 642-533 test prep help then you can use exam questions. The Cisco 642-533 exam materials interface provided by this tool is actually better than the real thing.

QUESTION 76
A Cisco IPS sensor has detected a large amount of malicious activity on the Certkiller network. How does a Cisco network sensor detect malicious network activity? (Select the best answer)
A. By using a blend of intrusion detection technologies
B. By performing in-depth analysis of the protocols that are specified in the packets that are traversing the network
C. By comparing network activity to an established profile of normal network activity
D. By using behavior-based technology that focuses on the behavior of applications

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Network based IDS (NIDS) uses a blend of leading intrusion detection technologies, and provide the
following benefits:

1. Comprehensive Threat Protection Multiple detection methods – Cisco uses multiple methods to accurately detect threats, including stateful pattern recognition, protocol analysis, traffic anomaly detection, and protocol anomaly detection. Additionally, Cisco IDS delivers a Layer 2 signature engine to provide protection from Address Resolution Protocol (ARP) spoofing techniques.
1. Extensive protocol monitoring All major TCP/IP protocols are monitored, including IP, Internet Control Message Protocol (ICMP), TCP, and User Datagram Protocol (UDP). Cisco IDS 4.x also statefully decodes application layer protocols, such as FTP, Simple Mail Transfer Protocol (SMTP), HTTP, Domain Name System (DNS), remote-procedure call (RPC), NetBIOS, Network News Transport Protocol (NNTP), Telnet, and peer-to-peer (P2P).
1. Comprehensive attack detection Cisco has the most comprehensive detection capabilities when detecting both the exploitation activity indicative of attempts to gain access or compromise network systems and DoS activity indicative of attempts to consume bandwidth or compute resources to disrupt normal operations. Add to that its ability to detect activity indicative of attempts to probe or map your network to identify targets, such as ping sweeps and port sweeps as well as misuse activity indicative of attempts to violate corporate policy; detected by configuring the sensor to look for custom text strings in the network traffic.
1. Damage Prevention Cisco responds immediately to stop attacks that can cost you time and money. After an attack is accurately identified and classified, the system can deny the intruder by dropping the packet, terminating the session, reconfiguring access control lists (ACLs) on routers and switches, or dynamically modifying the firewall policy. Additionally, Cisco IDS 4.x blocks source and destination port numbers as well as source and destination IP addresses. Reference: http://s2s.ltd.uk/technology-ids.htm
QUESTION 77
The new Certkiller trainee technician wants to know which signature description best describes a string signature engine. What would your reply be?
A. Layer 5, 6, and 7 services that require protocol analysis.
B. Regular expression-based pattern inspection for multiple transport protocols.
C. Network reconnaissance detection.
D. State-based, regular expression-based, pattern inspection and alarm functionality for TCP streams.
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The STRING engine provides regular expression-based pattern inspection and alarm functionality for multiple transport protocols including TCP, UDP and ICMP. Regular expressions are a powerful and flexible notational language that allow you to describe text. In the context of pattern matching, regular expressions allow a succinct description of any arbitrary pattern. Regular expressions are compiled into a data structure called a pattern matcher, which is then used to match patterns in data. The STRING engine is a generic string-based pattern matching inspection engine for TCP, UDP, and ICMP protocols. This STRING engine uses a new Regex engine that can combine multiple patterns into a single pattern-matching table allowing for a single search through the data. The new regex has the alternation “|” operator also known as the OR operator. There are three STRING engines: STRING.TCP, STRING.UDP, and STRING.ICMP.
QUESTION 78
When designing IP blocking for the Certkiller network using different Intrusion technologies, why should you consider entry points?
A. They provide different avenues for the attacker to attack your networks.
B. They prevent all denial of service attacks.
C. They are considered critical hosts and should not be blocked.
D. They provide a method for the Sensor to route through the subnet to the managed router.
E. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Today’s networks have several entry points to provide reliability, redundancy, and resilience. These entry points also represent different avenues for the attacker to attack your network. You must identify all the entry points into your network and decide whether they need to also participate in IP blocking. Note: It is recommended that Sensors be placed at those network entry and exit points that provide sufficient intrusion detection coverage. Reference: Cisco Secure Intrusion Detection System, Cisco Press, page 467
QUESTION 79
Many hackers use Denial of Service attacks in conjunction with a specific attack. Why would an attacker saturate the network with noise while simultaneously launching an attack?
A. It causes the Cisco IDS to fire multiple false negative alarms.
B. An attack may go undetected.
C. It will have no effect on the ability of the sensor to detect attacks.
D. It will initiate asymmetric attack techniques.
E. It will force the sensors into Bypass mode so that future attacks go undetected.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Saturating the network with bogus traffic is an example of a DoS or a DDos attack. The goal of denial of service attacks is not to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it. A denial of service attack can come in many forms. Attackers may “flood” a network with large volumes of data or deliberately consume a scarce or limited resource such as process control blocks or pending network connections. They may also disrupt physical components of the network or manipulate data in transit, including encrypted data. The underlying purpose to a denial of service attack is to bog down a system by giving it too much information to process quickly enough. While this attack is occurring, an attacker could also attempt to perform another, specifically targeted attack. Reference: Cisco 642-532 IPS Courseware, page 3-24
QUESTION 80
Which of the following types of attacks is typical of an intruder who is targeting networks of systems in an effort to retrieve data or enhance their privileges within a specific network?
A. Access attack
B. Denial of Service attack
C. Man in the middle attack
D. Authorization attack
E. Reconnaissance attack
F. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Access Attacks:
Access is a broad term used to describe any attack that requires the intruder to gain unauthorized access
to a secure system with the intent to manipulate data, elevate privileges, or simply access the system. The
term “access attack” is used to describe any attempt to gain system access, perform data manipulation, or
elevate privileges.
System Access Attacks:
System access is the act of gaining unauthorized access to a system for which the attacker doesn’t have a
user account. Hackers usually gain access to a device by running a script or a hacking tool, or exploiting a
known vulnerability of an application or service running on the host.
Data Manipulation Access Attacks:
Data manipulation occurs when an intruder simply reads, copies, writes, deletes, or changes data that isn’t
intended to be accessible by the intruder. This could be as simple as finding a share on a Windows 9x or
NT computer, or as difficult as attempting to gain access to a credit bureau’s information, or breaking into
the department of motor vehicles to change a driving record.
Elevating Privileges Access Attacks:
Elevating privileges is a common type of attack. By elevating privileges an intruder can gain access to files,
folders or application data that the user account was not initially granted access to. Once the hacker has
gained a high-enough level of access, they can install applications, such as backdoors and Trojan horses,

to allow further access and reconnaissance.
Reference: CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide

QUESTION 81
What reconnaissance methods are used to discover mail servers running SMTP and SNMP? (Choose two)
A. TCP scans for port 25
B. UDP scans for port 25
C. UDP scans for port 161
D. ICMP sweeps for port 25
E. ICMP sweeps for port 161

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: If the public SMTP server were compromised, a hacker might try to attack the internal mail server over TCP port 25, which is permitted to allow mail transfer between the two hosts. SNMP is a network management protocol that can be used to retrieve information from a network device (commonly referred to as read-only access) or to remotely configure parameters on the device (commonly referred to as read-write access). SNMP agents listen on UDP port 161. Reference: SAFE Blueprint for Small, Midsize, and Remote-User Networks
QUESTION 82
Which of the following describes the evasive technique whereby control characters are sent to disguise an attack?
A. Flooding
B. Fragmentation
C. Obfuscation
D. Exceeding maximum transmission unit size
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Intrusion Detection Systems inspect network traffic for suspect or malicious packet formats, data payloads and traffic patterns. Intrusion detection systems typically implement obfuscation defense – ensuring that suspect packets cannot easily be disguised with UTF and/or hex encoding and bypass the Intrusion Detection systems. Recently, the Code Red worm has targeted an unpatched vulnerability with many Microsoft IIS systems and also highlighted a different encoding technique supported by Microsoft IIS systems. Reference: Cisco CIDS Courseware, page 3-27
QUESTION 83
DRAG DROP
Click and drag the security technology on the left to its corresponding description on the right.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

QUESTION 84
New Cisco 4200 sensors were installed in the Certkiller network for network security purposes. In which three ways does a Cisco network sensor protect network devices from attacks? (Choose three)
A. It uses a blend of intrusion detection technologies to detect malicious network activity.
B. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C. It permits or denies traffic into the protected network that is based on access lists that you create on the sensor.
D. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E. It uses behavior-based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.

Correct Answer: ABD Section: (none)
Explanation
Explanation/Reference:
Explanation: The Cisco IOS IDS is as an integrated intrusion detection sensor, watching packets and sessions as they flow through the router, scanning each to match the IDS signatures. Upon detection of suspicious activity, the Cisco IOS IDS responds before network security can be compromised and sends alarms to a management console. The network administrator can configure the Cisco IOS IDS to choose the appropriate response to security incidents. When packets in a session match a signature, the Cisco IOS IDS can be configured to take these actions:
1.
Send an alarm to a syslog server or a centralized management interface
2.
Drop the packet
3.
Reset the TCP connection
Incorrect Answers:

C: This describes the basic functionality of Cisco routers. Cisco IPS devices take account the state of the
connections and look for anomalies in each data transmission up to layer

7. Access lists typically only filter traffic based on layers 3 and 4.

E: The IPS devices require a signature to generate an alarm and have an action taken. New attacks with
no known signature will not be detected.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/
products_white_paper09186a008010e5c8.shtml

QUESTION 85
The Certkiller network has only one entry point. However, you are concerned about internal attacks. Which of the following should be utilized on the Certkiller network? (Choose three)
A. CSA Agents on corporate mail servers
B. CSA Agents on critical network servers and user desktops
C. A network sensor behind (inside) the corporate firewall
D. A network sensor in front of (outside) the corporate firewall
E. Sensor and CSA Agents that report to management and monitoring servers that are located inside the corporate firewall
F. Sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco Security Agent (CSA) provides endpoint server and desktop protection against new and
emerging threats due to malicious network activity. These can be placed on any device within the
enterprise, protecting the network from both internal and external threats. When concerned with threats
coming from the inside network, choices B, C, and E are best.
Incorrect Answers:

A: Corporate mail servers are used to provide email services to the outside. Placing CSA agents on these
servers would protect from outside threats more so than from internal attacks.
D, F: These solutions are better suited for protecting the network from external threats.

QUESTION 86
Which of the following functions can be performed remotely by means of the Intrusion Detection System Device Manager? (Select all that apply)
A. Restarting IDS services
B. Initializing the Sensor configuration
C. Powering down the Sensor
D. Accessing the Cisco Secure Encyclopedia
E. Restarting the Sensor
F. Initiating a TCP reset response
G. None of the above

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco IDS signature customization is now made easier through one web page. The Custom Signature
configuration page presents the network security administrator with all the parameters that can be
customized for a specific signature. IDM enables the network security administrator to remotely:
1) Restart the IDS services.
2) Restart the Sensor.
3) Power down the Sensor.
Reference: Cisco CIDS Courseware, page 10-4

QUESTION 87
Your Certkiller router is hosting a NM-CIDS. This router’s configuration contains an inbound ACL. Which action does this router take when it receives a packet that should be dropped, according to the inbound ACL?
A. The router forwards the packet to the NM-CIDS for inspection, then drops the packet.
B. The router drops the packet and does not forward it to the NM-CIDS for inspection.
C. The router filters the packet through the inbound ACL, tags it for drop action, and forwards the packet to the NM-CIDS. Then the router drops it if it triggers any signature, even a signature with no action configured.
D. The router filters the packet through the inbound ACL, forwards the packet to the NM-CIDS for inspection only if it is an ICMP packet, and then drops the packet.
E. None of the above.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS Software performs an input-ACL check on a packet before it processes the packet for NAT or Encryption. As explained earlier, the IDS Network Module monitors the packet after the NAT and decryption is processed. Thus if the packet is dropped by the inbound ACL it is not forwarded to the IDS Network Module. The Cisco IOS Software performs output-ACL check after the packet is forwarded to the IDS. Hence the packet will be forwarded to the IDS even if the output ACL drops the packet. Reference: http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html
QUESTION 88
A new IDS NM-CIDS network module was recently installed on a Certkiller router, and packets are now being inspected via this module. However, not all packets are inspected. Which two packet types are not forwarded to the NM-CIDS? (Choose two)
A. GRE encapsulated packets
B. TCP packets
C. UDP packets
D. ARP packets
E. any IP multicast packets
F. ICMP packets

Correct Answer: AD Section: (none) Explanation Explanation/Reference:
Explanation:
GRE Tunnels:
The Cisco IDS software does not analyze GRE encapsulated packet. Hence if a GRE packet is received,
and the incoming interface is enabled for IDS monitoring, the packet WILL NOT be forwarded to the IDS
Network Module for monitoring. If a packet is encapsulated by the router into a GRE tunnel, and the
incoming interface is enabled for IDS monitoring, then the packet (before encapsulation) will be sent to the
IDS Network Module.
ARP Packets:
ARP packets are handled at layer-2 and are not forwarded to the IDS Network Module.
Reference:
http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html

QUESTION 89
Which of the following represents a type of exploit that involves introducing programs that install in inconspicuous back door to gain unauthorized access?
A. File sharing
B. Trojan horse
C. Protocol weakness
D. Session hijack
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
To gain remote access, they rely on keystroke capture software that’s planted on a system, sometimes
through a worm or Trojan horse disguised as a game or screen saver.
Reference: Cisco CIDS Courseware, page 2-46

QUESTION 90
What can intrusion detection and prevention systems detect? (Choose three)
A. Network misuse
B. Network uptime
C. Unauthorized network access
D. Network downtime
E. Network throughput
F. Network abuse

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
Explanation: An IDS/IPS system is software and possibly hardware that detects attacks against your network. They detect intrusive activity that enters into your network. You can locate intrusive activity by examining network traffic, host logs, system calls, and other areas that signal an attack against your network. Reference: Cisco Secure Intrusion Detection System, Cisco Press, page 54
QUESTION 91
The signature files on a Certkiller sensor are being updated by the security administrator. Which two statement are true about Cisco IPS signatures? (Choose two)
A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the sensing engines to rebuild their configuration, which takes time and could delay the processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Attacks or other misuses of network resources can be defined as network intrusions. Network intrusions
can be detected by sensors that use a signature-based technology. A signature is a set of rules that your
sensor uses to detect typical intrusive activity, such as denial of service (DoS) attacks. As sensors scan
network packets, they use signatures to detect known attacks and respond with actions that you define.
Signatures can be triggered either by a series of packets, called compound attacks, or by a single packet.
Single packet attacks are called atomic attacks; an example of this is the ping of death.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2113/
products_installation_and_configuration_guide_chap

QUESTION 92
Which of the following represents basic types of Cisco IDS signature parameters? (Choose all that apply.)
A. The Sub-signature parameter
B. The Local parameter
C. The Protected parameter
D. The Master parameter
E. The Required parameter

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation:
Engine parameters have the following attributes:
1) Protected – If a parameter is protected, you cannot change if for the default signatures.
You can modify it for custom signatures.
2) Required – If a parameter is required, you must define it for all signatures, both default signatures and
custom signatures.
Reference: CCSP Self-study: CSIDS Second Edition, page 438

QUESTION 93
SIMULATION You are the network security administrator at Certkiller .com in charge of the IPS sensors for a travel agency. Your sensors are currently deployed in promiscuous mode, but you have upgraded to IPS software 5.0 and now want to deploy in inline mode. You decide to return all signatures to heir default settings and re-tune them to maximize the benefits of your new topology. After tuning the signatures, you back up your configuration. On the morning of May 12, 2005, your new assistant informs you that the network appears to have been under attack since you left your office at 6:00 pm the previous evening. Your assistant has tuned several signatures on the company IPS 4235 sensor in an effort to mitigate the attacks. From the assistant description of the tuning he performed, you feel sure the IPS 4235 sensor will be less, rather than more, effective in protecting your network. You decide to investigate the situation. Your tasks are as follow: Display all high-severity alerts that have been generated by the sensor since 6:00 pm May 11, 2005. Verify that the only events displayed are high-severity alerts and their time-stamps are at or after 6:00 pm
May 11, 2005.
Examine the tuned signature settings.
Restore the default settings to all signatures without affecting other sensor settings. Verify that the
signature settings were returned to the defaults. (While doing so, you discover that your assistant modified
your allowed hosts list as well as tuning some signatures.)
Overwrite the current configuration with your backup configuration. Display the sensor configuration again
to verify the changes made by restoring from backup.
Sensor administrator username/password: Certkiller / Certkiller 987
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Show only high events from May 11, 2005 from 6pm:

“show events alert high 18:00 may 11 2005”

“show config”
Reset signatures back to defaults:

-default service signature-definition sig0 (or name of signatures)

-verify with “show config”
Overwrite the current configuration with your backup config:

-“copy backup-config current-config”

QUESTION 94
The Certkiller security policy states that network devices must be managed using secure communication methods. Which Cisco IDS Sensor services must be disabled to meet this requirement? (Choose two)
A. SSH
B. Telnet
C. TFTP
D. SNMP
E. FTP
F. RSH

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Sensor always provides secure shell services (including scp). Increase the security of the Sensor by
disabling two services that allow clear text password authentication: Telnet and FTP. For maximum
security disable both.

QUESTION 95
The service pack file IDSk9-sp-3.1-2-S23.bin exists on the Certkiller Sensor. Which command installs the service pack on the Sensor?
A. IDSk9-sp-3.1-2-S23 -install
B. IDSk9-sp-3.1-2-S23.bin -install
C. IDSk9-sp-3.1-2-S23.bin -i
D. IDSk9-sp-3.1-2-S23.bin -l
E. IDSk9-sp-3.1-2-S23-bin -apply
F. IDSk9-sp-3.1-2-S23 -apply

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
To install the version 3.1(5)S58 service pack, follow these steps:

1.
Download the self-extracting binary file IDSk9-sp-3.1-5-S58.bin to a directory on the target Sensor from
the following website:
http://www.cisco.com/cgi-bin/tablebuild.pl/ids3-app CAUTION: You must preserve the original file name.
2.
Log in as root on the Sensor.
3.
Change directories to the location of the downloaded binary.
4.
Change the binary file’s attributes to an executable by typing the following:
chmod +x IDSk9-sp-3.1-5-S58.bin
5.
Execute the binary file with the -l option by typing the following:
./IDSk9-sp-3.1-5-S58.bin -l
6.
Review the file output.log in /usr/nr/sp-update for any error messages.
7.
Do not remove the /usr/nr/sp-update directory. This directory is required for uninstallation and contains
backups of files replaced by the update.

QUESTION 96
A Certkiller router is hosting an NM-CIDS. The router’s configuration contains an output ACL. Which of the following best describes the action the router takes when it receives a packet that should be dropped according to the output ACL?
A. The router drops the packet and does not forward it to the NM-CIDS.
B. The router sends the packet to the NM-CIDS for inspection, then performs output-ACL check and drops the packet.
C. If the packet is an ICMP packet, the router sends it to the NM-CIDS for inspection, then performs output ACL check and drops the packet. If the packet is not an ICMP packet, the router performs output ACL check and drops the packet.
D. The router sends the packet to the NM-CIDS check and drops the packet.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS Software performs an input-ACL check on a packet before it processes the packet for NAT or Encryption. As explained earlier, the IDS Network Module monitors the packet after the NAT and decryption is processed. Thus if the packet is dropped by the inbound ACL it is not forwarded to the IDS Network Module. The Cisco IOS Software performs output-ACL check after the packet is forwarded to the IDS. Hence the packet will be forwarded to the IDS even if the output ACL drops the packet
QUESTION 97
An ACL policy violation signature has been created on a Cisco IDS Sensor. The Sensor is configured to receive policy violations from a Cisco IOS router. What configurations must exist on the router? (Choose two)
A. Logs permit ACL entries
B. Logs deny ACL entries
C. Sends SNMP traps to the Sensor
D. Sends Syslog messages to the Sensor
E. Sends SNMP traps to the Director
F. Sends syslog messages to the Director

Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
Explanation: The Sensor can be configured to create an alarm when it detects a policy violation from the syslog generated by a Cisco router. A policy violation is generated by a Cisco router when a packet fails to pass a designated Access Control List. Security data from Sensor and Cisco routers, including policy violations, is monitored and maintained on the Director.
QUESTION 98
An IDS module is being used on a Certkiller router configured with Network Address Translation. Under which circumstance would only the translated address be sent to the NM-CIDS for processing?
A. When using it outside NAT
B. When using it inside NAT
C. When using it outside PAT
D. When using it inside PAT

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS Software performs an input-ACL check on a packet before it processes the packet for NAT or Encryption. The IDS Network Module monitors the packet after the NAT and decryption is processed. Thus if the packet is dropped by the inbound ACL it is not forwarded to the IDS Network Module. The Cisco IOS Software performs output-ACL check after the packet is forwarded to the IDS. Hence the packet will be forwarded to the IDS even if the output ACL drops the packet. With NAT, the only the translated IP address will be seen by the NM-CIDS for outside 1-1 address translations. Reference: http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html
QUESTION 99
Certkiller has purchased a Cisco IDS solution that includes IDS modules. The switch group had decided not to provide the security department interactive access to the switch. What IDSM feature should be configured to provide the security department access to the IDSM command line?
A. AAA
B. TFTP
C. HTTP
D. Telnet E. HTTPS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The Catalyst 6000 family switch can be accessed either through a console management session or through telnet. Some switches might even support SSH access for increased security. After an interactive session is established with the switch, you must session into the ISDM line card. This is the only way to gain command-line access to the ISDM. Reference: Cisco Secure Intrusion Detection System, Cisco Press, page 499
QUESTION 100
You are the network security administrator for Certkiller . You want to create a user account for your
assistant that gives the assistant the second-highest level of privileges. You want to ensure that your
assistant can view all events and tune signatures.
Which role would you assign to the account for your assistant?

A. Operator
B. Service
C. Administrator
D. Viewer

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The CLI for IPS 5.0 supports four user roles: Administrator, Operator, Viewer, and Service. The privilege levels for each role are different; therefore, the menus and available commands vary for each role. Administrators-This user role has the highest level of privileges. Administrators have unrestricted view access and can perform the following functions: Add users and assign passwords Enable and disable control of physical interfaces and virtual sensors Assign physical sensing interfaces to a virtual sensor Modify the list of hosts allowed to connect to the sensor as a configuring or viewing agent. Modify sensor address configuration Tune signatures Assign configuration to a virtual sensor Manage routers Operators-This user role has the second highest level of privileges. Operators have unrestricted view access and can perform the following functions: Modify their passwords Tune signatures Manage routers Assign configuration to a virtual sensor Viewers-This user role has the lowest level of privileges. Viewers can view configuration and event data and can modify their passwords. Service-This user role does not have direct access to the CLI. Service account users are logged directly into a bash shell. Use this account for support and troubleshooting purposes only. Unauthorized modifications are not supported and will require the device to be re-imaged to guarantee proper operation. You can create only one user with the service role. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ products_command_reference_chapter09186a00803 a
QUESTION 101
A special account needs to be created via IDM so that a Certkiller sensor can be worked on by a technician. Which user account role on a Cisco IPS sensor should be specifically created in order to allow special root access for troubleshooting purposes only?
A. Operator
B. Viewer
C. Service
D. Administrator
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The CLI for IPS 5.0 supports four user roles: Administrator, Operator, Viewer, and Service. The privilege levels for each role are different; therefore, the menus and available commands vary for each role. Administrators-This user role has the highest level of privileges. Administrators have unrestricted view access and can perform the following functions: Add users and assign passwords Enable and disable control of physical interfaces and virtual sensors Assign physical sensing interfaces to a virtual sensor Modify the list of hosts allowed to connect to the sensor as a configuring or viewing agent. Modify sensor address configuration Tune signatures Assign configuration to a virtual sensor Manage routers Operators-This user role has the second highest level of privileges. Operators have unrestricted view access and can perform the following functions: Modify their passwords Tune signatures Manage routers Assign configuration to a virtual sensor Viewers-This user role has the lowest level of privileges. Viewers can view configuration and event data and can modify their passwords. Service-This user role does not have direct access to the CLI. Service account users are logged directly into a bash shell. Use this account for support and troubleshooting purposes only. Unauthorized modifications are not supported and will require the device to be re-imaged to guarantee proper operation. You can create only one user with the service role. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ products_command_reference_chapter09186a00803 a
QUESTION 102
A service account was created on a Certkiller sensor. Which statement regarding the service account on an IDS Sensor is valid?
A. Only users with the administrator role can be assigned to the service account.
B. Advanced signature tuning operations can be performed through the service account.
C. The service account must be created by Cisco TAC personnel.
D. A singular user only can be assigned to the service account.
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Creating the Service Account: You should create a service account for TAC to use during troubleshooting. Although more than one user can have access to the sensor, only one user can have service privileges on a sensor. The service account is for support purposes only. Caution:Do not make modifications to the sensor through the service account except under the direction of TAC. If you use the service account to configure the sensor, your configuration is not supported by TAC. We do not support the addition and/or running of an additional service to the operating system through the service account, because it affects the proper performance and proper functioning of the other IDS services. TAC does not support a sensor on which additional services have been added.
QUESTION 103
The IDS MC is used to manage the Certkiller sensors. What is the Cisco IDS ManagementCenter?
A. Web-based interface for managing and configuring multiple sensors.
B. Command-line interface for managing and configuring multiple sensors.
C. Web-based interface for managing and configuring a single sensor.
D. Command-line interface for managing and configuring a single sensor.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The Management Center for IDS Sensors is a tool with a scalable architecture for configuring Cisco
network sensors, switch IDS sensors, and IDS network modules for routers using a web-based interface.
The IDS MC is a web-based application that centralizes and accelerates the deployment and management
of multiple IUDS sensors of IDSM.

QUESTION 104
Which Cisco IDS Sensor configuration parameter affects the source and destination values included in an IDS alarm event?
A. Data source
B. IP fragment reassembly
C. External network definition
D. Internal network definition
E. TCP reassembly
F. Sensor IP address
G. All of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: You can use the source and destination location to alter your response to specific alarms. Traffic coming from a system within your network to another internal host that generates an alarm may be acceptable, whereas, you might consider this same traffic, originating from an external host or the Internet, totally unacceptable. Reference: Cisco Secure Intrusion Detection System, Cisco Press, page 183
QUESTION 105
A Certkiller IPS appliance has been configured with an interface pair. What is the purpose of an interface pair?
A. To provide load balancing
B. To provide inline monitoring
C. For multiple-subnet monitoring
D. For failover
E. For increased IPS performance
F. For SPAN source and destination-port identification

Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: Explaining Inline Interface Mode: You can pair interfaces on your sensor if your sensor is capable of inline monitoring. Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. An inline IPS sits in the fast-path, which allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus providing a protective service. Not only is the inline device processing information on layers3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (layers 3 to7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device. In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface of the pair unless that packet is being denied or modified by a signature.
QUESTION 106
A new 4210 is being installed in the Certkiller LAN. Which value can be assigned to define the Cisco IDS 4210 Sensor’s sensing interface?
A. Auto
B. Detect
C. Probe
D. Sniffing
E. Select

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: An individual sensor contains two separate interfaces. The sensor used on of the interfaces to passively sniff all the network packets by placing the interface in Promiscuous mode. The sensor uses the other network interface for command and control traffic. Reference: Cisco Secure Intrusion Detection System, Cisco Press, page 98
QUESTION 107
How would you go about successfully adding a Sensor to the IDS MC if the Sensor software version is not displayed in the drop-down list of available versions during the add process?
A. Update the Sensor’s software version to a version matching one in the IDS MC list.
B. Select the Discover Settings check box to automatically discover the unlisted version.
C. Update IDS MC with the latest IDS signatures.
D. Manually enter the correct software version in the version field under the Sensor’s Identification window.
E. Use the Query Sensor option next to the version field under the Sensor’s identification window to automatically discover the unlisted version.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: If the Sensor software version is not listed in the drop-down menu, it will be necessary to update the IDS MC with the latest version of IDS Signatures Reference: CSIDS Courseware under Device – Sensor, page
QUESTION 108
The Certkiller security administrator is setting the Bypass mode on a new IPS device. Which two statements accurately describe the software bypass mode? (Choose two)
A. When it is set to on, all Cisco IPS processing subsystems are bypassed and traffic is allowed to flow between the inline port or VLAN pairs directly.
B. When it is set to on, traffic inspection ceases without impacting network traffic.
C. The default is off.
D. If power to the sensor is lost, network traffic is not interrupted.
E. It can be used for redundancy in the event of hardware failure.
F. When it is set to off, traffic stops flowing if the sensor is down

Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
Explanation: To configure the sensor so that traffic continues to flow through inline pairs even when SensorApp is not running, you can enable bypass mode. Bypass mode minimizes dataflow interruptions during reconfiguration, service pack installation, or software failure. On the contrary, if the bypass mode is set to off, traffic will stop if the sensor fails as shown by the table below: Cisco IPS Sensor Software Version 5.0 AutoBypass

Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_qanda_item0900aecd80321849.shtml
QUESTION 109
Which of the following identify basic authentication methods for accessing a Certkiller Sensor from the IDS MC? (Choose all that apply.)
A. User account passwords
B. SSL certificates
C. SSH public keys
D. Digital certificates with pre-shared keys
E. Digital certificates with Certificate Authority
F. None of the above

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
SSH supports two forms of authentication: password and public key. If you have set up a public key
between IDSMC and the sensor, you can use that key by selecting the Use Existing SSH keys check box.
If you have not set up the key, or if you do not want to use it, leave the Use Existing SSH keys deselected,
and IDSMC will use SSH password authentication.

QUESTION 110
Which of the following methods will you advise the new Certkiller trainee technician to use when upgrading the signatures on a Cisco IDS Sensor? (Choose all that apply)
A. IEV
B. IDM
C. IDS MC
D. Monitoring Center for Security
E. SDM

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
To use this procedure, you must have access to the server:

*
You must have access to the IDSMC server if you want to update the IDSMC or a sensor.

*
You must have access to the SecurityMonitor server if you want to update SecurityMonitor. * If you have installed IDSMC and SecurityMonitor on the same server, you must have access to that server if you want to update the IDSMC or a sensor or SecurityMonitor. Note: The installation of IDS software updates can be performed from supported management consoles or from the command line interface (CLI).
QUESTION 111
A new IDS module was inserted into a Certkiller Catalyst switch and needs to be configured. Which command initiates the Cisco IDSM2 system-initialization dialog?
A. sysconfig-sensor
B. setup
C. configure terminal
D. session
E. initialize
F. None of the above.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Initializing the IDS Module:
After you have installed the IDS modules on your network, you can use the setup command to initially
configure them.
To initially configure the IDS module, follow these steps:
Step1
Session in to the IDS module by entering the session module_number command at the prompt.
Note:
The default username and password are both cisco.

*
Step2
You are prompted to change the default password. After you change the password, the module#
CONFigure prompt appears.
*
Step3
Enter the setup command.
The System Configuration Dialog is displayed
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps708/
products_installation_and_configuration_guide_chap t

QUESTION 112
Which of the following represents a technique that can be used to evade intrusion detection technology?
A. Man-in-the-middle
B. TCP resets
C. Targeted attacks
D. Obfuscation
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Early intrusion detection was easily evaded by disguising an attack by using special characters to conceal an attack. The term used to describe this evasive technique is obfuscation. Obfuscation is now once again becoming a popular IDS evasive technique. The following are forms of obfuscation: 1) Control characters 2) Hex representation 3) Unicode representation. Reference: Cisco CIDS Courseware, page 3-27
QUESTION 113
An attacker has launched an attack against a web server by requesting a web page using the Unicode representation for the slash character in the URL. What IDS evasive technique is the attacker using?
A. Encryption
B. Fragmentation
C. Flooding
D. Obfuscation
E. Saturation
F. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Intrusion detection systems typically implement obfuscation defense – ensuring that suspect packets cannot easily be disguised with UTF and/or hex encoding and bypass the Intrusion Detection systems. Reference: Cisco Intrusion Detection System – Cisco Security Advisory: Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability
QUESTION 114
A Certkiller IPS device that has been in place for some time needs to be tuned to eliminate some false positive alerts. Which two are necessary to take into consideration when preparing to tune your sensor? (Choose two)
A. The security policy
B. The network topology
C. Which IP addresses are statically assigned, and which are DHCP addresses
D. The IP addresses of your inside gateway and outside gateway
E. Which traffic the sensor denies by default
F. The current configuration for each virtual sensor

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
Tuning and Alarm Logging:

The traffic that IPS sensors see is dependent upon the corporate security policy, as well as the network topology. For example, if the corporate security policy provides employees with open access to the Internet, then very little tuning based upon traffic type (connection signatures) can be performed on these sensors. However, if the corporate security policy is more restrictive, then tuning based upon traffic type is possible. These sensors should see few attacks, and the attack signatures can generally be left tuned at the default levels. Attacks seen here have breached the external firewall, however, or are being generated from within the internal network, and should therefore be taken seriously. Again, during incidents such as a Code Red attack, it may be necessary to tune specific signatures at a lower level in order to keep from being overwhelmed by high-priority alarms. Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/ networking_solutions_white_paper09186a00801 b
QUESTION 115
A Certkiller sensor was placed outside of the firewall, and is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario?
A. Lowering the severity level of certain web signatures
B. Raising the severity level of certain web signatures
C. Disabling all web signatures
D. Disabling the Meta Event Generator
E. Retiring certain web signatures

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Normally a sensor is placed on the outside of a firewall to detect the overall number and severity of attacks on a network, and to determine the effectiveness of the firewall. For sensors placed on the outside, a great deal of traffic and alerts will be seen. Cisco recommends lowering the severity level of many of the more common attacks. This will ensure that all attacks are seen and logged, but the number of high level alerts will be kept down to a reasonable level. Incorrect Answers:
B: This will result in even more alerts, which will inundate the logs and overwhelm the security management team. C, D, E: Although this will indeed lower the number of alerts, these solutions will also result in lowering the effectiveness of the sensor, and allowing certain events to pass into the network unmonitored and without being logged.
QUESTION 116
Which TCP session reassembly configuration parameter enforces that a valid TCP session be establish before the Cisco IDS Sensor’s sensing engine analyzes the traffic associated with the session?
A. TCP open establish timeout
B. TCP embryonic timeout
C. TCP closed timeout
D. TCP three way handshake
E. TCP sequence timeout
F. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The goal of defining these reassembly settings is to ensure that the sensor does not allocate all of its resources to datagrams that cannot be completely reconstructed, either because the sensor missed some
frame transmissions or because an attack is generating random fragmented datagrams.
To specify that the sensor track only sessions for which the three-way handshake is completed, select the
TCP Three Way Handshake check box.
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_b/vpnman/vms_2_1/idsmc11/
ug/ch

Each Answers in Cisco 642-533 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.com.

Pass4itsure sk0-003 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/sk0-003.html

Cisco 642-533 Vce Dumps, Recenty Updated Cisco 642-533 Demo Questions And Answers Is What You Need To Take