Pass Cisco 642-533 Exam With Training Flydumps New Cisco 642-533 PDF And VCE Dumps

Flydumps guarantee your Cisco 642-533 exam success with our Exam Resources.Our Cisco 642-533 Flydumps are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers. All our Cisco 642-533 Flydumps including Cisco 642-533 exam questions which guarantee you can 100% success Cisco 642-533 exam in your first try exam.

Exam A QUESTION 1
Hotspot A.
B.
C.
D.

Correct Answer: Section: (none) Explanation Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 2
You think users on your corporate network are disguising the use of file-sharing applications by tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?
A. Enable all signatures in the Service HTTP engine.
B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.
C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.
D. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Override that adds the Deny Packet Inline action to events triggered by the signature if the traffic originates from your corporate network.
E. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 3
A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for advanced troubleshooting purposes when directed to do so by Cisco TAC?
A. administrator
B. operator
C. viewer
D. service
E. root
F. super

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 4
Which character must precede a variable to indicate that you are using a variable rather than a string?
A. percent sign
B. dollar sign
C. ampersand
D. pound sign
E. asterisk

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which statement accurately describes Cisco IPS Sensor automatic signature and service pack updates?
A. The Cisco IPS Sensor can automatically download service pack and signature updates from Cisco.com.
B. The Cisco IPS Sensor can download signature and service pack updates only from an FTP or HTTP server.
C. You must download service pack and signature updates from Cisco.com to a locally accessible server before they can be automatically applied to your Cisco IPS Sensor.
D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates hourly.
E. If multiple signature or service pack updates are available when the sensor checks for an update, the Cisco IPS Sensor installs the first update it detects.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 6
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 7
LAB A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 8
How can you clear events from the event store?
A. You do not need to clear the event store; it is a circular log file, so once it reaches the maximum size it will be overwritten by new events.
B. You must use the CLI clear events command.
C. If you have Administrator privileges, you can do this by selecting Monitoring > Events > Reset button in Cisco IDM.
D. You should select File > Clear IDM Cache in Cisco IDM.
E. You cannot clear events from the event store; they must be moved off the system using the copy command.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. Based on the partial output shown, which of these statements is true?

A. The module installed in slot 1 needs to be a type 5540 module to be compatible with the ASA 5540 Adaptive Security Appliance module type.
B. The module installed in slot 1 needs to be upgraded to the same software revision as module 0 or it will not be recognized.
C. Module 0 system services are not running.
D. There is a Cisco IPS security services module installed.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which action does the copy /erase ftp://172.26.26.1/sensor_config01 current-config command perform?
A. erases the sensor_config01 file on the FTP server and replaces it with the current configuration file from the Cisco IPS Sensor
B. copies and saves the running configuration to the FTP server and replaces it with the source configuration file
C. overwrites the backup configuration and applies the source configuration file to the system default configuration
D. merges the source configuration file with the current configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 12
Which of the following is a valid file name for a Cisco IPS 6.0 system image?
A. IPS-K9-pkg-6.0-sys_img.sys
B. IPS-4240-K9-img-6.0-sys.sys
C. IPS-K9-cd-11-a-6.0-1-E1.img
D. IPS-4240-K9-sys-1.1-a-6.0-1-E1.img

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 14
What are the three roles of the Cisco IPS Sensor interface? (Choose three.)
A. alternate TCP reset
B. blocking
C. command and control
D. sensing (monitoring)
E. logging
F. bypass

Correct Answer: ACD Section: (none) Explanation Explanation/Reference:
QUESTION 15
Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)
A. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90 days.
B. A license key is required to obtain signature updates.
C. A Cisco Services for IPS contract must be purchased to obtain signature updates.
D. Cisco IDM requires a valid license key to operate normally.
E. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet contract exists.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 16
With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single platform?
A. the number depends on the amount of device memory
B. two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type configurations
C. two
D. four
E. six

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 17
In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.)
A. enable all anti-evasive measures to reduce noise
B. place the Cisco IPS Sensor behind a firewall
C. always enable unidirectional capture
D. disable unneeded signatures
E. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events
F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 18
What is used to perform password recovery for the “cisco” admin account on a Cisco IPS 4200 Series Sensor?
A. setup mode
B. ROMMON CLI
C. GRUB menu
D. recovery partition
E. Cisco IDM

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What is the best way to mitigate the risk that executable-code exploits will perform malicious acts such as erasing your hard drive?
A. assign deny actions to signatures that are controlled by the Trojan engines
B. assign the TCP reset action to signatures that are controlled by the Normalizer engine
C. enable blocking
D. enable application policy enforcement
E. assign blocking actions to signatures that are controlled by the State engine

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Refer to the exhibit. Which interfaces are assigned to an inline VLAN pair?

A. GigabitEthernet0/1 with GigabitEthernet0/2
B. GigabitEthernet0/1 with GigabitEthernet0/3
C. GigabitEthernet0/2 with GigabitEthernet0/3
D. None in this virtual sensor

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 21
In which three ways does a Cisco IPS network sensor protect the network from attacks? (Choose three.)
A. It uses a blend of intrusion detection technologies to detect malicious network activity.
B. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C. It permits or denies traffic into the protected network based on access lists that you create on the sensor.
D. It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E. It uses behavior-based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.
F. It uses anomaly detection technology to prevent evasive techniques such as obfuscation, fragmentation, and encryption.

Correct Answer: ABD Section: (none) Explanation Explanation/Reference:
QUESTION 22
Which two of the following parameters affect the risk rating of an event? (Choose two.)
A. alert severity
B. global summary threshold
C. signature fidelity rating
D. scanner threshold
E. engine type
F. event count key

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 23
You are using Cisco IDM. What precaution must you keep in mind when adding, editing, or deleting allowed hosts on a Cisco IPS Sensor?
A. You must not allow entire subnets to access the Cisco IPS Sensor
B. When using access lists to permit remote access, you must specify the direction of allowed communications.
C. You must not delete the IP address used for remote management.
D. You can only configure the allowed hosts using the CLI.
E. You must use an inverse mask, such as 10.0.2.0 0.0.0.255, for the specified network mask for the IP address.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Which statement is true about inline sensor functionality?
A. Inline functionality is available on any sensor that supports Cisco IPS Sensor Software Version 5.0 or later.
B. If your sensor has a sufficient number of monitoring interfaces, you can use inline and promiscuous modes simultaneously.
C. Any sensor that supports inline functionality can operate in either inline or promiscuous mode, but not in both modes simultaneously.
D. If you switch a sensor between inline and promiscuous modes, you must reboot the sensor.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which one of the following statements is true regarding tuned signatures?
A. require that you create subsignatures that can then be tuned to your needs
B. require that you create custom signatures that can then be tuned to your needs
C. contain modified parameters of built-in signatures
D. begin with signature number 60000
E. are tuned using the Cisco IDM Custom Signature Wizard

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 26
You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next?
A. Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents.
B. Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager to decode the IP log.
C. Use Cisco IDM to download the IP log to a management station then use a packet analyzer like Ethereal to decode the IP log.
D. Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content.
E. Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit. Which three statements correctly describe the configuration depicted in this Cisco IDM virtual sensors list? (Choose three.)

A. inline dropping of packets can occur on the Gig0/0.1 sub-interface
B. sub-interfaces Gig0/2.0 and Gig0/3.0 are operating in IPS mode
C. the Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode simultaneously
D. the vs1 virtual sensor is misconfigured for inline operations since only one sub-interface is assigned to vs1
E. inline dropping of packets can occur on the Gig0/2.0 sub-interface or Gig0/3.0 sub-interface or both
F. the vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Refer to the exhibit. Which further action must you take in order to create a new virtual sensor?

A. assign a unique name
B. create and assign a unique Signature Definition Policy
C. create and assign a unique Event Action Rule Policy
D. set AD Operational Mode to Inactive as that is a global parameter
E. set Inline TCP Session Tracking Mode to Interface Only as there is only one interface available for assignment
F. assign a description

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 30
Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms,
that exploit a number of different vulnerabilities and can trigger several
different signatures?

A. Analysis engine
B. SensorApp
C. Application Policy Enforcement
D. Summarizer
E. Normalizer
F. Meta Event Generator

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Which three statements accurately describe Cisco IPS 6.0 Sensor Anomaly Detection? (Choose three.)
A. It sub-divides the network into two zones (internal and external).
B. It is used to identify worms which spread by scanning the network.
C. In the Anomaly Detection histograms, the number of source IP addresses is either learned or configured by the user.
D. In the Anomaly Detection histograms, the number of destination IP addresses is predefined.
E. It has three modes: learn mode, detect mode, and attack mode.
F. Anomaly Detection signatures have three sub-signatures (single scanner, multiple scanners, and worms outbreak).

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 32
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 33
When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses?
A. excludes the defined IP addresses from automatic risk rating calculations so that you can specify the desired risk rating
B. allows you to configure separate OS maps within that IP address range
C. specifies which IP address range to import from the EPI for OS fingerprinting
D. limits the ARR to the defined IP addresses

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which statement accurately describes what the External Product Interface feature included in the Cisco IPS 6.0 software release allows the Cisco IPS Sensor to do?
A. collaborate with Cisco Security MARS for incident investigations
B. collaborate with Cisco Security Manager for centralized events management
C. have Cisco IEV subscribe to it and receive events from it
D. receive host postures and quarantined IP address events from the CiscoWorks Management Center for Cisco Security Agent
E. perform Anomaly Detection by receiving events from external sources

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 35
When signature 3116 fires, you want your Cisco IPS Sensor to terminate the current packet and future packets on this TCP flow only. Which action should you assign to the signature?
A. Deny Attacker Inline
B. Deny Connection Inline
C. Reset TCP Connection
D. Request Block Connection

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Refer to the exhibit. You are the security administrator for the network in the exhibit. You want your inline Cisco IPS sensor to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two of the following parameters should you set to protect your DMZ servers in the most time-efficient manner? (Choose two.)

A. event action filter
B. signature fidelity rating
C. alert severity
D. event action override
E. application policy
F. target value rating

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 37
In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?
A. to enable communications with the Master Blocking Sensor
B. to enable communications with a blocking device
C. to enable management hosts to access the Cisco IPS Sensor
D. to regenerate the Cisco IPS Sensor SSH host key
E. to regenerate the Cisco IPS Sensor SSL RSA key pair

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Which three of these steps are used to initialize and verify the Cisco ASA AIP-SSM? (Choose three.)
A. connect a management station directly to the AIP-SSM console port via a serial cable
B. use the ASA#session 1 command to access the AIP-SSM CLI
C. use the ASA#show module command to verify the AIP-SSM status
D. access the Cisco IDM from a management station using http://sensor-ip-address
E. use the sensor#setup command to configure the basic sensor settings
F. use the ASA#telnet sensor-ip-address command to access the AIP-SSM to setup the basic configuration on the sensor

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 39
How should you create a custom signature that will fire when a series of pre-defined signatures occur and you want the Cisco IPS Sensor to generate alerts only for the new custom signature, not for the individual signatures?
A. Use the Normalizer engine and remove the Produce Alert action from the component signatures.
B. Use the Meta engine and remove the Produce Alert action from the component signatures.
C. Use the Trojan engine and remove the Produce Alert action from the component signatures.
D. Use the ATOMIC engine and set the summary mode to Global Summarize.
E. Use the Normalizer engine and set the summary mode to Global Summarize.
F. Use the Service engine and set the summary mode to Global Summarize.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 40
Select the two correct general Cisco IPS Sensor tuning recommendations if the environment consists exclusively of Windows servers. (Choose two.)
A. use “NT” IP fragment reassembly mode
B. use “Windows” TCP stream reassembly mode
C. disable deobfuscation for all HTTP signatures
D. enable all IIS signatures
E. enable all NFS signatures
F. enable all RPC signatures

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 41
What two steps must you perform to initialize a Cisco IPS Sensor appliance? (Choose two.)
A. connect a serial cable to the console port of the sensor
B. connect to the sensor via SSH
C. use the Cisco IDM Setup Wizard
D. issue the setup command via the CLI E. enable Telnet and then configure basic sensor parameters

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Refer to the exhibit. As an administrator, you need to change the Event Action and Event Count settings for signature 1108 in the sig1 instance. Which of the following should you select to view and change the required parameters?

A. Edit button
B. Actions button
C. Miscellaneous tab
D. Signature Variables tab

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 43
You have configured your sensor to use risk ratings to determine when to deny traffic into the network. How could you best leverage this configuration to provide the highest level of protection for the mission-critical web server on your DMZ?
A. Create a risk rating for the web server and assign a value of High to the risk rating.
B. Assign deny actions to all signatures with risk ratings, and specify the IP address of the web server as the Destination Address parameter for each of those signatures.
C. Assign a target value rating of Mission Critical to the web server.
D. Create an event action filter for the web server.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Which TCP stream reassembly mode disables TCP window-evasion checking?
A. Loose
B. Strict
C. Asymmetric
D. Symmetric
E. Disable

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which three values are used to calculate the risk rating for an event? (Choose three.)
A. attack severity rating
B. fidelity severity rating
C. target fidelity rating
D. target value rating
E. signature fidelity rating
F. signature attack rating

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:

All our Cisco products are up to date! When you buy any Cisco 642-533 product from Certpaper, as “Cisco 642-533 Questions & Answers with explanations”, you are automatically offered the Cisco 642-533 updates for a total of 90 days from the day you bought it. If you want to renew your Cisco 642-533 purchase during the period of these 90 days, your Cisco 642-533 product is renewed and you are further enabled to enjoy the free Cisco updates.