Cisco 642-532 Brain Demos, Prepare for the Cisco 642-532 Cert Will Be More Popular

New Updated Version — Where to find the newest Cisco 642-532 exam dumps to ensure your exam pass? if you want to pass exam Cisco 642-532 easily, you should download the latest updated Cisco 642-532 Flydumps for preparing. Now visit Flydumps.com to get free Cisco 642-532 pdf study guide with valid Cisco 642-532 exam dumps and free vce dumps,which will help you passing Cisco 642-532 quickly!

QUESTION 46
Which two statements are true about applying a system image file to a Cisco IPS 4240 sensor? (Choose two.)
A. The system image file contains a sys identifier.
B. The same system-image file can be applied to any sensor platform.
C. The system image has an rpm.pkg extension.
D. You can use ROMMON to use the TFTP facility to copy the system image onto the sensor
E. You can apply the system image by using the Cisco IDS version 5.0(1) Recovery CD-ROM.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Under which circumstance would only the translated address be sent to the NM-CIDS for processing?
A. when using it outside NAT
B. when using it inside NAT
C. when using it outside PAT
D. when using it inside PAT

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two tasks must you complete in Cisco IDM to configure the sensor to allow an SNMP network management station to obtain the sensor’s health and welfare information? (Choose two.)
A. From the SNMP General Configuration panel, configure the SNMP agent parameters.
B. From the SNMP Traps Configuration panel, enable SNMP Traps and SNMP Gets/Sets.
C. From the SNMP Traps Configuration panel, enable SNMP Traps
D. From the SNMP General Configuration panel, enable SNMP Gets/Sets.
E. From the SNMP Traps Configuration panel, enable SNMP Traps and SNMP Get-Responses

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 49
What is a false-negative alarm situation?
A. Normal traffic does not cause a signature to fire.
B. A signature is fired when offending traffic is not detected.
C. Normal traffic or a benign action causes a signature to fire
D. A signature is not fired when offending traffic is present

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 50
How is automatic IP logging enabled on a sensor?
A. It is enabled by default for all signatures.
B. It is enabled by default for all master signatures only.
C. It is enabled by default for all high-severity signature alarms.
D. It must be manually configured for individual signatures.
E. It is manually configured using the ip-log global configuration command.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which signature description best describes a String signature engine?
A. network reconnaissance detection
B. regular expression-based pattern inspection for multiple transport protocols
C. Layer 5, 6, and 7 services that require protocol analysis
D. state-based, regular expression-based pattern inspection and alarm functionality for TCP streams

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Under which tab in the Cisco IDM can you find the Custom Signature Wizard?
A. Device
B. Configuration
C. Monitoring
D. Administration

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 53
What is the primary function of a Master Blocking Sensor?
A. to serve as the central point of configuration in the Cisco IDM for blocking
B. to serve as the central point of configuration in the Cisco IDS MC for blocking
C. to manage and distribute blocking configurations to other slave sensors
D. to directly communicate the blocking requests that are sent by other sensors
E. to provide the first line of attack detection and prevention through blocking

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which command can be used to retrieve Cisco Product Evolution Program (PEP) unique device identifier (UDI) information to help you manage certified hardware versions within your network?
A. show tech-support
B. display
C. show pep
D. show udi
E. show inventory
F. show version

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Why would an attacker saturate the network with noise while simultaneously launching an attack?
A. It causes the Cisco IDS to fire multiple false negative alarms.
B. An attack may go undetected.
C. It will have no effect on the ability of the sensor to detect attacks.
D. It will initiate asymmetric attack techniques.
E. It will force the sensor into Bypass mode so that future attacks go undetected.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which three are types of events that are generated by the sensor? (Choose three.)
A. evIdsAlert: intrusion detection alerts
B. evError: application errors
C. evStatus: status changes, such as a software upgrade, that are being completed
D. evLog: IP logging requests
E. evAlert: system failure warnings
F. evSNMP: notification of data retrieval by an NMS

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which two statements are true about Cisco IPS signatures? (Choose two.)
A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but it can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the sensing engines to rebuild their configuration, which takes time and could delay the processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which three values are used to calculate the Risk Rating for an event? (Choose three.)
A. Attack Severity Rating
B. Signature Fidelity Rating
C. Target Value Rating
D. Target Fidelity Rating
E. Reply Ratio
F. Rate

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which statement is true about using the Cisco IDM to configure automatic signature and service pack updates?
A. You access the Automatic Update panel from the IDM Monitoring tab.
B. You must select the Enable Auto Update check box in the Auto Update panel in order to configure automatic updates
C. You can schedule updates to occur daily, weekly, or monthly.
D. If you configure updates to occur daily, the sensor checks for updates at 12:00 a.m. each day.
E. You must enter your Cisco.com username and password.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario?
A. lowering the severity level of certain web signatures
B. raising the severity level of certain web signatures
C. disabling all web signatures
D. disabling the Meta Event Generator
E. retiring certain web signatures

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What would best mitigate the executable-code exploits that can perform a variety of malicious acts, such as erasing your hard drive?
A. assigning deny actions to signatures that are controlled by the Trojan engines
B. assigning the TCP reset action to signatures that are controlled by the Normalizer engine
C. enabling blocking
D. enabling Application Policy Enforcement
E. assigning blocking actions to signatures that are controlled by the State engine

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Your network has only one entry point. However, you are concerned about internal attacks. Select the three best choices for your network. (Choose three.)
A. CSA Agents on corporate mail servers
B. CSA Agents on critical network servers and user desktops
C. the network sensor behind (inside) the corporate firewall
D. the network sensor in front of (outside) the corporate firewall
E. sensor and CSA Agents that report to management and monitoring servers that are located inside the corporate firewall
F. sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: QUESTION 63
What are three differences between inline and promiscuous sensor functionality? (Choose three.)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that is operating in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:

Cisco 642-532 Questions & Answers with explanations is all what you surely want to have before taking Cisco 642-532. Cisco 642-532 Interactive Testing Engine is ready to help you to get your Cisco 642-532 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 642-532 certification passed and are in search of some best and useful material,Cisco 642-532 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices Part 1 stydy.

You may also like...