Cisco 642-533 Practice Test, Helpful Cisco 642-533 Certification Material For Sale
The 100% valid Flydumps latest Cisco 642-533 question answers ensure you 100% pass! And now we are offering the free new version along with the VCE format Cisco 642-533 practice test. Free download Cisco 642-533 more new PDF and VCE on Flydumps.com.
QUESTION 43
Which TCP stream reassembly mode disables TCP window-evasion checking?
A. Loose
B. Strict
C. Asymmetric
D. Symmetric
E. Disable
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Which three values are used to calculate the risk rating for an event? (Choose three.)
A. attack severity rating
B. fidelity severity rating
C. target fidelity rating
D. target value rating
E. signature fidelity rating
F. signature attack rating
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit. Based on this partial CLI output, what can be determined about anomaly detection?
A. Learning mode has expired and the sensor is running normally.
B. Learning mode has been manually disabled.
C. An attack is in progress and learning mode has been automatically disabled.
D. The virtual sensor vs1 has learned normal traffic patterns and is currently in detection mode.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which CLI mode allows you to tune signatures?
A. global configuration
B. service signature-definition
C. service analysis-engine
D. privileged exec
E. setup
F. virtual-sensor-configuration
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Which of the following statements best describes how IP logging should be used?
A. only be used temporarily for such purposes as attack confirmation, damage assessment, or the collection of forensic evidence, because of its impact on performance
B. be used sparingly because there is a 4-GB limit on the amount of data that can be logged
C. always be enabled since it uses a FIFO buffer on the Cisco IPS Sensor flash memory
D. be used to automatically correlate events with Cisco Security MARS for incident investigations
E. only be used when you are also using inline IPS mode
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which signature action or actions should be selected to cause the attacker’s traffic flow to terminate when the Cisco IPS Sensor is operating in promiscuous mode?
A. deny attacker
B. deny connection
C. deny packet
D. reset tcp connection
E. deny packet, reset tcp connection
F. deny connection, reset tcp connection
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Which type of signature engine is best suited for creating custom signatures that inspect data at Layer 5 and above?
A. ATOMIC
B. String
C. Sweep
D. Service
E. AIC
F. Flood
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Which two statements accurately describe virtual sensor configuration? (Choose two.)
A. You must create a new instance of a signature set, such as sig1, and assign it to vs1.
B. The packet processing policy is virtualized.
C. Creating a new virtual sensor creates a “virtual” machine.
D. The sensor’s interfaces are virtualized.
E. You cannot delete vs0.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which two management access methods are enabled by default on a Cisco IPS Sensor? (Choose two.)
A. HTTP
B. HTTPS
C. IPsec
D. SSH
E. Telnet
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Refer to the exhibit. Which of these statements is true concerning VLAN Pairs and the GigabitEthernet0/0 interface?
A. To add another VLAN pair to interface GigabitEthernet0/0, you would need to edit the current configuration.
B. To add another VLAN pair to interface GigabitEthernet0/0, you would need to click the Add button and enter the appropriate information into the current configuration.
C. You cannot delete the default VLAN pair on interface GigabitEthernet0/0 subinterface 1.
D. You cannot add another VLAN pair to interface GigabitEthernet0/0 because it already has a pair assigned to it.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. As a network administrator, you want to assign a target value rating to your network assets. Which menu tree path would you need to follow to reach a location from which you can configure the Target Value Rating parameter?
A. Analysis Engine > Virtual Sensors
B. Analysis Engine > Global Variables
C. Policies > Signature Definitions
D. Policies > Event Action Rules
E. Policies > Anomaly Detections
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
You would like to have your inline sensor deny attackers inline when events occur that have risk ratings over 85. Which two actions, when taken in conjunction, will accomplish this? (Choose two.)
A. create target value ratings of 85 to 100
B. create an Event Action Filter, and assign the risk rating range of 85 to 100 to the filter
C. assign the risk rating range of 85 to 100 to the Deny Attacker Inline event action
D. enable event action overrides
E. create an event variable for the protected network
F. enable Event Action Filters
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which two statements correctly describe Cisco ASA AIP-SSM based on Cisco IPS 6.0 and the ASA 7.x software release? (Choose two.)
A. It supports up to four virtual sensors.
B. It supports inline VLAN pairs.
C. Its command and control interface is Gig0/0.
D. It requires two physical interfaces to operate in inline mode.
E. It does not have console port access.
F. It has two sensing interfaces.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which three of the following are tuning parameters that affect the Cisco IPS Sensor globally? (Choose three.)
A. IP logging
B. alert summarization
C. IP fragment reassembly
D. TCP stream reassembly
E. meta reset interval
F. alert frequency
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Drop
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which statement is correct if “Use Threat Rating Adjustment” is enabled from the Event Action Rules > rules0 > General Settings menu?
A. The threat rating adjustment will be subtracted from the risk rating based on the action taken by the IPS sensor to produce the threat rating.
B. The risk rating will be adjusted by the addition of the threat rating adjustment based on the action taken by the Cisco IPS Sensor.
C. The threat rating adjustment will enable a fast way to add event actions based on the risk rating.
D. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the attack relevancy rating.
E. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the target value rating.
F. The threat rating adjustment will enable the Cisco IPS Sensor to adjust the risk rating based on the signature fidelity.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which two communication protocols does Cisco IEV support for communications with Cisco IPS Sensors? (Choose two.)
A. SSH
B. HTTP
C. HTTPS
D. IPsec
E. SCP
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 60
You are configuring Cisco IPS Sensor Anomaly Detection and have just set the scanner threshold to 48. What will this accomplish?
A. If there are more than 48 unestablished connections from a single source to different destination IP addresses, an Anomaly Detection signature will be triggered.
B. If there are more than 48 sources generating at least one unestablished connection to different destination IP addresses, an Anomaly Detection signature will be triggered.
C. A maximum of 48 scanners can be present on the network before an Anomaly Detection signature will be triggered.
D. The scheduler will replace the knowledge base every 48 hours.
E. The histogram high threshold will be set to 48 destination IP addresses.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
You have been made aware of new and unwanted traffic on your network.
You want to create a signature to monitor and perform an action against that traffic when certain thresholds are reached. What would be the best way to configure this new signature?
A. Edit a built-in signature that closely matches the traffic you are trying to prevent.
B. Clone and edit an existing signature that closely matches the traffic you are trying to prevent.
C. Use the Custom Signature Wizard.
D. Create a new signature definition, edit it, and then enable it.
E. Use the Anomaly Detection functions to learn about the unwanted traffic, then create a new Meta signature using Cisco IDM.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
You want to create multiple event filters that use the same parameter value. What would be the most efficient way to accomplish this task?
A. create a global variable
B. create a target value rating
C. create an event variable
D. clone and edit an event filter
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Cisco 642-533 Questions & Answers with explanations is all what you surely want to have before taking Cisco 642-533. Cisco 642-533 Interactive Testing Engine is ready to help you to get your Cisco 642-533 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 642-533 certification passed and are in search of some best and useful material, Cisco 642-533 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices Part 1 stydy.