pass4sure ccsp 642-532 v2.73

Securing Networks Using Intrusion Prevention Systems Exam : 642-532 Exam

Exam Number/Code: 642-532
Exam Name: Securing Networks Using Intrusion Prevention Systems Exam
VUE Code: 642-532
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

“Securing Networks Using Intrusion Prevention Systems Exam”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam? Searching 642-532 Test Questions, 642-532 Practice Exam, 642-532 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 questions to your 642-532 Exam preparation. In the 642-532 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.
642-532 IPS
Securing Networks Using Intrusion Prevention Systems Exam
Retired January 16, 2008
Exam Number: 642-532
Associated Certifications: CCSP, Cisco IPS Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe how Cisco IDS/IPS sensors are used to mitigate network security threats

* Select the best sensor platform to protect a given network
* Describe the features of the IDSM-2
* Describe the features of the NM-CIDS
* List sensor requirements for inline operations
* List platforms on which the 50 image will run
* Explain the difference between inline and promiscuous mode sensor operations
* Select the most effective location for the sensor and other defense-in-depth components
* Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
* Explain the similarities and differences among the various intrusion detection technologies
* Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
* Explain the differences between HIPS and Network IPS
* Describe the network sensors that are currently available and their features
* Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
* Explain the features, benefits, and system requirements of the IDM
* Describe traffic that is not inspected by the NM-CIDS
* Define intrusion detection
* Define intrusion prevention
* Explain the Cisco IDS/IPS signature features

Install Cisco IDS/IPS sensors and configure essential system parameters

* Install a sensor appliance in the network
* Use the IDM to configure SSH and TLS communications
* Use the CLI to install the sensor’s software image
* Select the appropriate image file for a sensor
* Select a router to host the NM-CIDS
* Configure communications between the router and the NM-CIDS
* Describe the functions of the various IDSM-2 ports
* Describe the tasks for configuring the NM-CIDS
* Describe the interfaces and components of the NM-CIDS
* Explain how the NM-CIDS works
* Explain how the IDSM-2 obtains access to network traffic
* Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
* Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
* Install the IDSM-2 in a switch
* Install the NM-CIDS in a router
* Select a switch to host the IDSM-2
* Use the CLI to initialize the sensor
* Describe user accounts and how they provide sensor security
* Use the IDM to configure and manage user accounts
* Use the IDM to verify secure management access to the sensor
* Obtain management access to the sensor appliance
* Obtain management access to the NM-CIDS
* Obtain management access to the IDSM-2
* Describe allowed hosts
* Use the IDM to configure allowed hosts
* Describe sensor interfaces and interface pairs
* Use the IDM to configure the sensor’s interfaces (enable, create pairs, assign to virtual sensor)
* Describe software bypass mode
* Use the IDM to configure software bypass mode
* Use the IDM to configure the sensor’s network settings (IP address, netmask, default gateway, etc)
* Describe sensor communications with external management and monitoring systems
* Launch, navigate, and use the IDM to manage and monitor the sensor
* Use the IDM to set the sensor’s time
* Define traffic flow notification
* Use the IDM to configure traffic flow notification
* Describe the various CLI modes
* Navigate the sensor CLI
* List the tasks for installing and configuring the IDSM-2

Describe Cisco IDS/IPS sensor advanced system parameters

* Plan the mitigation of specific network vulnerabilities and exploits
* Describe sensor tuning
* Describe sensor tuning methods
* Explain IP fragment and TCP stream reassembly options
* Describe the IP logging capabilities of the sensor
* Explain how IP logging should be used
* Explain the use of Event Variables
* Determine the need for a custom signature
* Describe the signature engines and their functionality
* Describe the types of signatures supported by each engine
* Describe common engine parameters and their effects on signatures
* Describe engine-specific parameters and their effects on signatures
* Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
* Determine which response actions need to be configured for a given scenario
* Determine the need for Event Action Filters in a given scenario
* Describe the purpose of the Meta Event Generator
* Explain Target Value Ratings and how they are used
* Determine the need for Event Action Rules in a given scenario
* Explain event Risk Ratings and how they are used
* Explain the sensor’s SNMP support
* Determine if the sensor’s application policy enforcement feature is needed in a given scenario

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance

* Use the IDM to tune the sensor to work optimally in the network
* Use the IDM to tune signatures to provide maximum protection for a network
* Use the IDM to create custom signatures as needed
* Configure response actions for a signature
* Configure the sensor to take response actions based on a risk rating
* Configure the sensor to minimize false alerts
* Use the IDM to create a Meta signature and disable alert production for the component signatures
* Use the IDM to configure the sensor to support SNMP
* Configure Event Action Filters
* Configure Event Action Overrides
* Configure Target Value Ratings
* Configure general settings for Event Action Rules
* Use the IDM to configure IP logging
* Configure Event Variables
* Use the IDM to configure blocking for a given scenario
* Use the IDM to configure the sensor to use a Master Blocking Sensor
* Use the IDM to configure IP fragment and TCP stream reassembly options
* Use the sensor’s application policy enforcement feature

Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks

* Configure the IDM events display
* Analyze alerts and make configuration changes to respond to attacks
* Use the CLI and the IDM to monitor events
* Classify an alarm as true, false, positive or negative
* Explain the fields in a Cisco IDS/IPS alert
* Describe the various types of events generated by the sensor
* Explain the difference between true and false and positive and negative alarms

Upgrade and maintain Cisco IDS/IPS sensors

* Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
* Use the CLI to recover the sensor’s software image
* Use the IDM to install signature updates and service packs
* Use the IDM to configure automatic signature and service pack updates
* Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
* Use the IDM to restore the default configuration to the sensor
* Select the correct software update file for a sensor
* Use the CLI to upgrade the software image
* Describe the various types of image files
* Apply the appropriate system image to the sensor
* Describe maintenance tasks specific to the NM-CIDS
* Use the CLI to obtain PEP information from the sensor
* Use the IDM to install a sensor license
* Describe PEP information and its purpose
* Explain the purpose of service packs and signature updates
* Describe service pack and signature update file names
* Explain why a sensor license is needed
* Obtain a license key

Troubleshoot Cisco IDS/IPS sensor operation and configuration errors

* Use the packet command to display and capture packets from the data interfaces
* Copy (to a location off the sensor) packets that have been captured from the data interfaces
* Use the IDM to verify the sensor’s configuration
* Use the CLI to back up the sensor configuration
* View IP logs for troubleshooting purposes
* Troubleshoot communications between the NM-CIDS and its host router
* Reset and power down the sensor
* Determine when resetting or powering down the sensor is necessary
* Describe the main components of the IPS 50 software architecture
* Verify functionality of the NM-CIDS
* Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
* Use the IDM and the CLI to obtain sensor statistics
* Use the IDM to obtain a sensor diagnostic report
* Use the IDM to obtain sensor system information
* Use general troubleshooting commands
* Use the IDM to shut down and reboot the sensor
* Describe Cisco IDS/IPS configuration file format

QUESTION 27:
An ACL policy violation signature has been created on a Cisco IDS Sensor. The
Sensor is configured to receive policy violations from a Cisco IOS router.
What configurations must exist on the router? (Choose two)
A. Logs permit ACL entries
B. Logs deny ACL entries
C. Sends SNMP traps to the Sensor
D. Sends Syslog messages to the Sensor
E. Sends SNMP traps to the Director
F. Sends syslog messages to the Director
Answer: B, F
Explanation:
The Sensor can be configured to create an alarm when it detects a policy violation from
the syslog generated by a Cisco router. A policy violation is generated by a Cisco router
when a packet fails to pass a designated Access Control List. Security data from Sensor
and Cisco routers, including policy violations, is monitored and maintained on the
Director.
QUESTION 28:
An IDS module is being used on a Certkiller router configured with Network
Address Translation. Under which circumstance would only the translated address
be sent to the NM-CIDS for processing?
A. When using it outside NAT
B. When using it inside NAT
C. When using it outside PAT
D. When using it inside PAT
Answer: A
Explanation:
The Cisco IOS Software performs an input-ACL check on a packet before it processes
the packet for NAT or Encryption. The IDS Network Module monitors the packet after
the NAT and decryption is processed. Thus if the packet is dropped by the inbound ACL
it is not forwarded to the IDS Network Module. The Cisco IOS Software performs
output-ACL check after the packet is forwarded to the IDS. Hence the packet will be
forwarded to the IDS even if the output ACL drops the packet. With NAT, the only the
translated IP address will be seen by the NM-CIDS for outside 1-1 address translations.
Reference:

http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html

QUESTION 29:
Certkiller has purchased a Cisco IDS solution that includes IDS modules.
The switch group had decided not to provide the security department interactive access to
the switch. What IDSM feature should be configured to provide the security department
access to the IDSM command line?
A. AAA
B. TFTP
C. HTTP
D. Telnet
E. HTTPS
Answer: D

Free download:pass4sure CCSP 642-532
Free download:testking CCSP 642-532
more info:www.ciscoexams.org

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines