Implementing Cisco Intrusion Prevention System (IPS) : 642-533 Exam

642-533 IPS
Implementing Cisco Intrusion Prevention Systems
Exam Number: 642-533
Associated Certifications: CCSP
Duration: 90 minutes (55 – 65 Questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The 642-533 IPS Implementing Cisco Intrusion Prevention Systems exam is associated with the Cisco Certified Security Professional certification. This exam tests a candidate’s knowledge of implementing the Cisco IPS product. Candidates can prepare for this exam by taking the IPS Implementing Cisco Intrusion Prevention Systems v6.0 course.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Describe how Cisco IPS sensors are used to mitigate network security threats

* List sensor requirements for inline operations
* Explain the difference between inline and promiscuous mode sensor operations
* Explain how Cisco IPS protects network devices from attacks (Describe signatures, alerts, and actions)
* Explain the evasive techniques used by hackers and how Cisco IPS defeats those techniques
* Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
* Explain the Cisco IPS signature features

Install Cisco IPS sensors/modules and configure essential system parameters

* Explain AIP-SSM functionalities
* Use the CLI to initialize the sensor
* Configure user accounts and explain the different user roles
* Configure management access to the sensor appliance
* Explain how allowed hosts are used and how they are configured
* Describe sensor interfaces, interface pairs, VLAN-pairs, and VLAN-groups
* Use the Cisco IDM to configure sensor interfaces (enable, create pairs, assign to virtual sensors)
* Describe and configure software bypass
* Describe sensor communications with external management and monitoring systems
* Launch, navigate, and use the Cisco IDM to manage and monitor the sensor
* Describe the various CLI configuration modes and sub modes and navigate between them
* List the tasks for installing and configuring the IDSM-2 and AIP-SSM

Describe Cisco IPS sensor advanced system parameters

* Plan the mitigation of specific network vulnerabilities and exploits
* Describe sensor tuning
* Explain IP fragment and TCP stream reassembly options
* Explain how IP logging should be used and how it is configured
* Explain the use of Event Variables
* Describe signature engines and their functionality
* Determine which response actions need to be configured for a given scenario
* Describe the purpose of the Meta Event Generator
* Explain Target Value Ratings and how they are used
* Determine the need for Event Action Rules in a given scenario
* Explain event Risk Ratings and how they are used

Tune Cisco IPS sensor advanced system parameters to optimize attack mitigation performance

* Use the IDM to tune the sensor to work optimally in the network
* Use the IDM to tune signatures to provide maximum protection for a network
* Given a scenario, use the IDM to create custom signature to meet the requirements
* Configure response actions for a signature
* Configure the sensor to take response actions based on a risk rating
* Use the Cisco IDM to create a Meta signature and disable alert production for the component signatures
* Configure Event Action Filters
* Configure Target Value Ratings
* Configure general settings for Event Action Rules
* Configure Event Variables
* Use the sensor application policy enforcement feature
* Configure passive OS fingerprinting (POSFP)
* Explain the External Product Interface, its benefits, and specifications
* Configure a virtual sensor
* Configure anomaly detection
* Use IDM/CLI to monitor advanced features such as POSFP and AD

Analyze Cisco IPS sensor events to determine the appropriate response to network attacks

* Use the CLI and the Cisco IDM and IEV to monitor events

Upgrade and maintain Cisco IPS sensors

* Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
* Apply the appropriate system image to the sensor
* Perform sensor password recovery
* Explain sensor licensing and how to install a license
* Describe service pack and signature update file names and how to install them

“Implementing Cisco Intrusion Prevention System (IPS)”, also known as 642-533 exam, is a Cisco certification.
Preparing for the 642-533 exam? Searching 642-533 Test Questions, 642-533 Practice Exam, 642-533 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-533 Exam preparation. In the 642-533 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

1. You think users on your corporate network are disguising the use of file-sharing applications by tunneling the
traffic through port 80. How can you configure your Cisco IPS Sensor to identify and stop this activity?
A. Enable all signatures in the Service HTTP engine.
B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.
C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny
Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.
D. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Override that adds the Deny
Packet Inline action to events triggered by the signature if the traffic originates from your corporate network.
E. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature.
Answer: E
2. A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for
advanced troubleshooting purposes when directed to do so by Cisco TAC?
A. administrator
B. operator
C. viewer
D. service
E. root
F. super
Answer: D

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

3. Which character must precede a variable to indicate that you are using a variable rather than a string?
A. percent sign
B. dollar sign
C. ampersand
D. pound sign
E. asterisk
Answer: B
4. Which statement accurately describes Cisco IPS Sensor automatic signature and service pack updates?
A. The Cisco IPS Sensor can automatically download service pack and signature updates from Cisco.com.
B. The Cisco IPS Sensor can download signature and service pack updates only from an FTP or HTTP server.
C. You must download service pack and signature updates from Cisco.com to a locally accessible server before
they can be automatically applied to your Cisco IPS Sensor.
D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates hourly.
E. If multiple signature or service pack updates are available when the sensor checks for an update, the Cisco IPS
Sensor installs the first update it detects.
Answer: C
5. Which two of the following parameters affect the risk rating of an event? (Choose two.)
A. alert severity
B. global summary threshold
C. signature fidelity rating
D. scanner threshold
E. engine type
F. event count key
Answer: AC

6. You are using Cisco IDM. What precaution must you keep in mind when adding, editing, or deleting allowed
hosts on a Cisco IPS Sensor?
A. You must not allow entire subnets to access the Cisco IPS Sensor
B. When using access lists to permit remote access, you must specify the direction of allowed communications.
C. You must not delete the IP address used for remote management.
D. You can only configure the allowed hosts using the CLI.
E. You must use an inverse mask, such as 10.0.2.0 0.0.0.255, for the specified network mask for the IP address.
Answer: C

7. How can you clear events from the event store?
A. You do not need to clear the event store; it is a circular log file, so once it reaches the maximum size it will be
overwritten by new events.
B. You must use the CLI clear events command.
C. If you have Administrator privileges, you can do this by selecting Monitoring > Events > Reset button in Cisco
IDM.
D. You should select File > Clear IDM Cache in Cisco IDM.
E. You cannot clear events from the event store; they must be moved off the system using the copy command.
Answer: B

9. Which action does the copy /erase ftp://172.26.26.1/sensor_config01 current-config command perform?
A. erases the sensor_config01 file on the FTP server and replaces it with the current configuration file from the
Cisco IPS Sensor
B. copies and saves the running configuration to the FTP server and replaces it with the source configuration file
C. overwrites the backup configuration and applies the source configuration file to the system default
configuration
D. merges the source configuration file with the current configuration
Answer: C

10. Which of the following is a valid file name for a Cisco IPS 6.0 system image?
A. IPS-K9-pkg-6.0-sys_img.sys
B. IPS-4240-K9-img-6.0-sys.sys
C. IPS-K9-cd-11-a-6.0-1-E1.img
D. IPS-4240-K9-sys-1.1-a-6.0-1-E1.img
Answer: D
11. What are the three roles of the Cisco IPS Sensor interface? (Choose three.)
A. alternate TCP reset
B. blocking
C. command and control
D. sensing (monitoring)
E. logging
F. bypass
Answer: ACD

12. Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)
A. A Cisco IPS Sensor will run normally without a license key with the most current signature updates for 90
days.
B. A license key is required to obtain signature updates.
C. A Cisco Services for IPS contract must be purchased to obtain signature updates.
D. Cisco IDM requires a valid license key to operate normally.
E. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a valid SMARTnet
contract exists.
Answer: BC

13. With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured on a single
platform?
A. the number depends on the amount of device memory
B. two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type configurations
C. two
D. four
E. six
Answer: D

14. In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.)
A. enable all anti-evasive measures to reduce noise
B. place the Cisco IPS Sensor behind a firewall
C. always enable unidirectional capture
D. disable unneeded signatures
E. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events
F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors
Answer: BDE

15. What is used to perform password recovery for the “cisco” admin account on a Cisco IPS 4200 Series Sensor?
A. setup mode
B. ROMMON CLI
C. GRUB menu
D. recovery partition
E. Cisco IDM
Answer: C

Questons and Answers : 63 Q&As
Updated: 2007-11-27

Free download:pass4sure CCSP 642-533
Free download:testking CCSP 642-533
more info:www.ciscoexams.org

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking