642-533 Implementing Cisco Intrusion Prevention System (IPS)

Page 1   
Question 1

Refering to the configuration for vs1. the 172.26.26.51 host OS fingerprinting is manually
configured as which operating system type?


  • A. LINUX
  • B. AIX
  • C. SOLARIS
  • D. WINDOWS


Answer : D

Question 2

You can tune built-in signatures when you adjust several signature parameters. Built-in
signatures that have been modified are called tuned signatures. Which one of the following
statements is true regarding tuned signatures?

  • A. create subsignatures that can then be tuned to your needs
  • B. create custom signatures that can then be tuned to your needs
  • C. contain modified parameters of built-in signatures
  • D. begin with signature number 50000


Answer : C

Question 3

You are in charge of Securing Networks with Cisco Routers and Switches for
pass4sure.com You suspect users on your company network are disguising the use of file-
sharing applications by tunneling the traffic through port 80. How can you configure your
Cisco IPS Sensor to identify and stop this activity?

  • A. Disable all signatures in the Service HTTP engine.
  • B. Assign the Deny Packet Inline action to all signatures.
  • C. Enable all signatures in the Service HTTP engine. Then create an event action override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.
  • D. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature.


Answer : D

Question 4

You are in charge of Securing Networks with Cisco Routers and Switches for
pass4sure.com. Which two of the following parameters affect the risk rating of an event?

  • A. alert severity
  • B. global summary threshold
  • C. signature fidelity rating
  • D. scanner threshold


Answer : A,C

Question 5

Which interfaces are assigned to an inline VLAN pair based on the following information?


  • A. GigabitEthernet0/1 with GigabitEthernet0/2
  • B. GigabitEthernet0/1 with GigabitEthernet0/3
  • C. GigabitEthernet0/2 with GigabitEthernet0/3
  • D. None in this virtual sensor


Answer : D

Question 6

Which command resets all signature settings back to the factory defaults?

  • A. default signatures
  • B. reset signatures
  • C. default service signature-definition
  • D. reset signatures all


Answer : C

Question 7

Which two protocols can be used for automatic signature and service pack updates?
(Choose two.)

  • A. SCP
  • B. SSH
  • C. FTP
  • D. HTTP


Answer : A,C

Question 8

You think users on your corporate network are disguising the use of file-sharing
applications by tunneling the traffic through port 80. How can you configure your sensor to
identify and stop this activity?

  • A. Enable all signatures in the Service HTTP engine.
  • B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.
  • C. Enable HTTP Application Policy and enable the Alarm on Non-HTTP Traffic signature.
  • D. Enable all signatures in the Service HTTP engine. Then create an Event Action Override that adds the Deny Packet Inline action to events triggered by these signatures if the traffic originates from your corporate network.


Answer : C

Question 9

You are the Cisco Configuration Assistant in pass4usre.com. What is the best way to avoid
executable-code exploits will perform malicious acts such as erasing your hard drive?

  • A. disable blocking
  • B. assign the TCP reset action to signatures that are controlled by the Normalizer engine
  • C. enable blocking
  • D. assign deny actions to signatures that are controlled by the Trojan engines


Answer : D

Question 10

You are in charge of Securing Networks with Cisco Routers and Switches for
pass4sure.com .What is not the role of the Cisco IPS Sensor interface.

  • A. alternate TCP reset
  • B. blocking
  • C. command and control
  • D. sensing (monitoring)


Answer : B

Question 11

Which action is available only to signatures supported by the Normalizer engine

  • A. Produce Verbose Alert
  • B. Modify Packet Inline
  • C. Deny Packet Inline
  • D. Log Pair Packets


Answer : B

Question 12

Which two of the following statments are correct regarding the virtual sensors configuration
on the IPS sensor?(choose 2)


  • A. vs1 uses inline interface-pairs
  • B. vs1 operates inline between vlan 102 and vlan 201
  • C. vs1 uses the ad1 anomaly detection instance
  • D. vs0 uses inline mode


Answer : B,C

Question 13

How does a Cisco IPS network sensor protect the network from attacks? (Choose three.)

  • A. Cisco IPS network sensor uses a blend of intrusion detection technologies to detect malicious network activity.
  • B. Cisco IPS network sensor can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
  • C. Cisco IPS network sensor permits or denies traffic into the protected network based on access lists that you create on the sensor.
  • D. Cisco IPS network sensor can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.


Answer : A,B,D

Question 14

How can you achieve better Cisco IPS Sensor performance?

  • A. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events
  • B. place the Cisco IPS Sensor behind a firewall
  • C. always enable unidirectional capture
  • D. disable unneeded signatures


Answer : A,B,D

Question 15

Match each evasive technique to the proper description.
(1)obfuscation
(2)fragmentation
(3)insertion or evasion
(4)encryption
(5)flooding
(I)makes the IPS sensor see different traffic than the traffic seen by the intended victim
(II)split malicious packets into smaller packets to avoid detection
(III)uses an established SSL session to send malicious data to the intended victim
(IV)use special characters to conceal the attack from the IPS appliance
(V)saturates the network with noise traffic

  • A. (I)-(3);(II)-(5);(III)-(4);(IV)-(1);(V)-(2)
  • B. (I)-(3);(II)-(4);(III)-(2);(IV)-(1);(V)-(5)
  • C. (I)-(4);(II)-(2);(III)-(3);(IV)-(1);(V)-(5)
  • D. (I)-(3);(II)-(2);(III)-(4);(IV)-(1);(V)-(5)


Answer : D

Page 1