Demo Edition

C CCEEERRRTTT MMMAAAGGGIIICCC

642-533

1 http://www.certmagic.com

Implementing Cisco Intrusion Prevention System (IPS)

Exam: 642-533

QUESTION: 1You want to create multiple event filters that use the same parameter value. What would be themost efficient way to accomplish this task?

A. create a global variableB. create a target value ratingC. create an event variableD. clone and edit an event filter

Answer: C

QUESTION: 2You think users on your corporate network are disguising the use of file-sharing applicationsby tunneling the traffic through port 80. How can you configure your Cisco IPS Sensor toidentify and stop this activity?

A. Enable all signatures in the Service HTTP engine.B. Assign the Deny Packet Inline action to all signatures in the Service HTTP engine.C. Enable all signatures in the Service HTTP engine. Then create an event action override thatadds the Deny Packet Inline action to events triggered by these signatures if the trafficoriginates from your corporate network.D. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Overridethat adds the Deny Packet Inline action to events triggered by the signature if the trafficoriginates from your corporate network.E. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature.

Answer: E

QUESTION: 3A user with which user account role on a Cisco IPS Sensor can log into the native operatingsystem shell for advanced troubleshooting purposes when directed to do so by Cisco TAC?

A. administratorB. operatorC. viewerD. serviceE. rootF. super

642-533

3 http://www.certmagic.com

Answer: D

QUESTION: 4Which character must precede a variable to indicate that you are using a variable rather than astring?

A. percent signB. dollar signC. ampersandD. pound signE. asterisk

Answer: B

QUESTION: 5Which statement accurately describes Cisco IPS Sensor automatic signature and service packupdates?

A. The Cisco IPS Sensor can automatically download service pack and signature updates fromCisco.com.B. The Cisco IPS Sensor can download signature and service pack updates only from an FTPor HTTP server.C. You must download service pack and signature updates from Cisco.com to a locallyaccessible server before they can be automatically applied to your Cisco IPS Sensor.D. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com forupdates hourly.E. If multiple signature or service pack updates are available when the sensor checks for anupdate, the Cisco IPS Sensor installs the first update it detects.

Answer: C

QUESTION: 6LAB

642-533

4 http://www.certmagic.com

Answer: Pending. Please Send your suggestions to feedback@certmagic.com

QUESTION: 7LAB

642-533

5 http://www.certmagic.com

642-533

6 http://www.certmagic.com

Answer: Pending. Please Send your suggestions to feedback@certmagic.com

QUESTION: 8How can you clear events from the event store?

A. You do not need to clear the event store; it is a circular log file, so once it reaches themaximum size it will be overwritten by new events.B. You must use the CLI clear events command.C. If you have Administrator privileges, you can do this by selecting Monitoring > Events >Reset button in Cisco IDM.D. You should select File > Clear IDM Cache in Cisco IDM.E. You cannot clear events from the event store; they must be moved off the system using thecopy command.

Answer: B

QUESTION: 9Refer to the exhibit. Based on the partial output shown, which of these statements is true?

A. The module installed in slot 1 needs to be a type 5540 module to be compatible with theASA 5540 Adaptive Security Appliance module type.

642-533

7 http://www.certmagic.com

B. The module installed in slot 1 needs to be upgraded to the same software revision asmodule 0 or it will not be recognized.C. Module 0 system services are not running.D. There is a Cisco IPS security services module installed.

Answer: D

QUESTION: 10Which action does the copy /erase ftp://172.26.26.1/sensor_config01 current-config commandperform?

A. erases the sensor_config01 file on the FTP server and replaces it with the currentconfiguration file from the Cisco IPS SensorB. copies and saves the running configuration to the FTP server and replaces it with the sourceconfiguration fileC. overwrites the backup configuration and applies the source configuration file to the systemdefault configurationD. merges the source configuration file with the current configuration

Answer: C

QUESTION: 11Drop

642-533

8 http://www.certmagic.com

Answer:

QUESTION: 12Which of the following is a valid file name for a Cisco IPS 6.0 system image?

A. IPS-K9-pkg-6.0-sys_img.sysB. IPS-4240-K9-img-6.0-sys.sysC. IPS-K9-cd-11-a-6.0-1-E1.imgD. IPS-4240-K9-sys-1.1-a-6.0-1-E1.img

Answer: D

QUESTION: 13Drop

642-533

9 http://www.certmagic.com

Answer:

QUESTION: 14What are the three roles of the Cisco IPS Sensor interface? (Choose three.)

A. alternate TCP resetB. blockingC. command and controlD. sensing (monitoring)E. loggingF. bypass

Answer: A, C, D

642-533

10 http://www.certmagic.com

QUESTION: 15Which two are true regarding Cisco IPS Sensor licensing? (Choose two.)

A. A Cisco IPS Sensor will run normally without a license key with the most current signatureupdates for 90 days.B. A license key is required to obtain signature updates.C. A Cisco Services for IPS contract must be purchased to obtain signature updates.D. Cisco IDM requires a valid license key to operate normally.E. The Cisco ASA 5500 Series does not require a Cisco Services for IPS contract when a validSMARTnet contract exists.

Answer: B, C

QUESTION: 16With Cisco IPS 6.0, what is the maximum number of virtual sensors that can be configured ona single platform?

A. the number depends on the amount of device memoryB. two in promiscuous mode using VLAN groups, four in inline mode supporting all interfacetype configurationsC. twoD. fourE. six

Answer: D

QUESTION: 17In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choosethree.)

A. enable all anti-evasive measures to reduce noiseB. place the Cisco IPS Sensor behind a firewallC. always enable unidirectional captureD. disable unneeded signaturesE. have multiple Cisco IPS Sensors in the path and configure them to detect different types ofevents

642-533

11 http://www.certmagic.com

F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors

Answer: B, D, E

QUESTION: 18What is used to perform password recovery for the "cisco" admin account on a Cisco IPS 4200Series Sensor?

A. setup modeB. ROMMON CLIC. GRUB menuD. recovery partitionE. Cisco IDM

Answer: C

QUESTION: 19What is the best way to mitigate the risk that executable-code exploits will perform maliciousacts such as erasing your hard drive?

A. assign deny actions to signatures that are controlled by the Trojan enginesB. assign the TCP reset action to signatures that are controlled by the Normalizer engineC. enable blockingD. enable application policy enforcementE. assign blocking actions to signatures that are controlled by the State engine

Answer: A

QUESTION: 20Refer to the exhibit. Which interfaces are assigned to an inline VLAN pair?

642-533

12 http://www.certmagic.com

A. GigabitEthernet0/1 with GigabitEthernet0/2B. GigabitEthernet0/1 with GigabitEthernet0/3C. GigabitEthernet0/2 with GigabitEthernet0/3D. None in this virtual sensor

Answer: D

642-533

13 http://www.certmagic.com