100% Valid And Newest–Do not worry about your Cisco 642-533 exam! Just try Flydumps the latest Cisco https://www.leads4pass.com/642-533.html exam dumps.The latest new version with all the official new added Cisco 642-533 questions and answers.High pass rate and money back
QUESTION 26
Refer to the exhibit. Which three statements correctly describe the configuration depicted in this Cisco IDM virtual sensors list? (Choose three.)
A. inline dropping of packets can occur on the Gig0/0.1 sub-interface
B. sub-interfaces Gig0/2.0 and Gig0/3.0 are operating in IPS mode
C. the Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode simultaneously
D. the vs1 virtual sensor is misconfigured for inline operations since only one sub-interface is assigned to vs1
E. inline dropping of packets can occur on the Gig0/2.0 sub-interface or Gig0/3.0 sub-interface or both
F. the vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit. Which further action must you take in order to create a new virtual sensor?
A. assign a unique name
B. create and assign a unique Signature Definition Policy
C. create and assign a unique Event Action Rule Policy
D. set AD Operational Mode to Inactive as that is a global parameter
E. set Inline TCP Session Tracking Mode to Interface Only as there is only one interface available for assignment
F. assign a description
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Drop A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms, that exploit a number of different vulnerabilities and can trigger several different signatures?
A. Analysis engine
B. SensorApp
C. Application Policy Enforcement
D. Summarizer
E. Normalizer
F. Meta Event Generator
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Which three statements accurately describe Cisco IPS 6.0 Sensor Anomaly Detection? (Choose three.)
A. It sub-divides the network into two zones (internal and external).
B. It is used to identify worms which spread by scanning the network.
C. In the Anomaly Detection histograms, the number of source IP addresses is either learned or configured by the user.
D. In the Anomaly Detection histograms, the number of destination IP addresses is predefined.
E. It has three modes: learn mode, detect mode, and attack mode.
F. Anomaly Detection signatures have three sub-signatures (single scanner, multiple scanners, and worms outbreak).
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Drop
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 32
When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses?
A. excludes the defined IP addresses from automatic risk rating calculations so that you can specify the desired risk rating
B. allows you to configure separate OS maps within that IP address range
C. specifies which IP address range to import from the EPI for OS fingerprinting
D. limits the ARR to the defined IP addresses
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which statement accurately describes what the External Product Interface feature included in the Cisco IPS 6.0 software release allows the Cisco IPS Sensor to do?
A. collaborate with Cisco Security MARS for incident investigations
B. collaborate with Cisco Security Manager for centralized events management
C. have Cisco IEV subscribe to it and receive events from it
D. receive host postures and quarantined IP address events from the CiscoWorks Management Center for Cisco Security Agent
E. perform Anomaly Detection by receiving events from external sources
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 34
When signature 3116 fires, you want your Cisco IPS Sensor to terminate the current packet and future packets on this TCP flow only. Which action should you assign to the signature?
A. Deny Attacker Inline
B. Deny Connection Inline
C. Reset TCP Connection
D. Request Block Connection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit. You are the security administrator for the network in the exhibit. You want your inline Cisco IPS sensor to drop packets that pose the most severe risk to your network, especially to the servers on your DMZ. Which two of the following parameters should you set to protect your DMZ servers in the most time-efficient manner? (Choose two.)
A. event action filter
B. signature fidelity rating
C. alert severity
D. event action override
E. application policy
F. target value rating
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 36
In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?
A. to enable communications with the Master Blocking Sensor
B. to enable communications with a blocking device
C. to enable management hosts to access the Cisco IPS Sensor
D. to regenerate the Cisco IPS Sensor SSH host key
E. to regenerate the Cisco IPS Sensor SSL RSA key pair
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Which three of these steps are used to initialize and verify the Cisco ASA AIP-SSM? (Choose three.)
A. connect a management station directly to the AIP-SSM console port via a serial cable
B. use the ASA#session 1 command to access the AIP-SSM CLI
C. use the ASA#show module command to verify the AIP-SSM status
D. access the Cisco IDM from a management station using http://sensor-ip-address E. use the sensor#setup command to configure the basic sensor settings
F. use the ASA#telnet sensor-ip-address command to access the AIP-SSM to setup the basic configuration on the sensor
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 38
How should you create a custom signature that will fire when a series of pre-defined signatures occur and you want the Cisco IPS Sensor to generate alerts only for the new custom signature, not for the individual signatures?
A. Use the Normalizer engine and remove the Produce Alert action from the component signatures.
B. Use the Meta engine and remove the Produce Alert action from the component signatures.
C. Use the Trojan engine and remove the Produce Alert action from the component signatures.
D. Use the ATOMIC engine and set the summary mode to Global Summarize.
E. Use the Normalizer engine and set the summary mode to Global Summarize.
F. Use the Service engine and set the summary mode to Global Summarize.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Select the two correct general Cisco IPS Sensor tuning recommendations if the environment consists exclusively of Windows servers. (Choose two.)
A. use “NT” IP fragment reassembly mode
B. use “Windows” TCP stream reassembly mode
C. disable deobfuscation for all HTTP signatures
D. enable all IIS signatures
E. enable all NFS signatures
F. enable all RPC signatures
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 40
What two steps must you perform to initialize a Cisco IPS Sensor appliance? (Choose two.)
A. connect a serial cable to the console port of the sensor
B. connect to the sensor via SSH
C. use the Cisco IDM Setup Wizard
D. issue the setup command via the CLI
E. enable Telnet and then configure basic sensor parameters
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Refer to the exhibit. As an administrator, you need to change the Event Action and Event Count settings for signature 1108 in the sig1 instance. Which of the following should you select to view and change the required parameters?
A. Edit button
B. Actions button
C. Miscellaneous tab
D. Signature Variables tab
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 42
You have configured your sensor to use risk ratings to determine when to deny traffic into the network. How could you best leverage this configuration to provide the highest level of protection for the mission-critical web server on your DMZ?
A. Create a risk rating for the web server and assign a value of High to the risk rating.
B. Assign deny actions to all signatures with risk ratings, and specify the IP address of the web server as the Destination Address parameter for each of those signatures.
C. Assign a target value rating of Mission Critical to the web server.
D. Create an event action filter for the web server.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Whenever Cisco candidates take a tour of sample questions of Cisco https://www.leads4pass.com/642-533.html exam they find their training to be matchless to great extent.Passing the Cisco 642-533 on your own can be a difficult task,but with Cisco 642-533 preparation products,many candidates who appeared online passed Cisco 642-533 easily.