642-533考題下載

小刺猬

<p align="left">最新642-533考題分享</p><br /><p align="left">1. Which two statements correctly describe Cisco ASA AIP-SSM based on Cisco IPS 6.0 and the ASA 7.x software release? (Choose two.)</p><br /><p align="left">A. It supports up to four virtual sensors.</p><br /><p align="left">B. It supports inline VLAN pairs.</p><br /><p align="left">C. Its command and control interface is Gig0/0.</p><br /><p align="left">D. It requires two physical interfaces to operate in inline mode.</p><br /><p align="left">E. It does not have console port access.</p><br /><p align="left">F. It has two sensing interfaces.</p><br /><p align="left">Answer: CE</p><br /><p align="left">2. Refer to the exhibit. Which three statements correctly describe the configuration depicted in this Cisco IDM virtual sensors list? (Choose three.)</p><br /><p align="left">A. inline dropping of packets can occur on the Gig0/0.1 sub-interface</p><br /><p align="left">B. sub-interfaces Gig0/2.0 and Gig0/3.0 are operating in IPS mode</p><br /><p align="left">C. the Cisco IPS Sensor appliance is configured for promiscuous (IDS) and inline (IPS) mode</p><br /><p align="left">simultaneously</p><br /><p align="left">D. the vs1 virtual sensor is misconfigured for inline operations since only one sub-interface is assigned to vs1</p><br /><p align="left">E. inline dropping of packets can occur on the Gig0/2.0 sub-interface or Gig0/3.0 sub-interface or both</p><br /><p align="left">F. the vs1 virtual sensor is operating inline between VLAN 102 and VLAN 201</p><br /><p align="left">Answer: ACF</p><br /><p align="left">3. In Cisco IDM, the Configuration &gt; Sensor Setup &gt; SSH &gt; Known Host Keys screen is used for what purpose?</p><br /><p align="left">A. to enable communications with the Master Blocking Sensor</p><br /><p align="left">B. to enable communications with a blocking device</p><br /><p align="left">C. to enable management hosts to access the Cisco IPS Sensor</p><br /><p align="left">D. to regenerate the Cisco IPS Sensor SSH host key</p><br /><p align="left">E. to regenerate the Cisco IPS Sensor SSL RSA key pair</p><br /><p align="left">Answer: B</p><br /><p align="left">4. In which three of these ways can you achieve better Cisco IPS Sensor performance? (Choose three.)</p><br /><p align="left">A. enable all anti-evasive measures to reduce noise</p><br /><p align="left">B. place the Cisco IPS Sensor behind a firewall</p><br /><p align="left">C. always enable unidirectional capture</p><br /><p align="left">D. disable unneeded signatures</p><br /><p align="left">E. have multiple Cisco IPS Sensors in the path and configure them to detect different types of events</p><br /><p align="left">F. enable selective packet capture using VLAN ACL on the Cisco IPS 4200 Series Sensors</p><br /><p align="left">Answer: BDE</p><br /><p align="left">5. Which type of signature engine is best suited for creating custom signatures that inspect data at Layer 5 and above?</p><br /><p align="left">A. ATOMIC</p><br /><p align="left">B. String</p><br /><p align="left">C. Sweep</p><br /><p align="left">D. Service</p><br /><p align="left">E. AIC</p><br /><p align="left">F. Flood</p><br /><p align="left">Answer: D</p><br /><p align="left">6. Which three of these steps are used to initialize and verify the Cisco ASA AIP-SSM? (Choose three.)</p><br /><p align="left">A. connect a management station directly to the AIP-SSM console port via a serial cable</p><br /><p align="left">B. use the ASA#session 1 command to access the AIP-SSM CLI</p><br /><p align="left">C. use the ASA#show module command to verify the AIP-SSM status</p><br /><p align="left">D. access the Cisco IDM from a management station using http://sensor-ip-address</p><br /><p align="left">E. use the sensor#setup command to configure the basic sensor settings</p><br /><p align="left">F. use the ASA#telnet sensor-ip-address command to access the AIP-SSM to setup the basic</p><br /><p align="left">configuration on the sensor</p><br /><p align="left">Answer: BCE</p><br /><p align="left">7. A user with which user account role on a Cisco IPS Sensor can log into the native operating system shell for advanced troubleshooting purposes when directed to do so by Cisco TAC?</p><br /><p align="left">A. administrator</p><br /><p align="left">B. operator</p><br /><p align="left">C. viewer</p><br /><p align="left">D. service</p><br /><p align="left">E. root</p><br /><p align="left">F. super</p><br /><p align="left">Answer: D</p><br /><p align="left">8. Select the two correct general Cisco IPS Sensor tuning recommendations if the environment consists exclusively of Windows servers. (Choose two.)</p><br /><p align="left">A. use &quot;NT&quot; IP fragment reassembly mode</p><br /><p align="left">B. use &quot;Windows&quot; TCP stream reassembly mode</p><br /><p align="left">C. disable deobfuscation for all HTTP signatures</p><br /><p align="left">D. enable all IIS signatures</p><br /><p align="left">E. enable all NFS signatures</p><br /><p align="left">F. enable all RPC signatures</p><br /><p align="left">Answer: AD</p><br /><p align="left">9. What are the three roles of the Cisco IPS Sensor interface? (Choose three.)</p><br /><p align="left">A. alternate TCP reset</p><br /><p align="left">B. blocking</p><br /><p align="left">C. command and control</p><br /><p align="left">D. sensing (monitoring)</p><br /><p align="left">E. logging</p><br /><p align="left">F. bypass</p><br /><p align="left">Answer: ACD</p><br /><p align="left">10. Which of the following statements best describes how IP logging should be used?</p><br /><p align="left">A. only be used temporarily for such purposes as attack confirmation, damage assessment, or the collection of forensic evidence, because of its impact on performance</p><br /><p align="left">B. be used sparingly because there is a 4-GB limit on the amount of data that can be logged</p><br /><p align="left">C. always be enabled since it uses a FIFO buffer on the Cisco IPS Sensor flash memory</p><br /><p align="left">D. be used to automatically correlate events with Cisco Security MARS for incident investigations</p><br /><p align="left">E. only be used when you are also using inline IPS mode</p><br /><p align="left">Answer: A</p><br /><br />[<i> 本帖最后由 testinexam1 于 2011-2-21 19:58 编辑 </i>]