Flydumps offers the first-hand Cisco 642-532 exam real questions and answers, by train the latest Cisco 642-532 PDF and VCE dumps,you will well prepare for the Cisco https://www.pass4itsure.com/642-532.html exam. Visit Flydumps.com to get free new version for training.
QUESTION 46
Which two statements are true about applying a system image file to a Cisco IPS 4240 sensor? (Choose two.)
A. The system image file contains a sys identifier.
B. The same system-image file can be applied to any sensor platform.
C. The system image has an rpm.pkg extension.
D. You can use ROMMON to use the TFTP facility to copy the system image onto the sensor
E. You can apply the system image by using the Cisco IDS version 5.0(1) Recovery CD-ROM.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Under which circumstance would only the translated address be sent to the NM-CIDS for processing?
A. when using it outside NAT
B. when using it inside NAT
C. when using it outside PAT
D. when using it inside PAT
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two tasks must you complete in Cisco IDM to configure the sensor to allow an SNMP network management station to obtain the sensor’s health and welfare information? (Choose two.)
A. From the SNMP General Configuration panel, configure the SNMP agent parameters.
B. From the SNMP Traps Configuration panel, enable SNMP Traps and SNMP Gets/Sets.
C. From the SNMP Traps Configuration panel, enable SNMP Traps
D. From the SNMP General Configuration panel, enable SNMP Gets/Sets.
E. From the SNMP Traps Configuration panel, enable SNMP Traps and SNMP Get-Responses
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 49
What is a false-negative alarm situation?
A. Normal traffic does not cause a signature to fire.
B. A signature is fired when offending traffic is not detected.
C. Normal traffic or a benign action causes a signature to fire
D. A signature is not fired when offending traffic is present
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 50
How is automatic IP logging enabled on a sensor?
A. It is enabled by default for all signatures.
B. It is enabled by default for all master signatures only.
C. It is enabled by default for all high-severity signature alarms.
D. It must be manually configured for individual signatures.
E. It is manually configured using the ip-log global configuration command.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which signature description best describes a String signature engine?
A. network reconnaissance detection
B. regular expression-based pattern inspection for multiple transport protocols
C. Layer 5, 6, and 7 services that require protocol analysis
D. state-based, regular expression-based pattern inspection and alarm functionality for TCP streams
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Under which tab in the Cisco IDM can you find the Custom Signature Wizard?
A. Device
B. Configuration
C. Monitoring
D. Administration
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 53
What is the primary function of a Master Blocking Sensor?
A. to serve as the central point of configuration in the Cisco IDM for blocking
B. to serve as the central point of configuration in the Cisco IDS MC for blocking
C. to manage and distribute blocking configurations to other slave sensors
D. to directly communicate the blocking requests that are sent by other sensors
E. to provide the first line of attack detection and prevention through blocking
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which command can be used to retrieve Cisco Product Evolution Program (PEP) unique device identifier (UDI) information to help you manage certified hardware versions within your network?
A. show tech-support
B. display
C. show pep
D. show udi
E. show inventory
F. show version
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Why would an attacker saturate the network with noise while simultaneously launching an attack?
A. It causes the Cisco IDS to fire multiple false negative alarms.
B. An attack may go undetected.
C. It will have no effect on the ability of the sensor to detect attacks.
D. It will initiate asymmetric attack techniques.
E. It will force the sensor into Bypass mode so that future attacks go undetected.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which three are types of events that are generated by the sensor? (Choose three.)
A. evIdsAlert: intrusion detection alerts
B. evError: application errors
C. evStatus: status changes, such as a software upgrade, that are being completed
D. evLog: IP logging requests
E. evAlert: system failure warnings
F. evSNMP: notification of data retrieval by an NMS
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which two statements are true about Cisco IPS signatures? (Choose two.)
A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but it can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the sensing engines to rebuild their configuration, which takes time and could delay the processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which three values are used to calculate the Risk Rating for an event? (Choose three.)
A. Attack Severity Rating
B. Signature Fidelity Rating
C. Target Value Rating
D. Target Fidelity Rating
E. Reply Ratio
F. Rate
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which statement is true about using the Cisco IDM to configure automatic signature and service pack updates?
A. You access the Automatic Update panel from the IDM Monitoring tab.
B. You must select the Enable Auto Update check box in the Auto Update panel in order to configure automatic updates
C. You can schedule updates to occur daily, weekly, or monthly.
D. If you configure updates to occur daily, the sensor checks for updates at 12:00 a.m. each day.
E. You must enter your Cisco.com username and password.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Your sensor is detecting a large volume of web traffic because it is monitoring traffic outside the firewall. What is the most appropriate sensor tuning for this scenario?
A. lowering the severity level of certain web signatures
B. raising the severity level of certain web signatures
C. disabling all web signatures
D. disabling the Meta Event Generator
E. retiring certain web signatures
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What would best mitigate the executable-code exploits that can perform a variety of malicious acts, such as erasing your hard drive?
A. assigning deny actions to signatures that are controlled by the Trojan engines
B. assigning the TCP reset action to signatures that are controlled by the Normalizer engine
C. enabling blocking
D. enabling Application Policy Enforcement
E. assigning blocking actions to signatures that are controlled by the State engine
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Your network has only one entry point. However, you are concerned about internal attacks. Select the three best choices for your network. (Choose three.)
A. CSA Agents on corporate mail servers
B. CSA Agents on critical network servers and user desktops
C. the network sensor behind (inside) the corporate firewall
D. the network sensor in front of (outside) the corporate firewall
E. sensor and CSA Agents that report to management and monitoring servers that are located inside the corporate firewall
F. sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: QUESTION 63
What are three differences between inline and promiscuous sensor functionality? (Choose three.)
A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that is operating in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.
Correct Answer: AEF Section: (none) Explanation Cisco.642-532.
Flydumps is ready to provide Cisco 642-532 candidates with Cisco 642-532 training materials which can be very much helpful for getting Cisco 642-532 certification, which means that candidates.Cisco 642-532 can easily get access to the services of Cisco https://www.pass4itsure.com/642-532.html for practice exam,which will assure them 100% Cisco 642-532 success rate.Though Cisco 642-532 tests are not easy at all, but they do not make Cisco 642-532 things complicated.