Question 1.
In which three ways does a Cisco IPS network sensor protect the network from attacks? (Choose three.)

A. It can take variety of actions when it detects traffic that matches a set of rules that pertain to 
    typical intrusion activity
B. It permits or denies traffic into the protected network based on access lists that you create on 
    the sensor
C. It uses a blend of intrusion detection technologies to detect malicious network activity
D. It can generate an alert when it detects traffic that matches a set of rules that pertain to typical 
    intrusion activity

Answer:  A, C, D

Question 2.
You would like to have your inline sensor deny attackers inline when events occur that have risk ratings over 85. 

Which two actions, when taken in conjunction will accomplish this? (Choose two.)

A. Assign the risk rating range of 85 to 100 to the Deny Attacker inline event action
B. Create target value ratings of 85 to 100
C. Create an event variable for the protected network
D. Create an Event Action Filter and assign the risk rating range of 85 to 100 to the filter
E. Enable Event Action overrides
F. Enable Event Action Filters

Answer:  A, E

Question 3. 
Which statement accurately describes Cisco IPS Sensor Automatic signature and service pack updates?

A. If multiple signature or service pack updates are available when the sensor checks for an 
    update, the Cisco IPS Sensor installs the first update it detects
B. You must download service pack and signature updates form cisco.com to locally accessible 
    server before they can be automatically applied to your Cisco IPS Sensor
C. When you configure automatic updates, the Cisco IPS Sensor checks Cisco.com for updates 
    hourly.
D. The Cisco IPS Sensor can automatically download service pack and signature updates form 
    cisco.com
E. The Cisco IPS Sensor can download signature and service pack updates only from an TFTP 
    or HTTP server

Answer:  B

Question 4.
You think users on your corporate network are disguising the user of file-sharing applications by tunneling the traffic through port 80. 

How can you configure your Cisco IPS Sensor to identify and stop this activity?

A. Enable all signatures in the Service HTTP engine
B. Assign the Deny Packet inline action to all signatures in the service HTTP Engine
C. Enable the alarm for the non-HTTP traffic signature. Then create an Event Action Override that 
    adds the Deny Packet inline action to event triggered by the signature if the traffic originates 
    from your corporate network
D. Enable both the HTTP application policy and the alarm on non-HTTP traffic signature
E. Enable all signature in the Service HTTP engine. Then create an event action override that 
    adds the Deny packet inline action to events triggered by these signatures if the traffic 
    originates form your corporate network

Answer:  D

Question 5.
With Cisco IPS 6.0, what is the maximum number of Virtual sensors that can be configured on a single platform?

A. The number depends on the amount of device memory
B. Six
C. Four
D. Two
E. Two in promiscuous mode using VLAN groups, four in inline mode supporting all interface type  
    configurations

Answer:  C

Question 6.
Which two management access methods are enabled by default on a Cisco IPS sensor? (Choose two.)

A. HTTP
B. SSH
C. Telnet
D. IPSec
E. HTTPS

Answer:  B, E

Question 7.
What is used to perform password recovery for the "cisco" admin account on a Cisco IPS 4200 Series Sensor?

A. ROMMON CLI
B. Cisco IDM
C. Setup mode
D. Recovery Partition
E. GRUB menu

Answer:  E

Question 8.
How should you create a custom signature that will fire when a series of pre-defined signature occur and you want the Cisco IPS Sensor to generate alerts only for the new custom signature, not for the individual signatures?

A. Use the Normalizer Engine and se the summary mode to Global Summarize
B. Use the Service Engine and Set the summary mode to global summarize
C. Use the Trojan Engine and remove the Produce Alert action from the component signatures
D. Use the Normalizer engine and remove the Produce Alert action from the component 
    signatures
E. Use the ATOMIC Engine and set the summary mode to Global Summarize
F. Use the Meta engine and remove the produce alert action from the component signatures

Answer:  F

Question 9.
When configuring Passive OS Fingerprinting, what is the purpose of restricting operating system mapping to specific addresses?

A. Limits the ARR to the defined IP Addresses
B. Specifies which IP Address range to import from EPI for OS fingerprinting
C. Excludes the defined IP Addresses from automatic risk rating calculations so that you can 
    specify the desired risk rating
D. Allows you to configure separate OS maps within that IP address range

Answer:  A

Question 10.
You have been made aware of new and unwanted traffic on your network. You want to create a signature to monitor and perform an action against that traffic when certain thresholds are reached. 

What would be the best way to configure this new signature?

A. Use the Anomaly Detection functions to learn abut the unwanted traffic, then create a new 
    meta signature using Cisco IDM
B. Clone and edit an existing signature that closely matches the traffic you are trying to prevent
C. Create a new signature definition, edit it, and then enable it
D. Edit a built-in signature that closely matches the traffic you are trying to prevent

Answer:  C

	Web www.certsbraindumps.com