Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
BlackBerry exams BlackBerry
CheckPoint exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
HP exams Hewlett Packard
IBM exams IBM
ISC exams ISC
ISEB exams ISEB
Juniper Networks exams Juniper Networks
LPI exams LPI
Microsoft exams Microsoft
Network Appliance exams Network Appliance
Nortel exams Nortel
Novell exams Novell
Oracle exams Oracle
PMI exams PMI
RedHat exams RedHat
RSA Security exams RSA Security
SNIA exams SAP
Sun exams Sun
Symantec exams Symantec
Tibco exams Tibco
VMWare exams VMWare
All certification exams

Cisco 642-532 Exam - Cheat-Test.com

Free 642-532 Sample Questions:

1.Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three.)
A.Disable all interfaces except the inline pair.
B.Add the inline pair to the default virtual sensor.
C.Enable two interfaces for the pair.
D.Disable any interfaces that are operating in promiscuous mode.
E.Create the interface pair.
F.Configure an alternate TCP­reset interface
Answer: B, C, E

2.Your Cisco router is hosting an NM­CIDS. The router configuration contains an inbound ACL. Which action does the router take when it receives a packet that should be dropped, according to the inbound ACL?
A.The router forwards the packet to the NM­CIDS for inspection, then drops the packet.
B.The router drops the packet and does not forward it to the NM­CIDS for inspection.
C.The router filters the packet through the inbound ACL, tags it for drop action, and forwards the packet to the NM­CIDS. Then the router drops it if it triggers any signature, even a signature with no action configured.
D.The router filters the packet through the inbound ACL, forwards the packet to the NM­CIDS for inspection only if it is an ICMP packet, and then drops the packet.
Answer: B

3.Which action is available only to signatures supported by the Normalizer engine
A.Produce Verbose Alert
B.Modify Packet Inline
C.Deny Packet Inline
D.Log Pair Packets
E.Request SNMP Trap
F.Reset TCP Connection
Answer: B

4.You would like to have your inline sensor deny attackers inline when events occur that have Risk Ratings over 85. Which two actions will accomplish this? (Choose two.)
A.Create Target Value Ratings of 85 to 100.
B.Create an Event Variable for the protected network.
C.Enable Event Action Overrides.
D.Create an Event Action Filter, and assign the Risk Rating range of 85 to 100 to the filter.
E.Enable Event Action Filters.
F.Assign the Risk Rating range of 85 to 100 to the Deny Attacker Inline event action.
Answer: C, F

5.Which two are appropriate installation points for a Cisco IPS sensor? (Choose two.)
A.on publicly accessible servers
B.on critical network servers
C.at network entry points
D.on user desktops
E.on corporate mail servers
F.on critical network segments
Answer: C, F

6.In which three ways does a Cisco network sensor protect network devices from attacks? (Choose three.)
A.It uses a blend of intrusion detection technologies to detect malicious network activity.
B.It can generate an alert when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
C.It permits or denies traffic into the protected network that is based on access lists that you create on the sensor.
D.It can take a variety of actions when it detects traffic that matches a set of rules that pertain to typical intrusion activity.
E.It uses behavior­based technology that focuses on the behavior of applications to protect network devices from known attacks and from new attacks for which there is no known signature.
Answer: A, B, D

7.Which command displays the statistics for Fast Ethernet interface 0/1?
A.show interfaces FastEthernet0/1
B.show interface int1
C.show statistics FastEthernet0/1
D.show statistics virtual­sensor
E.packet capture FastEthernet0/1
F.show statistics event­store
Answer: A

8.Which sensor process is used to initiate the blocking response action?
A: EXEC
B: Network Access Controller
C: blockd
D: shunStart
E: ACL Daemon
Answer: B

9.What is a configurable weight that is associated with the perceived importance of a network asset?
A.Risk Rating
B.parameter value
C.Target Value Rating
D.severity level
E.storage key
F.rate parameter
Answer: C

10.You are using multiple monitoring interfaces on a sensor appliance running software version
5.0. Which statement is true?
A.You can have the simultaneous protection of multiple network subnets, which is like having multiple sensors in a single appliance.
B.You can use different sensing configurations for each monitoring interface.
C.You can enable an interface only if the interface belongs to an interface group.
D.Multiple monitoring interfaces can be assigned to Group 0 at any given time.
E.All interfaces must operate in a single mode; you cannot mix inline­ and promiscuous­mode operations.
Answer: A

11.When performing a signature update on a Cisco IDS Sensor, which three server types are supported for retrieving the new software? (Choose three.)
A:FTP
B:SCP
C:RCP
D:NFS
E:TFTP
F:HTTP
Answer: A, B, F

12.How does a Cisco network sensor detect malicious network activity?
A: by using a blend of intrusion detection technologies
B: by performing in-depth analysis of the protocols that are specified in the packets that are traversing the network
C: by comparing network activity to an established profile of normal network activity
D: by using behavior-based technology that focuses on the behavior of applications
Answer: A

13.Which statement is true about viewing sensor events?
A: You can view events from the CLI, but you cannot filter them.
B: You can use the Events panel in the Cisco IDM to filter and view events.
C: In the Cisco IDM, you can filter events based on type or time but not both.
D: The Cisco IDM does not limit the number of events that you can view at one time.
E: To view events with high- and medium-severity levels in the Cisco IDM, you must select only the High check box from the Show alert events check boxes.
Answer: B

14.Which command provides a snapshot of the current internal state of a sensor service, enabling you to check the status of automatic upgrades and NTP?
A: show settings
B: show statistics
C: show statistics host
D: show service statistics
E: show ntp
F: show inventory
Answer: C

15.Your network has only one entry point. However, you are concerned about internal attacks. Select the three best choices for your network. (Choose three.)
A:CSA Agents on corporate mail servers
B:CSA Agents on critical network servers and user desktops
C:the network sensor behind (inside) the corporate firewall
D:the network sensor in front of (outside) the corporate firewall
E:sensor and CSA Agents that report to management and monitoring servers that are located inside the corporate firewall
F:sensor and CSA Agents that report to management and monitoring servers that are located outside the corporate firewall
Answer: B, C, E

© 2012 Cheat-Test.com. All Rights Reserved
Best Certification Exam Prep and Test Materials Cheat-Test USA