Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which Cisco Security IntelliShield Alert Manager Service component mitigates new botnet, phishing, and web-based threats?
A. the IntelliShield Threat Outbreak Alert
B. IntelliShield Alert Manager vulnerability alerts
C. the IntelliShield Alert Manager historical database
D. the IntelliShield Alert Manager web portal
E. the IntelliShield Alert Manager back-end intelligence engine
Answer: A
Q2. Which three options are characteristics of router-based IPS? (Choose three.)
A. It is used for large networks.
B. It is used for small networks.
C. It supports virtual sensors.
D. It supports multiple VRFs.
E. It uses configurable anomaly detection.
F. Signature definition files have been deprecated.
Answer: B,D,F
Q3. Which IPS feature allows you to aggregate multiple IPS links over a single port channel?
A. UDLD
B. ECLB
C. LACP
D. PAgP
Answer: B
Q4. Which two conditions must you configure in an event action rule to match all IPv4 addresses in the victim range and filter on the complete subsignature range? (Choose two.)
A. Disable event action override.
B. Leave the victim address range unspecified.
C. Set the subsignature ID-range to the default.
D. Set the deny action percentage to 100.
E. Set the deny action percentage to 0.
Answer: B,C
Q5. What are three features of the Cisco Security Intellishield Alert Manager Service? (Choose three.)
A. validation of alerts by security analysts
B. custom notifications
C. complete threat and vulnerability remediation
D. vendor-specific threat analysis
E. workflow-management tools
F. real-time threat and vulnerability mitigation
Answer: A,B,E
Q6. Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe that each time an alert fired, requests on the IP address exceeded replies by the same number. Which configuration could cause this behavior?
A. The reply-ratio parameter is enabled.
B. MAC flip is enabled.
C. The inspection condition is disabled.
D. The IPS is misconfigured.
Answer: A
Q7. What are three best practices for a Cisco Intrusion Prevention System? (Choose three.)
A. Checking for new signatures every 4 hours
B. Checking for new signatures on a staggered schedule
C. Automatically updating signature packs
D. Manually updating signature packs
E. Group tuning of signatures
F. Single tuning of signatures
Answer: B,C,E
Q8. Which centralized reporting function of the Cisco Content Security Management Appliance
aggregates data from multiple Cisco ESA devices?
A. message tracking
B. web tracking
C. system tracking
D. logging
Answer: A
Q9. Which two practices are recommended for implementing NIPS at enterprise Internet edges? (Choose two.)
A. Integrate sensors primarily on the more trusted side of the firewall (inside or DMZ interfaces).
B. Integrate sensors primarily on the less trusted side of the firewall (outside interfaces).
C. Implement redundant IPS and make data paths symmetrical.
D. Implement redundant IPS and make data paths asymmetrical.
E. Use NIPS only for small implementations.
Answer: A,C
Q10. If learning accept mode is set to "auto" and the knowledge base is loaded only when explicitly requested on the IPS, which statement about the knowledge base is true?
A. The knowledge base is set to load dynamically.
B. The knowledge base is set to "save only."
C. The knowledge base is set to "discarded."
D. The knowledge base is set to load statically.
Answer: B
Q11. Which four statements are correct regarding management access to a Cisco Intrusion Prevention System? (Choose four.)
A. The Telnet protocol is enabled by default
B. The Telnet protocol is disabled by default
C. HTTP is enabled by default
D. HTTP is disabled by default
E. SSH is enabled by default
F. SSH is disabled by default
G. HTTPS is enabled by default
H. HTTPS is disabled by default
Answer: B,D,E,G
Q12. An IPS is configured to fail-closed and you observe that all packets are dropped. What is a possible reason for this behavior?
A. Mainapp is unresponsive.
B. The global correlation update failed.
C. The IPS span session failed.
D. The attack drop file is misconfigured.
Answer: A
Q13. Which statement about Cisco IPS Manager Express is true?
A. It provides basic device management for large-scale deployments.
B. It provides a GUI for configuring IPS sensors and security modules.
C. It enables communication with Cisco ASA devices that have no administrative access.
D. It provides greater security than simple ACLs.
Answer: B
Q14. Refer to the exhibit.
What CLI command generated the output?
A. smtproutes
B. tophosts
C. hoststatus
D. workqueuestatus
Answer: B
Q15. What is the CLI command to create a new Message Filter in a Cisco Email Security Appliance?
A. filterconfig
B. filters new
C. messagefilters
D. policyconfig-- inbound or outbound-- filters
Answer: B
Q16. When learning accept mode is set to auto, and the action is set to rotate, when is the KB created and used?
A. It is created every 24 hours and used for 24 hours.
B. It is created every 24 hours, but the current KB is used.
C. It is created every 1 hour and used for 24 hours.
D. A KB is created only in manual mode.
Answer: A