Cisco CCNP Security 642-627 Training

Implementing Cisco Intrusion Prevention System v7.0 (IPS v7.0) 642-627 exam is associated with the CCSP, CCNP Security and Cisco IPS Specialist certifications. This exam tests a candidate’s knowledge and skills needed to deploy Cisco IPS-based security solutions. Successful graduates will be able to reduce risk to the IT infrastructure and applications using Cisco IPS features, and provide detailed operations support for the Cisco IPS 642-627. Candidates can prepare for this exam by taking the Implementing Cisco Intrusion Prevention System course.

QUESTION 30
Which IPS alert action is available only in inline mode?
A.    produce verbose alert
B.    request rate limit
C.    reset TCP connection
D.    log attacker/victim pair packets
E.    deny-packet-inline
F.    request block connection
Answer: E

QUESTION 31
Refer to the exhibit. What does the Risk Threshold setting of 95 specify?
A.    the low risk rating threshold
B.    the low threat rating threshold
C.    the low target value rating threshold
D.    the high risk rating threshold
E.    the high threat rating threshold
F.    the high target value rating threshold
Answer: D

QUESTION 32
From the Cisco IPS appliance CLI setup command, one of the options is “Modify default threat prevention settings? [no]”. What is this option related to?
A.    anomaly detection
B.    threat rating adjustment
C.    event action override that denies high-risk network traffic with a risk rating of 90 to 100
D.    risk rating adjustment with global correlation
E.    reputation filters
Answer: C

QUESTION 33
In Cisco IDM, the Configuration > Sensor Setup > SSH > Known Host Keys screen is used for what purpose?
A.    to enable the Cisco IPS appliance as a master blocking sensor
B.    to enable management hosts to access the Cisco IPS appliance
C.    to regenerate the Cisco IPS appliance SSH host key
D.    to regenerate the Cisco IPS appliance SSL RSA key pair
E.    to enable communications with a blocking device
Answer: E

QUESTION 35
Which configuration is required when setting up the initial configuration on the Cisco ASA 5505 to
support the Cisco ASA AIP-SSC?
A.    Configure a VLAN interface as a management interface to access the Cisco ASA AIP-SSC.
B.    Using MPF, configure which virtual sensor to use.
C.    Configure a management access rule to allow Cisco ASDM access from the Cisco ASA AIP- SSC management interface IP address.
D.    Configure a management access rule to allow SSH access from the Cisco ASA AIP-SSC management interface IP address.
Answer: A

QUESTION 36
The Cisco IPS appliance risk category is used with which other feature?
A.    anomaly detection
B.    event action overrides
C.    global correlation
D.    reputation filter
Answer: B

QUESTION 37
Which two Cisco IPS modules support sensor virtualization? (Choose two.)
A.    AIP-SSM
B.    AIP-SSC
C.    IPS AIM
D.    IPS NME
E.    IDSM-2
Answer: AE

QUESTION 38
You are working with Cisco TAC to troubleshoot a software problem on the Cisco IPS appliance. TAC suspects a fault with the ARC software module in the Cisco IPS appliance. In this case, which Cisco IPS appliance operations may be most affected by the ARC software module fault?
A.    SDEE
B.    global correlation
C.    anomaly detection
D.    remote blocking
E.    virtual sensor
F.    OS fingerprinting
Answer: D

QUESTION 39
Threat rating calculation is performed based on which factors?
A.    risk rating and adjustment based on the prevention actions taken
B.    threat rating and event action overrides
C.    event action overrides and event action filters
D.    risk rating and target value rating
E.    alert severity and alert actions
Answer: A

QUESTION 40
Refer to the exhibit. The scanner threshold is set to 120. Which two statements about this histogram are true? (Choose two.)
A.    From a single source you do not expect to see nonestablished connections to more than 120 different destination IP addresses.
B.    From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses.
C.    You do not expect to see more than 5 sources generate nonestablished connections to 10 or more different destinations.
D.    You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations.
E.    A scanner threshold of 120 is not a valid value for this histogram.
F.    Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of destination IP addresses in the histogram.
G.    Scanning attacks will not be triggered, because the scanner threshold is higher than the maximum number of source IP addresses in the histogram.
Answer: AD