Securing Networks Using Intrusion Prevention Systems Exam (IPS) : 642-532 Exam The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.
Exam Number/Code: 642-532
Exam Name: Securing Networks Using Intrusion Prevention Systems Exam (IPS)
VUE Code: 642-532
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English
Exam Description Introduction
The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.
Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe how Cisco IDS/IPS sensors are used to mitigate network security threats
Select the best sensor platform to protect a given network
Describe the features of the IDSM-2
Describe the features of the NM-CIDS
List sensor requirements for inline operations
List platforms on which the 50 image will run
Explain the difference between inline and promiscuous mode sensor operations
Select the most effective location for the sensor and other defense-in-depth components
Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
Explain the similarities and differences among the various intrusion detection technologies
Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
Explain the differences between HIPS and Network IPS
Describe the network sensors that are currently available and their features
Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
Explain the features, benefits, and system requirements of the IDM
Describe traffic that is not inspected by the NM-CIDS
Define intrusion detection
Define intrusion prevention
Explain the Cisco IDS/IPS signature features
Install Cisco IDS/IPS sensors and configure essential system parameters
Install a sensor appliance in the network
Use the IDM to configure SSH and TLS communications
Use the CLI to install the sensor’s software image
Select the appropriate image file for a sensor
Select a router to host the NM-CIDS
Configure communications between the router and the NM-CIDS
Describe the functions of the various IDSM-2 ports
Describe the tasks for configuring the NM-CIDS
Describe the interfaces and components of the NM-CIDS
Explain how the NM-CIDS works
Explain how the IDSM-2 obtains access to network traffic
Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
Install the IDSM-2 in a switch
Install the NM-CIDS in a router
Select a switch to host the IDSM-2
Use the CLI to initialize the sensor
Describe user accounts and how they provide sensor security
Use the IDM to configure and manage user accounts
Use the IDM to verify secure management access to the sensor
Obtain management access to the sensor appliance
Obtain management access to the NM-CIDS
Obtain management access to the IDSM-2
Describe allowed hosts
Use the IDM to configure allowed hosts
Describe sensor interfaces and interface pairs
Use the IDM to configure the sensor’s interfaces (enable, create pairs, assign to virtual sensor)
Describe software bypass mode
Use the IDM to configure software bypass mode
Use the IDM to configure the sensor’s network settings (IP address, netmask, default gateway, etc)
Describe sensor communications with external management and monitoring systems
Launch, navigate, and use the IDM to manage and monitor the sensor
Use the IDM to set the sensor’s time
Define traffic flow notification
Use the IDM to configure traffic flow notification
Describe the various CLI modes
Navigate the sensor CLI
List the tasks for installing and configuring the IDSM-2
Describe Cisco IDS/IPS sensor advanced system parameters
Plan the mitigation of specific network vulnerabilities and exploits
Describe sensor tuning
Describe sensor tuning methods
Explain IP fragment and TCP stream reassembly options
Describe the IP logging capabilities of the sensor
Explain how IP logging should be used
Explain the use of Event Variables
Determine the need for a custom signature
Describe the signature engines and their functionality
Describe the types of signatures supported by each engine
Describe common engine parameters and their effects on signatures
Describe engine-specific parameters and their effects on signatures
Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
Determine which response actions need to be configured for a given scenario
Determine the need for Event Action Filters in a given scenario
Describe the purpose of the Meta Event Generator
Explain Target Value Ratings and how they are used
Determine the need for Event Action Rules in a given scenario
Explain event Risk Ratings and how they are used
Explain the sensor’s SNMP support
Determine if the sensor’s application policy enforcement feature is needed in a given scenario
Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance
Use the IDM to tune the sensor to work optimally in the network
Use the IDM to tune signatures to provide maximum protection for a network
Use the IDM to create custom signatures as needed
Configure response actions for a signature
Configure the sensor to take response actions based on a risk rating
Configure the sensor to minimize false alerts
Use the IDM to create a Meta signature and disable alert production for the component signatures
Use the IDM to configure the sensor to support SNMP
Configure Event Action Filters
Configure Event Action Overrides
Configure Target Value Ratings
Configure general settings for Event Action Rules
Use the IDM to configure IP logging
Configure Event Variables
Use the IDM to configure blocking for a given scenario
Use the IDM to configure the sensor to use a Master Blocking Sensor
Use the IDM to configure IP fragment and TCP stream reassembly options
Use the sensor’s application policy enforcement feature
Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks
Configure the IDM events display
Analyze alerts and make configuration changes to respond to attacks
Use the CLI and the IDM to monitor events
Classify an alarm as true, false, positive or negative
Explain the fields in a Cisco IDS/IPS alert
Describe the various types of events generated by the sensor
Explain the difference between true and false and positive and negative alarms
Upgrade and maintain Cisco IDS/IPS sensors
Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
Use the CLI to recover the sensor’s software image
Use the IDM to install signature updates and service packs
Use the IDM to configure automatic signature and service pack updates
Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
Use the IDM to restore the default configuration to the sensor
Select the correct software update file for a sensor
Use the CLI to upgrade the software image
Describe the various types of image files
Apply the appropriate system image to the sensor
Describe maintenance tasks specific to the NM-CIDS
Use the CLI to obtain PEP information from the sensor
Use the IDM to install a sensor license
Describe PEP information and its purpose
Explain the purpose of service packs and signature updates
Describe service pack and signature update file names
Explain why a sensor license is needed
Obtain a license key
Troubleshoot Cisco IDS/IPS sensor operation and configuration errors
Use the packet command to display and capture packets from the data interfaces
Copy (to a location off the sensor) packets that have been captured from the data interfaces
Use the IDM to verify the sensor’s configuration
Use the CLI to back up the sensor configuration
View IP logs for troubleshooting purposes
Troubleshoot communications between the NM-CIDS and its host router
Reset and power down the sensor
Determine when resetting or powering down the sensor is necessary
Describe the main components of the IPS 50 software architecture
Verify functionality of the NM-CIDS
Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
Use the IDM and the CLI to obtain sensor statistics
Use the IDM to obtain a sensor diagnostic report
Use the IDM to obtain sensor system information
Use general troubleshooting commands
Use the IDM to shut down and reboot the sensor
Describe Cisco IDS/IPS configuration file format
“Securing Networks Using Intrusion Prevention Systems Exam (IPS)”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam Searching 642-532 Test Questions, 642-532 Exam, 642-532 Dumps
With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 63 questions to your 642-532 Exam preparation. In the 642-532 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
QUESTION 16:
Which of the following functions can be performed remotely by means of the
Intrusion Detection System Device Manager? (Select all that apply)
A. Restarting IDS services
B. Initializing the Sensor configuration
C. Powering down the Sensor
D. Accessing the Cisco Secure Encyclopedia
E. Restarting the Sensor
F. Initiating a TCP reset response
G. None of the above
642-532
www.actualtest.org – The Power of Knowing
Answer: A, C, E
Explanation:
Cisco IDS signature customization is now made easier through one web page. The
Custom Signature configuration page presents the network security administrator with all
the parameters that can be customized for a specific signature.
IDM enables the network security administrator to remotely:
1) Restart the IDS services.
2) Restart the Sensor.
3) Power down the Sensor.
Reference: Cisco CIDS Courseware, page 10-4
QUESTION 17:
Your PassGuide router is hosting a NM-CIDS. This router’s configuration contains
an inbound ACL. Which action does this router take when it receives a packet that
should be dropped, according to the inbound ACL?
A. The router forwards the packet to the NM-CIDS for inspection, then drops the packet.
B. The router drops the packet and does not forward it to the NM-CIDS for inspection.
C. The router filters the packet through the inbound ACL, tags it for drop action, and
forwards the packet to the NM-CIDS. Then the router drops it if it triggers any signature,
even a signature with no action configured.
D. The router filters the packet through the inbound ACL, forwards the packet to the
NM-CIDS for inspection only if it is an ICMP packet, and then drops the packet.
E. None of the above.
Answer: B
Explanation:
The Cisco IOS Software performs an input-ACL check on a packet before it processes
the packet for NAT or Encryption. As explained earlier, the IDS Network Module
monitors the packet after the NAT and decryption is processed. Thus if the packet is
dropped by the inbound ACL it is not forwarded to the IDS Network Module. The Cisco
IOS Software performs output-ACL check after the packet is forwarded to the IDS.
Hence the packet will be forwarded to the IDS even if the output ACL drops the packet.
Reference:
http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html
QUESTION 18:
A new IDS NM-CIDS network module was recently installed on a PassGuide router,
and packets are now being inspected via this module. However, not all packets are
inspected. Which two packet types are not forwarded to the NM-CIDS? (Choose
two)
642-532
www.actualtest.org – The Power of Knowing
A. GRE encapsulation packets
B. TCP packets
C. UDP packets
D. ARP packets
E. any IP multicast packets
F. ICMP packets
Answer: A, D
Explanation:
GRE Tunnels:
The Cisco IDS software does not analyze GRE encapsulated packet. Hence if a GRE
packet is received, and the incoming interface is enabled for IDS monitoring, the packet
WILL NOT be forwarded to the IDS Network Module for monitoring.
If a packet is encapsulated by the router into a GRE tunnel, and the incoming interface is
enabled for IDS monitoring, then the packet (before encapsulation) will be sent to the
IDS Network Module.
ARP Packets:
ARP packets are handled at layer-2 and are not forwarded to the IDS Network Module.
Reference:
http://www.cisco.com/en/US/products/hw/routers/ps282/prod_architecture09186a00801cf9fc.html
QUESTION 19:
Which of the following represents a type of exploit that involves introducing programs
that install in inconspicuous back door to gain unauthorized access?
A. File sharing
B. Trojan horse
C. Protocol weakness
D. Session hijack
E. None of the above
Answer: B
Explanation:
To gain remote access, they rely on keystroke capture software that’s planted on a
system, sometimes through a worm or Trojan horse disguised as a game or screen saver.
Reference: Cisco CIDS Courseware, page 2-46
QUESTION 20:
What can intrusion detection and prevention systems detect? (Choose three)
A. Network misuse
642-532
www.actualtest.org – The Power of Knowing
B. Network uptime
C. Unauthorized network access
D. Network downtime
E. Network throughput
F. Network abuse
Answer: A, C, F
pass4sure 642-532 Questions and Answers : 63 Q&As
Updated: October 1st , 2008
Price: $129.99 $89.99
Free download:pass4sure 642-532
Free download:PassGuide 642-532
password:www.ciscoexams.org
Download Latest Passforsure P4S Rapidshare links
- Free pass4sure ccsp 642-532 v2.93 Download
- Free Pass4sure Cisco IP Communications Exam 642-432 v2.30 Download
- Free Pass4sure cisco ccsp mars 642-545 2.95 Download
- Free Pass4sure Cisco IP Communications Exam 642-642 v2.93 Download
- Free Latest Pass4sure Cisco Ccsp Exam Dumps Download
- Free Cisco CCSP 642-524 SNAF Securing Networks with ASA Foundation Download
- Free free latest PassGuide ccsp 642-552 exam Download
- Free P4S Cisco CCSP Exam 642-521 v2.83 Download
- Free Pass4sure Cisco CCSP Exam 642-542 v2.83 Download
- Free P4S Cisco CCSP Exam 642-522 v2.93 Download
- Free CCNA Security Quick Reference CHAPTER 5 Cisco IOS IPS Download
- Free Pass4sure Cisco CCSP Exam 642-504 2.77 Download
- Free P4S Cisco CCSP Exam 642-552 v2.93 Download
- Free P4S Cisco CCSP Exam 642-551 v2.93 Download
- Free pass4sure ccsp 642-533 v2.93 Download
[...] Secure Virtual Private Networks (CSVPN) Pass4sure Cisco 642-551 Securing Cisco Network Devices Exam Pass4sure Cisco 642-532 Securing Networks Using Intrusion Prevention Systems Exam Pass4sure Cisco 642-533 Implementing [...]
[...] pass4sure 642-532 PassGuide 642-532 transcender 642-532 actualtest 642-532 Pass4sure Share and Enjoy: [...]