Welcome to download the newest Pass4itsure AHM-510 dumps:
By the use of Cisco 642-552 exam sample questions along with most relevant Cisco 642-552 questions and answers as they are an ideal study tool to pass Cisco 642-552 test in very first try. FLYDUMPS Cisco 642-552 exam sample questions are developed by our team of IT experts. Send us a scanned copy of your failed exam and we will promptly proceed to refund. The last package which is certainly not the least but a royal pack, which can give you full preparation on the subject and provide you 100 per cent guarantee of clearing the Cisco 642-552 exam sample questions. We are all well aware that a major problem in the IT industry is that there is a lack of quality questions answers.
QUESTION 72
By default, what will a router do with incoming network traffic when the Cisco IOS IPS software fails to build a SME?
A. scan traffic using the most recently installed SME
B. drop all packets destined for that SME
C. print a syslog message indicating that failure of the SME build
D. pass traffic packets destined for that SME without scanning them
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco IOS IPS uses signature microengines (SMEs) to load the SDF and scan signatures. Signatures contained within the SDF are handled by a variety of SMEs. The SDF typically contains signature definitions for multiple engines. The SME typically corresponds to the protocol in which the signature occurs and looks for malicious activity in that protocol. A packet is processed by several SMEs. Each SME scans for various conditions that can lead to a signature pattern match. When an SME scans the packets, it extracts certain values, searching for patterns within the packet via the regular expression engine. Example of Alarm Message: %IPS-5-PACKET_UNSCANNED:SERVICE.DNS -packets passed unscanned while engine is building It means Packets are passing through the network but are not being scanned because the specified IPS module is not functioning and the ipips fail closed command is not configured. The message is rate limited to 1 message per 60seconds
QUESTION 73
What is the difference between the attack-drop.sdf file and the 128MB.sdf and the 256MB.sdf files?
A. attack-drop.sdf has fewer signatures
B. attack-drop.sdf takes up more router memory space
C. attack-drop.sdf signatures cannot be tuned
D. attack-drop.sdf only contains the Atomic signatures
E. attack-drop.sdf only contains the String signatures
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Attack-drop.sdf contains about 80 signatures for routers with less than 128 MB of DRAM. 128MB.sdf and 256MB.sdf contain about 300 and 500 signatures respectively, and are used for routers with DRAM of 128 MB and 256 MB or les
QUESTION 74
What is the primary type of intrusion prevention technology used by Cisco IPS security appliances?
A. profile-based
B. rule-based
C. signature-based
D. protocol analysis-based
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco IOS IPS uses signature microengines (SMEs) to load the SDF and scan signatures. Signatures contained within the SDF are handled by a variety of SMEs. The SDF typically contains signature definitions for multiple engines. The SME typically corresponds to the protocol in which the signature occurs and looks for malicious activity in that protocol. A packet is processed by several SMEs. Each SME scans for various conditions that can lead to a signature pattern match. When an SME scans the packets, it extracts certain values, searching for patterns within the packet via the regular expression engine.
QUESTION 75
What is a description of a promiscuous PVLAN port?
A. It has a complete Layer 2 separation from the other ports within the same PVLAN.
B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN.
D. It cannot communicate with other ports.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Private VLANs provide isolation for ports that are configured within the private VLAN structure. You can
use private LANs when hosts on the same segment do not need to communicate with each other but do
need to communicate with the same router or firewall. Private VLANs provide isolation at Layer 2 of the
OSI model.
Private VLANs consist of the following VLANs:
1.
Primary VLAN-Receives frames from the promiscuous port and forwards it to ports in the primary, isolated, and community VLANs.
2.
Isolated VLAN-All ports in this VLAN can communicate only with the promiscuous port. Isolated ports cannot communicate with other isolated ports. Isolated VLANs are secondary VLANs.
3.
Community VLAN-All ports in this VLAN can communicate with each other and with the promiscuous port. Community VLANs are secondary VLANs.
QUESTION 76
How do you enable a host or a network to remotely access the Cisco IPS/IDS sensor?
A. Configure static routes.
B. Configure dynamic routing.
C. Configure allowed hosts.
D. Configure DHCP.
Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explanation: Cisco IPS maintains a list of all the trusted hosts it communicates with, including blocking devices, TLS/ SSL servers, and external products such as Cisco Security Agent MC. This list contains the digital certificates of the trusted systems used by IPS to establish secure connections. As part of the Cisco Security Agent/IPS interface configuration the system running Cisco Security Agent MC needs to be added as a trusted host. In the process of adding the system the IPS retrieves the digital certificate of the Cisco Security Agent MC and displays its fingerprint, which is then presented to the administrator for approval. After the administrator approves the associated fingerprint the Cisco Security Agent MC system is added as a trusted host.
QUESTION 77
What must be configured on a network-based Cisco IDS/IPS to allow to monitor traffic?
A. Enable rules.
B. Enable signatures.
C. Disable rules.
D. Disable signatures.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Effectively monitoring the alerts generated by your Cisco IPS devices is crucial to protecting your network from attack. The Cisco Security Monitor is the graphical tool you can use to monitor the events being generated by your various Cisco IPS devices. To allow the monitoring traffic of Cisco IDS/IPS you need to enable signatures.
QUESTION 78
DRAG DROP
Click and drag the Cisco IDS/IPS engine categories on the left to their function on the right.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 79
Which Cisco IDS/IPS feature enables the appliance to aggregate alarms?
A. FireOnce
B. Response actions
C. Alarm summarization
D. Threshold configuration
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Alarm summarization
This feature enables the sensor to aggregate alarms to limit the number of times an alarm is sent when the
signature is triggered.
Incorrect:
FireOnce
Sends the first alarm and then deletes the inspector.
This technique is used to limit alarm firings.
Response actions
This capability enables the sensor to take an action when the signature is triggered.
Threshold configuration
This capability enables a signature to be tuned to perform optimally in a network.
QUESTION 80
What are three common types of user accounts on the Cisco IDS/IPS? (Choose three.)
A. administrator
B. guest
C. operator
D. viewer
E. privileged
F. executive
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 81
What is a set of conditions that, when met, indicates that an intrusion is occurring or has occurred?
A. rules
B. state tables
C. signatures
D. master parameters
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco IDS and IPS use over a hundred signatures to detect patterns of misuse in network traffic to identify
of the most common attacks. Simple signatures check the value of a header field.
More complex signatures may track the state of a connection or perform extensive protocol analysis on the
traffic.
QUESTION 82
Which of these is true regarding IKE Phase 2?
A. The SAs used by IPsec are unidirectional, so a separate key exchange is required for each data flow.
B. Either main or aggressive mode can be used to establish the SAs.
C. Quick mode is used to establish the unidirectional IKE SA and the bidirectional IPsec SAs.
D. XAUTH can be optionally used to reauthenticate the IPsec peers.
E. The Diffie-Hellman protocol is used to exchange the public and private keys between the two IPsec peers.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The purpose of IKE phase 2 is to negotiate IPSec SAs to set up the IPSec tunnel. IKE phase 2 performs
the following functions:
1.
Negotiates IPSec SA parameters protected by an existing IKE SA
2.
Establishes IPSec security associations
3.
Periodically renegotiates IPSec SAs to ensure security
4.
Optionally performs an additional Diffie-Hellman exchange IKE phase 2 has one mode, called quick mode. Quick mode occurs after IKE has established the secure tunnel in phase 1. It negotiates a shared IPSec policy, derives shared secret keying material used for the IPSec security algorithms, and establishes IPSec SAs. Quick mode exchanges nonces that provide replay protection. The nonces are used to generate new shared secret key material and prevent replay attacks from generating bogus SAs.
QUESTION 83
Why was the Diffie-Hellman key agreement protocol created?
A. to eliminate the possibility of man-in-the-middle attacks, replacing the RSA method, which is susceptible to this type of attack
B. a practical method for establishing a shared secret over an unprotected communications channel was needed
C. an iterated HMAC function to generate pseudorandom data streams was needed
D. to provide a scalable and secure mechanism for distributing, managing, and revoking encryption and identity information
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Diffie-Hellman (D-H) key agreement is a public key encryption method that provides a way for two IPSec peers to establish a shared secret key that only they know, although they are communicating over an insecure channel. With D-H, each peer generates a public and private key pair. The private key generated by each peer is kept secret and never shared. The public key is calculated from the private key by each peer and is exchanged over the insecure channel. Each peer combines the other’s public key with its own private key and computes the same shared secret number. The shared secret number is then converted into a shared secret key. The shared secret key is never exchanged over the insecure channel.
QUESTION 84
Which IPsec protocol is the most popular and why?
A. AH, because it provides encryption and authentication
B. AH, because it supports tunnel mode
C. AH, because it works with PAT
D. ESP, because it provides encryption and authentication
E. ESP, because it supports tunnel mode
F. ESP, because it works with PAT
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
PSec is a framework of open standards developed by the Internet Engineering Task Force (IETF).
IPSec provides security for transmission of sensitive information over unprotected networks such as the
Internet. IPSec acts at the network layer, protecting and authenticating IP packets between participating
IPSec devices (“peers”), such as Cisco routers.
IPSec provides the following network security services. These services are optional. In general, local
security policy will dictate the use of one or more of these services:
1.
Data Confidentiality-The IPSec sender can encrypt packets before transmitting them across a network.
2.
Data Integrity-The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the
data has not been altered during transmission.
3.
Data Origin Authentication-The IPSec receiver can authenticate the source of the IPSec packets sent.
This service is dependent upon the data integrity service.
4.
Anti-Replay-The IPSec receiver can detect and reject replayed packets.
ESP-Encapsulating Security Payload.
A security protocol which provides data privacy services and optional data authentication, and anti-replay
services. ESP encapsulates the data to be protected.
QUESTION 85
Which of these two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for shared-key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: Internet Key Exchange (IKE)-A hybrid protocol which implements Oakley and SKEME key exchanges inside the ISAKMP framework. While IKE can be used with other protocols, its initial implementation is with the IPSec protocol. IKE provides authentication of the IPSec peers, negotiates IPSec security associations, and establishes IPSec keys. ?AH-AH, is the appropriate protocol when confidentiality is not required or permitted. It provides data authentication and integrity for IP packets passed between two systems. It is a means of verifying that any message passed from Router A to Router B was not modified during transit. It verifies that the data’s origin was either Router A or Router B. AH does not provide data confidentiality (encryption) of packets. It does the following:
1.
Ensures data integrity
2.
Provides origin authentication (ensures that packets definitely came from the peer router)
3.
Uses a keyed-hash mechanism
4.
Does not provide confidentiality (no encryption)
5.
Provides anti-replay protection
Flydumps is a website for Cisco 642-552 exam to provide a short-term effective Dynamics dumps.Cisco 642-552 is a certification exam which is able to change your life. IT professionals who gain Cisco 642-552 authentication certificate must have a higher salary than the ones who do not have the certificate and their position rising space is also very big, who will have a widely career development prospects in the IT industry in.
Welcome to download the newest Pass4itsure AHM-510 dumps: https://www.pass4itsure.com/ahm-510.html
http://www.i-tec.org/ibm-c2070-580-certification-discount-ibm-c2070-580-online-exam-latest-version-pdfvce/