Pass4sure Cisco Certification

Securing Hosts Using Cisco Security Agent Exam

Exam Number: 642-513
Associated Certifications: CCSP
Duration: 75 minutes (65-75 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v3.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe and deploy the CSA and CSA MC products
Explain the concept of network defense in depth
Describe Cisco Security Agent architecture
Describe the life cycle of an attack
Explain how Cisco Security Agent protects against attacks
Identify the CSA MC and CSA system requirements
Identify the administration workstation requirements
Install the CSA MC
Configure basic settings on the CSA MC
Install the CSA using a default group

Use CSA MC to configure groups, manage hosts, and build policies
Describe various components of the menu bar and its function in the CSA MC interface
Create, save, and delete data on the CSA MC
Create groups to ease host management and security policy deployment
Build Agent kits for the newly created groups
View host status and modify host configuration
Distribute software updates to hosts
Discuss components of a policy
Configure policies and rule modules

Use CSA MC to configure rules
Describe the basics of rule construction and functionality
Configure rules common to Windows and UNIX systems
Configure Windows-Only rules
Configure UNIX-Only rules
Describe the individual rules you can add to your policies that allow CSA MC to categorize processes and correlate events across multiple systems
Describe and configure the system API Control Rule
Describe and configure the Network Shield Rule
Describe and configure the Buffer Overflow Control Rule
Describe and configure the Email Worm Protection Rule module
Describe and configure the Installation Applications Policy
Describe and configure Global Event Correlation

Define application classes and work with variables
Explain the use of application classes in creating security policies
Discuss the preconfigured application classes included in the CS AMC
Configure a static application class
Create a dynamic application class and an application-builder rule
Discuss how events sets are used to ease administration of security policies
Configure data, file and network address sets
Create registry, COM component and network services sets
Use the COM extraction utility to gather PROGIDs and CLSIDs for the software installed on a system
Configure Query Settings variables to be used with Query rules

Use CSA Analysis and define and generate reports
Understand and configure application deployment investigation
Understand and configure product associations for application deployment investigation
Configure and run application deployment reports
Understand and configure application behavior investigation
Understand and use behavior analysis reports
Import and use behavior analysis rule modules
Explain the features of the Event Log and Event Monitor
Configure filtering of events for logging, reports, and alerts
Create event-based alerts
Generate reports on events selected by sorting criteria

QUESTION 1:

Certkiller chose the Cisco CSA product to protect the network against the newest attacks. Cisco Security Agent provides Day Zero attack prevention by using which
of these methods?

A. Using signatures to enforce security policies
B. Using API control to enforce security policies
C. Using stateful packet filtering to enforce security policies
D. Using algorithms that compare application calls for system resources to the security policies
E. None of the above
Answer: D Explanation:
Because Cisco Security Agent analyzes behavior rather than relying on signature matching, it never needs updating to stop a new attack. This zero-update architecture
provides protection with reduced operational costs and can identify so-called “Day Zero”
threats.”
At a high level, Cisco(r) Security Agent is straightforward. It intercepts system calls between applications and the operating system, correlates them, compares the correlated system calls against a set of behavioral rules, and then makes an “allow” or”deny”
decision based on the results of its comparison. This process is called INCORE, which stands for intercept, correlate, rules engine.
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_white_paper0900aecd8020f448.shtml

QUESTION 2:

Certkiller has implemented the CSA product to provide security for all of their devices. For which layers of the OSI reference model does CSA enforce security?

A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7
Answer: D Explanation:
Cisco Security Agent provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. The Cisco Security Agent consolidates endpoint security functions in a single agent, providing:

TK

1. Host intrusion prevention
2. Spyware/adware protection
3. Protection against buffer overflow attacks
4. Distributed firewall capabilities
5. Malicious mobile code protection
6. Operating-system integrity assurance
7. Application inventory
8. Audit log-consolidation
This provides security for endpoints at the network layer (layer 3) through the application layer (layer 7).

QUESTION 3:

The CSA architecture model is made up of three major components. Which three are they? (Choose three)

A. Cisco Trust Agent
B. Cisco Security Agent
C. Cisco Security Agent Management Center
D. Cisco Intrusion Prevention System
E. An administrative workstation
F. A syslog server
Answer: B, C, E Explanation:
The CSA MC architecture model consists of a central management center which maintains a database of policies and system nodes, all of which have Cisco Security Agent software installed on their desktops and servers. The agents themselves, and an
administrative workstations, combined with the Management Center, comprise the three aspects of the CSA architecture.
Agents register with CSA MC. CSA MC checks its configuration database for a record of the system. When the system is found and authenticated, CSA MC deploys a configured policy for that particular system or grouping of systems.

QUESTION 4:

DRAG DROP
As a Certkiller trainee you are required to matchthe Cisco Trust Agent posture state with its definition.

TK

Answer:

QUESTION 5:

DRAG DROP
As a Certkiller student you are required to match the CSA MC view with the corresponding definition.

Free 642-513 Exams’s PDF Download
Free Testking offers free demo for 642-513 PDF(Securing Hosts Using Cisco Security Agent Exam (HIPS)). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Securing Hosts Using Cisco Security Agent Exam (HIPS).

Recommended Training about 642-513 exam PDF
The following courses are the recommended training for 642-513 exam PDF.
642-513 Q & A with Explanations
642-513 Audio Exam
642-513 Study Guide
642-513 Preparation Lab
642-513 Exam Preparation from

Exam Number/Code: 642-513
Exam Name: Securing Hosts Using Cisco Security Agent Exam (HIPS)
VUE Code: 642-513
Questions Type: Single choice, Multiple choice, Simulate,
Question Numbers of Real-exam: 65-75 questions

“Securing Hosts Using Cisco Security Agent Exam (HIPS)”, also known as 642-513 exam, is a Cisco certification.
Preparing for the 642-513 exam? Searching 642-513 Test Questions, 642-513 Practice Exam, 642-513 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 69 Q&As to your 642-513 Exam preparation. In the 642-513 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

Questions and Answers : 69 Q&As
Updated: March 27th , 2008
Market Price: $129.99
Member Price: $89.99

Free Pass4sure 642-513 HIPS
Interactive Testing Engine Included!
69 Questions
Updated : 09/18/2008
Price : $87.99 $79.99

Free download?pass4sure 642-513 HIPS
Free download?testking 642-513 HIPS

PassGuide Braindumps: provides high quality Cisco exam practice questions and Training Materials.Hel you Pass Cisco Certifications

Download Free Latest Pass4sure P4S PassForsure Braindumps

1. Free pass4sure cisco ccsp dumps 2.83
2. Free New pass4sure cisco ccsp dumps 2.83
3. Free Pass4sure 642-544 MARS 2.83
4. Free Pass4sure 642-432 CVOICE 2.73
5. Free Pass4sure 642-551 SND 2.83
6. Free Pass4sure 642-591 CANAC 2.83
7. Free Pass4sure Cisco Dumps 2.73
8. Free Pass4sure 642-242 UCCEI 2.95
9. Free Pass4sure 350-030 CCIE 2.95
10. Free Pass4sure 642-532 IPS 2.83