Pass4sure Cisco Certification

Securing Networks Using Intrusion Prevention Systems Exam

Retired January 16, 2008
Exam Number: 642-532
Associated Certifications: CCSP, Cisco IPS Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe how Cisco IDS/IPS sensors are used to mitigate network security threats
Select the best sensor platform to protect a given network
Describe the features of the IDSM-2
Describe the features of the NM-CIDS
List sensor requirements for inline operations
List platforms on which the 50 image will run
Explain the difference between inline and promiscuous mode sensor operations
Select the most effective location for the sensor and other defense-in-depth components
Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
Explain the similarities and differences among the various intrusion detection technologies
Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
Explain the differences between HIPS and Network IPS
Describe the network sensors that are currently available and their features
Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
Explain the features, benefits, and system requirements of the IDM
Describe traffic that is not inspected by the NM-CIDS
Define intrusion detection
Define intrusion prevention
Explain the Cisco IDS/IPS signature features

Install Cisco IDS/IPS sensors and configure essential system parameters
Install a sensor appliance in the network
Use the IDM to configure SSH and TLS communications
Use the CLI to install the sensor’s software image
Select the appropriate image file for a sensor
Select a router to host the NM-CIDS
Configure communications between the router and the NM-CIDS
Describe the functions of the various IDSM-2 ports
Describe the tasks for configuring the NM-CIDS
Describe the interfaces and components of the NM-CIDS
Explain how the NM-CIDS works
Explain how the IDSM-2 obtains access to network traffic
Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
Install the IDSM-2 in a switch
Install the NM-CIDS in a router
Select a switch to host the IDSM-2
Use the CLI to initialize the sensor
Describe user accounts and how they provide sensor security
Use the IDM to configure and manage user accounts
Use the IDM to verify secure management access to the sensor
Obtain management access to the sensor appliance
Obtain management access to the NM-CIDS
Obtain management access to the IDSM-2
Describe allowed hosts
Use the IDM to configure allowed hosts
Describe sensor interfaces and interface pairs
Use the IDM to configure the sensor’s interfaces (enable, create pairs, assign to virtual sensor)
Describe software bypass mode
Use the IDM to configure software bypass mode
Use the IDM to configure the sensor’s network settings (IP address, netmask, default gateway, etc)
Describe sensor communications with external management and monitoring systems
Launch, navigate, and use the IDM to manage and monitor the sensor
Use the IDM to set the sensor’s time
Define traffic flow notification
Use the IDM to configure traffic flow notification
Describe the various CLI modes
Navigate the sensor CLI
List the tasks for installing and configuring the IDSM-2

Describe Cisco IDS/IPS sensor advanced system parameters
Plan the mitigation of specific network vulnerabilities and exploits
Describe sensor tuning
Describe sensor tuning methods
Explain IP fragment and TCP stream reassembly options
Describe the IP logging capabilities of the sensor
Explain how IP logging should be used
Explain the use of Event Variables
Determine the need for a custom signature
Describe the signature engines and their functionality
Describe the types of signatures supported by each engine
Describe common engine parameters and their effects on signatures
Describe engine-specific parameters and their effects on signatures
Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
Determine which response actions need to be configured for a given scenario
Determine the need for Event Action Filters in a given scenario
Describe the purpose of the Meta Event Generator
Explain Target Value Ratings and how they are used
Determine the need for Event Action Rules in a given scenario
Explain event Risk Ratings and how they are used
Explain the sensor’s SNMP support
Determine if the sensor’s application policy enforcement feature is needed in a given scenario

Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance
Use the IDM to tune the sensor to work optimally in the network
Use the IDM to tune signatures to provide maximum protection for a network
Use the IDM to create custom signatures as needed
Configure response actions for a signature
Configure the sensor to take response actions based on a risk rating
Configure the sensor to minimize false alerts
Use the IDM to create a Meta signature and disable alert production for the component signatures
Use the IDM to configure the sensor to support SNMP
Configure Event Action Filters
Configure Event Action Overrides
Configure Target Value Ratings
Configure general settings for Event Action Rules
Use the IDM to configure IP logging
Configure Event Variables
Use the IDM to configure blocking for a given scenario
Use the IDM to configure the sensor to use a Master Blocking Sensor
Use the IDM to configure IP fragment and TCP stream reassembly options
Use the sensor’s application policy enforcement feature

Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks
Configure the IDM events display
Analyze alerts and make configuration changes to respond to attacks
Use the CLI and the IDM to monitor events
Classify an alarm as true, false, positive or negative
Explain the fields in a Cisco IDS/IPS alert
Describe the various types of events generated by the sensor
Explain the difference between true and false and positive and negative alarms

Upgrade and maintain Cisco IDS/IPS sensors
Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
Use the CLI to recover the sensor’s software image
Use the IDM to install signature updates and service packs
Use the IDM to configure automatic signature and service pack updates
Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
Use the IDM to restore the default configuration to the sensor
Select the correct software update file for a sensor
Use the CLI to upgrade the software image
Describe the various types of image files
Apply the appropriate system image to the sensor
Describe maintenance tasks specific to the NM-CIDS
Use the CLI to obtain PEP information from the sensor
Use the IDM to install a sensor license
Describe PEP information and its purpose
Explain the purpose of service packs and signature updates
Describe service pack and signature update file names
Explain why a sensor license is needed
Obtain a license key

Troubleshoot Cisco IDS/IPS sensor operation and configuration errors
Use the packet command to display and capture packets from the data interfaces
Copy (to a location off the sensor) packets that have been captured from the data interfaces
Use the IDM to verify the sensor’s configuration
Use the CLI to back up the sensor configuration
View IP logs for troubleshooting purposes
Troubleshoot communications between the NM-CIDS and its host router
Reset and power down the sensor
Determine when resetting or powering down the sensor is necessary
Describe the main components of the IPS 50 software architecture
Verify functionality of the NM-CIDS
Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
Use the IDM and the CLI to obtain sensor statistics
Use the IDM to obtain a sensor diagnostic report
Use the IDM to obtain sensor system information
Use general troubleshooting commands
Use the IDM to shut down and reboot the sensor
Describe Cisco IDS/IPS configuration file format

QUESTION 1:

A new IDSM2 module was installed in the Certkiller network. Which of the following features regarding the IDSM2 is true?

A. IDSM2 needs a separate management package
B. IDSM2 is limited to 62 signatures
C. IDSM2 can drop offending packets
D. IDSM2 makes use of the same code as the network appliance
E. None of the above
Answer: D Explanation:
IDSM-2 provides the following capabilities or features:
- Merged switching and security into a single chassis
- Ability to monitor multiple VLANs
- Does not impact switch performance
- Attacks and signatures equal to appliance sensor
- Uses the same code base of the appliance sensor
- Support for improved management techniques such as IDM Reference: Cisco Press CCSP CSIDS Guide, 2nd edition page 199

QUESTION 2:

A new NM-CIDS module is being inserted into the Certkiller network. Which versions of Cisco IOS software is needed to support the NM-CIDS module?
a. 3.1 and above. B. 4.1 and above C. 4.0 and above D. 2.0 and above
E. None of the above

Answer: B

Explanation:

QUESTION 3:

A new Certkiller IPS sensor is being configured for inline operation. Which three steps must you perform to prepare sensor interfaces for inline operations? (Choose three)

A. Disable all interfaces except the inline pair
B. Add the inline pair to the default virtual sensor
C. Enable two interfaces for the pair
D. Disable any interfaces that are operating in promiscuous mode. E. Create the interface pair
F. Configure an alternate TCP-reset interface. Answer: B, C, E
Explanation:
Operating in inline interface mode puts the IPS directly into the traffic flow and affects packet-forwarding rates making them slower by adding latency. This allows the sensor to stop attacks by dropping malicious traffic before it reaches the intended target, thus

providing a protective service.
Not only is the inline device processing information on layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded
attacks (layers 3 to 7). This deeper analysis lets the system identify and stop and/or block attacks that would normally pass through a traditional firewall device.
In inline interface mode, a packet comes in through the first interface of the pair on the sensor and out the second interface of the pair. The packet is sent to the second interface
of the pair unless that packet is being denied or modified by a signature.
To configure the interfaces for inline operation, you will need to create the interface pair, enable the two interfaces, and add the inline interface pair to the default sensor.
Reference: Configuring the Cisco Intrusion Prevention System Sensor Using the
Command Line Interface 5.1, Cisco Documentation, page 5-11.

QUESTION 4:

The Certkiller security administrator is determining whether to configure a new sensor in inline or promiscuous mode. What are three differences between inline and promiscuous sensor functionality? (Choose three)

A. A sensor that is operating in inline mode can drop the packet that triggers a signature before it reaches its target, but a sensor that is operating in promiscuous mode cannot.
B. A sensor that is operating in inline mode supports more signatures than a sensor that operates in promiscuous mode.
C. Deny actions are available only to inline sensors, but blocking actions are available only to promiscuous mode sensors.
D. A sensor that is operating in promiscuous mode can perform TCP resets, but a sensor that is operating in inline mode cannot.
E. Inline operation provides more protection from Internet worms than promiscuous mode does.
F. Inline operation provides more protection from atomic attacks than promiscuous mode does.
Answer: A, E, F Explanation:
In promiscuous mode, packets do not flow through the sensor. The sensor analyzes a
copy of the monitored traffic rather than the actual forwarded packet. The advantage of operating in promiscuous mode is that the sensor does not affect the packet flow with the forwarded traffic. The disadvantage of operating in promiscuous mode, however, is the sensor cannot stop malicious traffic from reaching its intended target for certain types of attacks, such as atomic attacks (single-packet attacks). The response actions implemented
by promiscuous sensor devices are post-event responses and often require assistance from other networking devices, for example, routers and firewalls, to respond to an
attack. While such response actions can prevent some classes of attacks, in atomic attacks the single packet has the chance of reaching the target system before the
promiscuous-based sensor can apply an ACL modification on a managed device (such as

Free 642-532 Exams’s PDF Download
Free Testking offers free demo for 642-532 PDF(Securing Networks Using Intrusion Prevention Systems Exam). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Securing Networks Using Intrusion Prevention Systems Exam.

Recommended Training about 642-532 exam PDF
The following courses are the recommended training for 642-532 exam PDF.
642-532 Q & A with Explanations
642-532 Audio Exam
642-532 Study Guide
642-532 Preparation Lab

Exam Number/Code: 642-532
Exam Name: Securing Networks Using Intrusion Prevention Systems Exam
VUE Code: 642-532
Questions Type: Single choice,
Question Numbers of Real-exam: 60-70 questions

“Securing Networks Using Intrusion Prevention Systems Exam”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam? Searching 642-532 Test Questions, 642-532 Practice Exam, 642-532 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 Q&As to your 642-532 Exam preparation. In the 642-532 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

Questions and Answers : 63 Q&As
Updated: April 8th , 2008
Market Price: $129.99
Member Price: $89.99

Pass4sure 642-532 IPS
Interactive Testing Engine Included!
110 Questions
Updated : 09/18/2008
Price : $87.99 $79.99

Free download?pass4sure 642-532 IPS
Free download?testking 642-532 IPS

PassGuide Braindumps: provides high quality Cisco exam practice questions and Training Materials.Hel you Pass Cisco Certifications

Download Free Latest Pass4sure P4S PassForsure Braindumps

1. Free Pass4sure 642-533 IPS 2.83
2. Free Pass4sure 642-551 SND 2.83
3. Free Pass4sure 640-553 IINS 2.93
4. Free Pass4sure 642-873 ARCH 2.93
5. Free Pass4sure 642-552 SND 2.83
6. Free Pass4sure 642-961 CDCNID 2.93
7. Free Pass4sure 642-541 CSI 2.83
8. Free Pass4sure ccsp 642-542 2.83
9. Free Pass4sure 642-691 BGP+ MPLS 2.83
10. Free Pass4sure 642-513 HIPS 2.93