Testinside cisco CCSP 642-532

Securing Networks Using Intrusion Prevention Systems Exam (IPS) : 642-532 Exam

642-532 IPS
Securing Networks Using Intrusion Prevention Systems Exam

Retired January 16, 2008
Exam Number: 642-532
Associated Certifications: CCSP, Cisco IPS Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe how Cisco IDS/IPS sensors are used to mitigate network security threats
Select the best sensor platform to protect a given network
Describe the features of the IDSM-2
Describe the features of the NM-CIDS
List sensor requirements for inline operations
List platforms on which the 50 image will run
Explain the difference between inline and promiscuous mode sensor operations
Select the most effective location for the sensor and other defense-in-depth components
Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
Explain the similarities and differences among the various intrusion detection technologies
Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
Explain the differences between HIPS and Network IPS
Describe the network sensors that are currently available and their features
Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
Explain the features, benefits, and system requirements of the IDM
Describe traffic that is not inspected by the NM-CIDS
Define intrusion detection
Define intrusion prevention
Explain the Cisco IDS/IPS signature features

Install Cisco IDS/IPS sensors and configure essential system parameters
Install a sensor appliance in the network
Use the IDM to configure SSH and TLS communications
Use the CLI to install the sensor’s software image
Select the appropriate image file for a sensor
Select a router to host the NM-CIDS
Configure communications between the router and the NM-CIDS
Describe the functions of the various IDSM-2 ports
Describe the tasks for configuring the NM-CIDS
Describe the interfaces and components of the NM-CIDS
Explain how the NM-CIDS works
Explain how the IDSM-2 obtains access to network traffic
Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
Install the IDSM-2 in a switch
Install the NM-CIDS in a router
Select a switch to host the IDSM-2
Use the CLI to initialize the sensor
Describe user accounts and how they provide sensor security
Use the IDM to configure and manage user accounts
Use the IDM to verify secure management access to the sensor
Obtain management access to the sensor appliance
Obtain management access to the NM-CIDS
Obtain management access to the IDSM-2
Describe allowed hosts
Use the IDM to configure allowed hosts
Describe sensor interfaces and interface pairs
Use the IDM to configure the sensor’s interfaces (enable, create pairs, assign to virtual sensor)
Describe software bypass mode
Use the IDM to configure software bypass mode
Use the IDM to configure the sensor’s network settings (IP address, netmask, default gateway, etc)
Describe sensor communications with external management and monitoring systems
Launch, navigate, and use the IDM to manage and monitor the sensor
Use the IDM to set the sensor’s time
Define traffic flow notification
Use the IDM to configure traffic flow notification
Describe the various CLI modes
Navigate the sensor CLI
List the tasks for installing and configuring the IDSM-2

Describe Cisco IDS/IPS sensor advanced system parameters
Plan the mitigation of specific network vulnerabilities and exploits
Describe sensor tuning
Describe sensor tuning methods
Explain IP fragment and TCP stream reassembly options
Describe the IP logging capabilities of the sensor
Explain how IP logging should be used
Explain the use of Event Variables
Determine the need for a custom signature
Describe the signature engines and their functionality
Describe the types of signatures supported by each engine
Describe common engine parameters and their effects on signatures
Describe engine-specific parameters and their effects on signatures
Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
Determine which response actions need to be configured for a given scenario
Determine the need for Event Action Filters in a given scenario
Describe the purpose of the Meta Event Generator
Explain Target Value Ratings and how they are used
Determine the need for Event Action Rules in a given scenario
Explain event Risk Ratings and how they are used
Explain the sensor’s SNMP support
Determine if the sensor’s application policy enforcement feature is needed in a given scenario

Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance
Use the IDM to tune the sensor to work optimally in the network
Use the IDM to tune signatures to provide maximum protection for a network
Use the IDM to create custom signatures as needed
Configure response actions for a signature
Configure the sensor to take response actions based on a risk rating
Configure the sensor to minimize false alerts
Use the IDM to create a Meta signature and disable alert production for the component signatures
Use the IDM to configure the sensor to support SNMP
Configure Event Action Filters
Configure Event Action Overrides
Configure Target Value Ratings
Configure general settings for Event Action Rules
Use the IDM to configure IP logging
Configure Event Variables
Use the IDM to configure blocking for a given scenario
Use the IDM to configure the sensor to use a Master Blocking Sensor
Use the IDM to configure IP fragment and TCP stream reassembly options
Use the sensor’s application policy enforcement feature

Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks
Configure the IDM events display
Analyze alerts and make configuration changes to respond to attacks
Use the CLI and the IDM to monitor events
Classify an alarm as true, false, positive or negative
Explain the fields in a Cisco IDS/IPS alert
Describe the various types of events generated by the sensor
Explain the difference between true and false and positive and negative alarms

Upgrade and maintain Cisco IDS/IPS sensors
Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
Use the CLI to recover the sensor’s software image
Use the IDM to install signature updates and service packs
Use the IDM to configure automatic signature and service pack updates
Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
Use the IDM to restore the default configuration to the sensor
Select the correct software update file for a sensor
Use the CLI to upgrade the software image
Describe the various types of image files
Apply the appropriate system image to the sensor
Describe maintenance tasks specific to the NM-CIDS
Use the CLI to obtain PEP information from the sensor
Use the IDM to install a sensor license
Describe PEP information and its purpose
Explain the purpose of service packs and signature updates
Describe service pack and signature update file names
Explain why a sensor license is needed
Obtain a license key

Troubleshoot Cisco IDS/IPS sensor operation and configuration errors
Use the packet command to display and capture packets from the data interfaces
Copy (to a location off the sensor) packets that have been captured from the data interfaces
Use the IDM to verify the sensor’s configuration
Use the CLI to back up the sensor configuration
View IP logs for troubleshooting purposes
Troubleshoot communications between the NM-CIDS and its host router
Reset and power down the sensor
Determine when resetting or powering down the sensor is necessary
Describe the main components of the IPS 50 software architecture
Verify functionality of the NM-CIDS
Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
Use the IDM and the CLI to obtain sensor statistics
Use the IDM to obtain a sensor diagnostic report
Use the IDM to obtain sensor system information
Use general troubleshooting commands
Use the IDM to shut down and reboot the sensor
Describe Cisco IDS/IPS configuration file format

“Securing Networks Using Intrusion Prevention Systems Exam (IPS)”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam? Searching 642-532 Test Questions, 642-532 Practice Exam, 642-532 Dumps?

Free 642-532 Demo Download
TestInside offers free demo for 642-532 exam ( Securing Networks Using Intrusion Prevention Systems Exam (IPS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

QUESTION 21:
The signature files on a Certkiller sensor are being updated by the security
administrator. Which two statement are true about Cisco IPS signatures? (Choose
two)
A. A signature is a set of rules that pertain to typical intrusion activity.
B. When network traffic matches a signature, the signature must generate an alert, but
can also initiate a response action.
C. Some signatures can be triggered by the contents of a single packet.
D. Signatures trigger alerts only when they match a specific pattern of traffic.
E. You can disable signatures and later re-enable them; however, this process requires the
sensing engines to rebuild their configuration, which takes time and could delay the
processing of traffic.
F. You can enable and modify built-in signatures, but you cannot disable them.
Answer: A, C
Explanation:
Attacks or other misuses of network resources can be defined as network intrusions.
Network intrusions can be detected by sensors that use a signature-based technology. A
signature is a set of rules that your sensor uses to detect typical intrusive activity, such as
denial of service (DoS) attacks. As sensors scan network packets, they use signatures to
detect known attacks and respond with actions that you define. Signatures can be
triggered either by a series of packets, called compound attacks, or by a single packet.
Single packet attacks are called atomic attacks; an example of this is the ping of death
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chap
QUESTION 22:

Which of the following represents basic types of Cisco IDS signature parameters?
(Choose all that apply.)
A. The Sub-signature parameter
B. The Local parameter
C. The Protected parameter
D. The Master parameter
E. The Required parameter
Answer: C E
Explanation:
Engine parameters have the following attributes:
1) Protected – If a parameter is protected, you cannot change if for the default signatures.
You can modify it for custom signatures.
2) Required – If a parameter is required, you must define it for all signatures, both default
signatures and custom signatures.
Reference: CCSP Self-study: CSIDS Second Edition, page 438
QUESTION 23:
SIMULATION
You are the network security administrator at Certkiller .com in charge of the IPS
sensors for a travel agency. Your sensors are currently deployed in promiscuous
mode, but you have upgraded to IPS software 5.0 and now want to deploy in inline
mode. You decide to return all signatures to heir default settings and re-tune them
to maximize the benefits of your new topology. After tuning the signatures, you back
up your configuration.
On the morning of May 12, 2005, your new assistant informs you that the network
appears to have been under attack since you left your office at 6:00 pm the previous
evening. Your assistant has tuned several signatures on the company IPS 4235
sensor in an effort to mitigate the attacks. From the assistant description of the
tuning he performed, you feel sure the IPS 4235 sensor will be less, rather than
more, effective in protecting your network. You decide to investigate the situation.
Your tasks are as follow:
Display all high-severity alerts that have been generated by the sensor since 6:00 pm
May 11, 2005.
Verify that the only events displayed are high-severity alerts and their time-stamps
are at or after 6:00 pm May 11, 2005.
Examine the tuned signature settings.
Restore the default settings to all signatures without affecting other sensor settings.
Verify that the signature settings were returned to the defaults. (While doing so, you
discover that your assistant modified your allowed hosts list as well as tuning some
signatures.)
Overwrite the current configuration with your backup configuration.
Display the sensor configuration again to verify the changes made by restoring from

backup.
Sensor administrator username/password: Certkiller / Certkiller 987
Answer:
Show only high events from May 11, 2005 from 6pm:
- “show events alert high 18:00 may 11 2005″
- “show config”
Reset signatures back to defaults:
- default service signature-definition sig0 (or name of signatures)
- verify with “show config”
Overwrite the current configuration with your backup config:
- “copy backup-config current-config”

Testinside cisco CCSP 642-532 Questions and Answers : 63 Q&As
Updated: October 1st , 2008
Price: $129.99 $89.99

Free download：pass4sure CCSP 642-532
Free download：testking CCSP 642-532
password : www.ciscoexams.org