What are the two policy types that can use a web reputation profile to perform reputation-based
processing? (Choose two.)

Which three pieces of information are required to implement transparent user identification using
Context Directory Agent? (Choose three.)

Which method does Cisco recommend for collecting streams of data on a sensor that has been
virtualized?

Which configuration mode enables a virtual sensor to monitor the session state for unidirectional
traffic?

Over the period of one day, several Atomic ARP engine alerts fired on the same IP address. You observe
that each time an alert fired, requests on the IP address exceeded replies by the same number. Which
configuration could cause this behavior?

Which type of signature is generated by copying a default signature and modifying its behavior?

Which two conditions must you configure in an event action override to implement a risk rating of 70 or
higher and terminate the connection on the IPS? (Choose two.)

Which two conditions must you configure in an event action rule to match all IPv4 addresses in the
victim range and filter on the complete subsignature range? (Choose two.)

If learning accept mode is set to “auto” and the knowledge base is loaded only when explicitly requested
on the IPS, which statement about the knowledge base is true?

In which way are packets handled when the IPS internal zone is set to “disabled”?