that exploit a number of different vulnerabilities and can trigger several different signatures?
Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms, that exploit a number of different vulnerabilities and can trigger several different signatures?
What is not the role of the Cisco IPS Sensor interface.
You are in charge of Securing Networks with Cisco Routers and Switches for your company .What is not the role of the Cisco IPS Sensor interface.
hich command can be used to retrieve Cisco Product Evolution Program (PEP)
Which command can be used to retrieve Cisco Product Evolution Program (PEP) unique device identifier (UDI) information to help you manage certified hardware versions within your network?
Please match the inline and inline VLAN pair descriptions to the proper categories.
Please match the inline and inline VLAN pair descriptions to the proper categories.
(l) also known as inline on a stick
(2) IPS appliance is installed between two network devices (3) Two monitoring interfaces are configured as a pair (4) IPS appliance bridges traffic between pairs of VLAN (I) Inline Interface Pair
(Il) Inline VLAN Pair
HOTSPOT
HOTSPOT
Hotspot
that exploit a number of different vulnerabilities and can trigger several different signatures?
Which Cisco IPS Sensor feature correlates events for more accurate detection of attacks, such as worms, that exploit a number of different vulnerabilities and can trigger several different signatures?
LAB
LAB
“Pass Any Exam. Any Time.” – www. 26
Cisco 642-533: Practice Exam
Explanation:
1. Choose Configuraton->Policies->Event Action Rules->rulesO->Event Action Overrides
2. Check Use Event Action Override box
“Pass Any Exam. Any Time.” – www. 27
Cisco 642-533: Practice Exam
3. Choose Target Value Rating
4. Delete whatever is there – since you cannot edit, only add and delete
5. Add: there choose Mission Critical, range of IP addresses 172.16.1.3-172.16.1.4
6. Click OK, then Apply
7. Go to Event Action tab
8. Delete whatever is there (Deny Packet Inline for RR >=90)
9. Add Deny Packet Inline for the range of 80 to 100 (Minimum and Maximum fields). Enabled and Active should be true.
10. OK and Apply
11. Now go to rules0-> Event Action Filters and Add new one
12. Enter filter name – for example, PermitMS
13. Change Attacker Address field to 10.0.1.12
14. Change attacked destionation adresses to 172.16.1.3-172.16.1.4
15. Choose Deny Packet Inline from the actions to substract
16. OK and Apply
DRAG DROP
DRAG DROP
Drop
“Pass Any Exam. Any Time.” – www. 20
Cisco 642-533: Practice Exam
LAB
LAB
Explanation:
configure terminal
default service signature-definition sigO
end
copy current-config backup-config
show events status 07:00 May 23 2007
exit
DRAG DROP
DRAG DROP
Drop
