Welcome to download the newest Dumpsoon C_TADM51_731 VCE dumps: http://www.dumpsoon.com/MB2-703.html

Your worries about Cisco 642-531 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the exam.All the exam questions and answers is the latest and covering each and every aspect of  Cisco 642-531 exam.It 100% ensure you pass the Cisco 642-531 exam without any doubt.

QUESTION 50
Which VLAN ACL sends only ftp traffic to a Cisco IDS Sensor connected to a Catalyst 6500 switch?
A. set security acl ip FTP_ACL permit udp any any eq 21
B. set security acl ipx FTP_ACL permit ip any any capture
C. set security acl ipx FTP_ACL permit tcp any any eq 21
D. set security acl ip FTP_ACL permit tcp any any eq 21 capture
E. set security acl ip FTP_ACL permit ip any any capture
F. set security acl ip FTP_ACL permit icmp any any eq 21

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
To create a VACL, you need to use the set security acl ip switch command. The syntax for capturing TCP
traffic between a source IP address and a destination IP address is as follows:
set security acl ip acl_name permit tcp src_ip_spec dest_ip_spec port capture

Reference:
Cisco Secure Intrusion Detection System (Ciscopress) page 505 Cisco Secure Intrusion Detection System
4 chap 5 page 33

QUESTION 51
A company has installed an IDSM into a Catalyst 6509 switch in slot 9. The network security architect has
designed a solution that requires the IDSM monitor traffic only from VLAN 199.
Which Catalyst OS commands are used to achieve this configuration?

A. set trunk 9/2 199
B. clear trunk 9/2 199
C. clear trunk 9/2 1-1024
D. clear trunk 9/1 1-1024
E. set trunk 9/1 199
F. clear trunk 9/1 199

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Reference: Cisco Catalyst 5000 Series Switches – Switch and ROM Monitor Commands.Release 6.2 Note: In the new course we think the answer would be this Router(config)#interface vlan <vlan_number> – creates or access the vlan interface specified Router(config)# interface vlan 401 Router(config-if)mlp ip ids <acl_name> – applies an IP acl to the vlan interface The mpl ip ids command is used to apply an extended ip access list to the vlan interface -Cisco Secure Intrusion Detection System 4 chap 5 page 48
QUESTION 52
What must be done when upgrading Cisco IDS appliance models IDS-4235 or IDS-4250 from Cisco IDS v3.x?
A. swap the command and control and monitoring interfaces
B. install the spare hard-disk derive
C. BIOS upgrade
D. No special considerations are required
E. Memory upgrade

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Page 7-16 CIDS Courseware v4.0
QUESTION 53
You are using multiple monitoring interfaces on a Sensor appliance running software version 4.1. Which four statements are true? Choose four.
A. You can have simultaneous protection of multiple network subnets, which is like having multiple Sensors in a single appliance.
B. You can use different configurations for each monitoring interface.
C. You must enable the monitoring interfaces in order fro the Sensor to monitor your networks.
D. You can enable an interface only if the interface belongs to an interface group.
E. Two interface groups, Group 0 and Group 1, are supported.
F. Multiple monitoring Interfaces can be assigned to Group 0 at any given time.

Correct Answer: ABCF Section: (none) Explanation
Explanation/Reference:
Page 9-13, 9-14 CIDS Courseware v4.0
QUESTION 54
Which sensor appliance does not support the connection of a keyboard and mouse for management?
A. 4235
B. 4250
C. 4215
D. 4250XL

Correct Answer: C Section: (none) Explanation
QUESTION 55
On the IDSM-2, which logical port is used as the TCP reset port?
A. 1
B. 2
C. 7
D. 8

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
The IDSM2 uses four logical ports which have the following default designations:
1) Port 1 is used as the TCP reset port.
2) Port 2 is the command and control port.
3) Ports 7 and 8 are monitoring ports. One of these ports can be configured as the SPAN monitor port.

QUESTION 56
Which of the following commands will provide the basic initialization tasks in Cisco IDS?
A. configure terminal
B. sysconfig-sensor
C. set
D. setup
E. initialize
F. session

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Page 8-8 CSIDS Courseware under IDSM2 and Switch Configuration Tasks
-Initialize the IDSM2. This includes completing the basic configuration via the setup command.
QUESTION 57
Which command will you advice the new Certkiller trainee technician to issue in order to initiate the IDSM2 system configuration dialog?
A. sysconfig-sensor
B. setup
C. configure terminal
D. session
E. initialize

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Page 8-12 CSIDS Courseware under IDSM2 Initialization Tasks
-Execute the setup command to enter the configuration dialog
-Run the setup command and respond to its interactive prompts to complete the initial configuration
QUESTION 58
A company has purchased a Cisco IDS solution that includes IDS modules.
The switch group had decided not to provide the security department interactive access to the switch.
What IDSM feature should be configured to provide the security department access to the IDSM command
line?

A. AAA
B. TFTP
C. HTTP
D. Telnet
E. HTTPS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The Catalyst 6000 family switch can be accessed either through a console management session or
through telnet. Some switches might even support ssh access. After an interactive session is established
with the switch, you must session into the ISDM line card. This is the only way to gain command-line
access to the ISDM.

Reference:
Cisco Secure Intrusion Detection System (Ciscopress) page 499

QUESTION 59
Which user account is used to log into the IDSM?
A. Root
B. Administrator
C. Netranger
D. Ciscoidsm
E. Ciscoids

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: The default user login user name for the Cisco IDS Module is Ciscoids, and the default password is attack. Reference: Cisco Secure Intrusion Detection System (Ciscopress) page 680 Note: This was correct in the older course however it is not right according to 4 but the answers given don’t match what is listed in the course manual. “Log in to the IDSM2 using the default username CISCO and the Password CISCO” – Cisco Secure Intrusion Detection System 4 chap 8 page 12 “The sensor allows you to create multiple local user accounts. The default username and password is cisco. You are required to change the default password the first time you log on.” – Cisco Secure Intrusion Detection System 4 chap 7 page 24
QUESTION 60
The new Certkiller trainee technician wants to know what will happen when the Sensor alarm reaches the 4GB storage limit. What would your reply be?
A. Alarms will not be written anymore
B. Alarms will be overwritten by new alarms
C. Alarms will be sent to offline event storage
D. Alarm storage size will increase dynamically

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
All events are stored in the Sensor eventStore. Events remain in the eventStore until they are overwritten
by newer events. It takes 4 GB of newer events to overwrite an existing event.
Events can be retrieved through the Sensor’s web server via RDEP communications. Management
applications such as IEV and the Security Monitor use RDEP to retrieve events from the Sensor.
Cisco Courseware 9-37

QUESTION 61
Network topology exhibit/simulation

Sensor output exhibit: ***MISSING*** Note: Use the sensors command line interface to obtain information
so that you can answer the question.
You are NOT expected to do any configuration.
Which of the following states would be displayed if the Sensor has established a connection to the router?

A. “State = Connected” in the Network Access Controller service’s configuration mode.
B. “State = Connected” in the Network Access Controller’s statistics.
C. “State = Active” in the Network Access Controller service’s configuration mode.
D. “State = Active” in the Network Access Controller’s statistics

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
No exact answer is provided in the course, but in the simulation look up the statistics, and you’ll find the State=Active Command: show statistics NetworkAccess Cisco Courseware 9-40
QUESTION 62
Network topology exhibit/simulation

Sensor output exhibit: ***MISSING*** View the signature’s settings.
The signature is not configured to perform blocking.
Note: Use the sensors command line interface to obtain information so that you can answer the question.
You are NOT expected to do any configuration.
Why isn’t blocking working?

A. Blocking is not enabled on the Sensor.
B. The signature is not configured for blocking.
C. The router does not exist in the Sensor’s known hosts table.
D. The signature is not firing.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Network topology exhibit/simulation

Sensor output exhibit: ***MISSING*** The user name is Jag.
Note: Use the sensors command line interface to obtain information so that you can answer the question.
You are NOT expected to do any configuration.
What is the username the Sensor will use to log in to the router?

A. Admin
B. Certkiller
C. Lin
D. Cisco
E. Jag

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Network topology exhibit/simulation

Sensor output exhibit: ***MISSING*** No ACL is configured.
Note: Use the sensors command line interface to obtain information so that you can answer the question.
You are NOT expected to do any configuration.
What pre-block ACLs are specified?

A. None
B. PreBlockACL
C. BlockingACL
D. RouterACL

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Exhibit: Given the output of the idsstatus Sensor command. What function is the Sensor performing? (Choose two)

A. Not logging alarms, commands, and errors.
B. Performing IP blocking.
C. Not capturing network traffic.
D. Logging alarms, commands, and errors.
E. Not performing IP blocking.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
Postofficed The postofficed daemon serves as the communication vehicle for the entire Cisco IDS product
Sapd – The sapd daemon is a user-configurable scheduler that controls database loading and archival of
old event and IP session logs.
Managed – The managed daemon is responsible for managing and monitoring network devices (routers
and packet filters). For example, when packetd identifies that a certain type of attack should be shunned, it
sends a shun command to managed via the post office facility.
Loggered The loggerd daemon writes out sensor and error data to flat files generated by one or more of
the other daemons.
fileXferd The fileXferd daemon is used for file transfer between Sensors and Directors. It is used to
transport configuration files between Directors and Sensors.
Packetd – The packetd daemon interprets and responds to all of the events it detects on the monitored
subnet.

Reference:
Cisco Secure IDS Internal Architecture

QUESTION 66
Exhibit:

Given the output of the idsstatus Sensor command, what function is the Sensor performing?
A. Capturing network traffic.
B. Not performing IP blocking.
C. Not logging alarms, errors, and commands.
D. Generating e-mails for alarms.
E. Not capturing network traffic.
F. Loading alarms into a user database.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Postofficed The postofficed daemon serves as the communication vehicle for the entire Cisco IDS product
Sapd – The sapd daemon is a user-configurable scheduler that controls database loading and archival of
old event and IP session logs.
Managed – The managed daemon is responsible for managing and monitoring network devices (routers
and packet filters). For example, when packetd identifies that a certain type of attack should be shunned, it
sends a shun command to managed via the post office facility.
Loggered The loggerd daemon writes out sensor and error data to flat files generated by one or more of
the other daemons.
fileXferd The fileXferd daemon is used for file transfer between Sensors and Directors. It is used to
transport configuration files between Directors and Sensors.
Packetd – The packetd daemon interprets and responds to all of the events it detects on the monitored
subnet.

Reference:
Cisco Secure IDS Internal Architecture

QUESTION 67
Which of the following files is generated as a consequence of Sensor installation and provides information such as model and interface capabilities?
A. AE-Boot
B. BaseConfig
C. Boot.info
D. VS-Config

Correct Answer: C Section: (none) Explanation
QUESTION 68
Which versions of Cisco IDS software are available on the NM-CIDS?
A. 3.1 and above.
B. 4.1 and above
C. 4.0 and above
D. 2.0 and above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 69
Which Cisco IDS software is included with a Sensor appliance?
A. Cisco Secure Policy Manager
B. IDS Management Center
C. Intrusion Detection Director
D. IDS Event Viewer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The IDS Event Viewer is a Java-based application that enables you to view and manage alarms for up to three sensors. With the IDS Event Viewer you can connect to and view alarms in real time or in imported log files. You can configure filters and views to help you manage the alarms. You can also import and export event data for further analysis. The IDS Event Viewer also provides access to the Network Security Database (NSDB) for signature descriptions.
Reference: Cisco Intrusion Detection System Event Viewer Version 3.1 IDS Event Viewer (IEV) . IEV is software application provided with your sensor that enables you to analyze the alarm traffic up to 5 network sensors
QUESTION 70
Which of the following represents the recommended procedure when upgrading a Cisco IDS appliance which is prior to version 4.x?
A. Install the image from the IDS Management Center.
B. Install the image from the network connection.
C. Install the image from the recovery or upgrade CD.
D. Install the image from the BIOS boot diskette.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Page 7-17 CSIDS Courseware under Software Installation Overview To upgrade an IDS appliance from IDS software version 3.x to version 4.0, you must install the new 4.0 image from the 4.0(1) Upgrade/ RecoveryCD
QUESTION 71
What Cisco IDS software is included with a Sensor appliance? (Choose two)
A. IDS Management Center
B. IDS Device Manager
C. Intrusion Detection Director
D. Cisco Secure Policy Manager
E. IDS Event Viewer

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IDS Device Manager and IDS Event Viewer, both delivered through Cisco IDS software version
3.1, are part of Cisco’s multi-tiered management strategy addressing the administrative needs of e-
business security. The IDS Device Manager enables easy, remote IDS sensor configuration with a high
degree of customization, minimizing the occurrence of false positives. The event monitoring capabilities
delivered via the IDS Event Viewer let customers collect, correlate, and analyze event data for rapid
detection and response to unauthorized network activity.

Reference:
Cisco Addresses Intrusion Protection with new IDS Solutions

QUESTION 72
Which of the following protocols is used by the IDS MC Sensors to securely manage an IDS Sensor?
A. SSL
B. SSH
C. RDEP
D. HTTP
E. PostOffice

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Importing Communication Settings from postoffice Sensors With postoffice-based
CiscoIntrusionDetectionSystem Sensors (sensors running sensor software version 3.x) you can discover
postoffice settings directly from the device. This is accomplished using a Secure Shell (SSH) session.
SSH is a protocol for secure remote login and other secure network services over an insecure network.

Reference:
Cisco Courseware 6-8

QUESTION 73
Which of the following management access methods are enabled by default on the Sensor in a Cisco IDS appliance? (Choose two.)
A. Telnet
B. SSH
C. https
D. IPSec
E. Postoffice

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Following are the methods used to gain management access to a Sensor:
-Console port
-Monitor and Keyboard
-Telnet (Disabled by default)
-SSH (Enabled by default)
-HTTPS (Enabled by default) Cisco Courseware 7-22, 7-23
QUESTION 74
Which user account role must you specifically create in order to allow special root access for troubleshooting purposes only on a Cisco IDS Sensor?
A. operator
B. viewer
C. service
D. administrator
E. client

Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explanation:
The service account is a special account that allows TAC to log into a native, operating system shell rather
than a CLI shell. The purpose of the servise account is not to support configuration but not to support
troubleshooting. By default, the servise account does not exist on a Sensor; you must create it, and you
should create it for TAC to use during troubleshooting. Root access to the Sensor is only possible if you log
into the service account and su to the root account.

Reference:
Cisco Student Guide v4.0 p.6-13

QUESTION 75
Which management access methods require that an IP address be assigned to a Cisco IDS Sensor? (Choose three)
A. IDS Device Manager
B. IDS Event Viewer
C. Remote Shell
D. Secure Shell
E. Telnet
F. Trivial File Transfer Protocol

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
Enter or delete the IP addresses of hosts and networks that can access the sensor via Telnet, FTP, SSH,
and scp.

Reference:
Cisco Intrusion Detection System Sensor Getting Started Version 3.1

QUESTION 76
A company policy states that IDS Sensors can be managed only by authorized management workstations.
The management workstations exist on the 192.168.21.0/24 network.
Which address must the network security administrator add to the Cisco IDS Sensor’s network access
control list?

A. 192.168.21.
B. 192.168.21
C. 192.168.
D. 192.168
E. 192.168.21.0.
F. 192.168.21.0

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation: I am not sure the difference between E and F except for an extra dot (which is wrong) Actually the original answer is A 192.168.21. which is wrong as far as version 4 of the course manual is concerned. I think this answer was wrong. Acls you must put all aspects of the 4 octets in. I think the correct was the
192.168.21.0 the original had 192.168.21. – nothing in the fourth octet Sensor#config t Sensor(config)# service host Sensor(config-Host)#netwrokParams Sensor(config-Host-net) accesslist ipAddress 10.0.2.0 netmask 255.255.255.0 – adds an entire network to the access list. Cisco Secure Intrusion Detection System 4 chap 13 page 41
QUESTION 77
What methods can be used to access the IDSM command line? (Choose two)
A. Telnet
B. Monitor and keyboard
C. IDS Device Manager
D. IDS Event Viewer
E. Session command
F. IDS Management Center

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Catalyst 6000 family switch can be accessed either through a console management session or
through telnet.

Reference:
Cisco Secure Intrusion Detection System (Ciscopress) page 498

QUESTION 78
Which command would you will you advice the new Certkiller trainee technician to use in order to view the initial configuration parameters on the IDSM2?
A. show capture
B. setup
C. show running-config
D. session

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
IDS course 4.0 page 8-8 Initialize the IDSM2 this includes completing the basic configuration via the setup
command.
Note:
After you enter the setup command the default settings are displayed.
(Press spacebar to continue the setup).
Cisco Courseware 7-26

QUESTION 79
The new Certkiller trainee technician wants to know which of the following is one task that can be performed while in the interface sensing configuration mode from the Sensor CLI. What would your reply be?
A. add a sensing interface to the group
B. configure the interface’s IP information0
C. disable the sensing interface
D. configure alarm setting
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
Explanation:
The interface sensing configuration mode is a third level of the CLI. It enables you to enable or disable the
sensing interface.
Command: shutdown Cisco Courseware 9-14

QUESTION 80
Which of the following qualifies to be a second level CLI mode in Cisco IDS?
A. privileged exec
B. service
C. global configuration
D. tune micro engines
E. all of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Page 9-11 CSISD Courseware under Global Configuration Mode
-Global configuration mode is the second level of the CLI
QUESTION 81
Which CLI mode allows for configuration of a Cisco IDS Sensor’s interface IP information?
A. global configuration
B. Interface command-control
C. interface group
D. privileged exec

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
sensor1(config)#:interface command-control sensor1(config)#:? ip … Configure IP information for the interface Cisco Courseware 9-12
QUESTION 82
Which access method supports configuration and troubleshooting?
A. IDS event Viewer
B. Cisco ConfigMaker
C. Command Line Interface
D. Syslog

Correct Answer: C Section: (none) Explanation
QUESTION 83
What type of user account would you need to be able to be allowed to perform all Sensor operations on a Cisco IDS Sensor?
A. Viewer
B. Service
C. Operator
D. Administrator

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
User Roles The CLI for IDS version 4.0 supports three user roles: Administrator, Operator, and Viewer.
The privilege

1.
Administrators-This user role has the highest level of privileges. Administrators have unrestricted view access and can perform the following functions:

2.
1. Add users and assign passwords.
2.
Enable and disable control of physical interfaces and interface groups.

3.
Assign physical sensing interfaces to interface groups.

4.
Modify the list of hosts allowed to connect to the sensor as configuring or viewing agents.

5.
Modify sensor address configuration.

6.
Tune signatures.

7.
Assign virtual sensor configuration to interface groups.

8.
Manage routers.
* Operators-This user role has the second highest level of privileges. Operators have unrestricted view access and can perform the following functions:
o Modify their passwords.

o Tune signatures.

o Manage routers.
* Viewers-This user role has the lowest level of privileges. Viewers can view configuration and event data and can perform the following function:
1. Modify their passwords.
Reference:
Cisco Courseware 9-23

Flydumps.com Cisco 642-531 material details are researched and created by the most professional certified authors who are regularly using current exams experience to create precise and logical dumps. You can get Cisco 642-531 questions and answers from many other websites or books, but logic is the main key of success. And Flydumps.com will give you this key of success.

Dumpsoon C_TADM51_731 dumps with PDF + Premium VCE + VCE Simulator: http://www.dumpsoon.com/C_TADM51_731.html