Securing Hosts Using Cisco Security Agent Exam (HIPS) : 642-513 Exam
642-513 HIPS
Securing Hosts Using Cisco Security Agent Exam
Exam Number: 642-513
Associated Certifications: CCSP
Duration: 75 minutes (65-75 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v3.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.
Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe and deploy the CSA and CSA MC products
Explain the concept of network defense in depth
Describe Cisco Security Agent architecture
Describe the life cycle of an attack
Explain how Cisco Security Agent protects against attacks
Identify the CSA MC and CSA system requirements
Identify the administration workstation requirements
Install the CSA MC
Configure basic settings on the CSA MC
Install the CSA using a default group
Use CSA MC to configure groups, manage hosts, and build policies
Describe various components of the menu bar and its function in the CSA MC interface
Create, save, and delete data on the CSA MC
Create groups to ease host management and security policy deployment
Build Agent kits for the newly created groups
View host status and modify host configuration
Distribute software updates to hosts
Discuss components of a policy
Configure policies and rule modules
Use CSA MC to configure rules
Describe the basics of rule construction and functionality
Configure rules common to Windows and UNIX systems
Configure Windows-Only rules
Configure UNIX-Only rules
Describe the individual rules you can add to your policies that allow CSA MC to categorize processes and correlate events across multiple systems
Describe and configure the system API Control Rule
Describe and configure the Network Shield Rule
Describe and configure the Buffer Overflow Control Rule
Describe and configure the Email Worm Protection Rule module
Describe and configure the Installation Applications Policy
Describe and configure Global Event Correlation
Define application classes and work with variables
Explain the use of application classes in creating security policies
Discuss the preconfigured application classes included in the CS AMC
Configure a static application class
Create a dynamic application class and an application-builder rule
Discuss how events sets are used to ease administration of security policies
Configure data, file and network address sets
Create registry, COM component and network services sets
Use the COM extraction utility to gather PROGIDs and CLSIDs for the software installed on a system
Configure Query Settings variables to be used with Query rules
Use CSA Analysis and define and generate reports
Understand and configure application deployment investigation
Understand and configure product associations for application deployment investigation
Configure and run application deployment reports
Understand and configure application behavior investigation
Understand and use behavior analysis reports
Import and use behavior analysis rule modules
Explain the features of the Event Log and Event Monitor
Configure filtering of events for logging, reports, and alerts
Create event-based alerts
Generate reports on events selected by sorting criteria
Exam Number: 642-513
Exam Name:Securing Hosts Using Cisco Security Agent Exam (HIPS)
“Securing Hosts Using Cisco Security Agent Exam (HIPS)”, also known as 642-513 exam, is a Cisco certification. With the complete collection of questions and answers, Actualtests has assembled to take you through 99 Q&As to your 642-513 Exam preparation. In the 642-513 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Free Demo DownloadActualtests offers free demo for 642-513 exam (Securing Hosts Using Cisco Security Agent Exam (HIPS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Exam DetailsThe Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v2.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.
QUESTION 11:
DRAG DROP
As a Certkiller student, you are tasked with matchingthe interceptor type with its
definition below:
Answer:
QUESTION 12:
642-513
Actualtests.com – The Power of Knowing
The CSA Management Center is being installed on a Certkiller server. Which
application loads when installing the CSA MC to run the local database?
A. Microsoft Access
B. Microsoft SQL Server Desktop Engine
C. Microsoft SQL Server
D. Oracle
E. None of the above
Answer: B
Explanation:
CSAMC can only be installed after CommonServices is installed, but it can be installed
before or after RME. As part of CSAMC installation you will first install Microsoft SQL
Server Desktop Engine followed by CSAMC.
On a system where CSAMC has not been installed, the setup program first installs
MSDE with Service Pack 3. If the CSA MC installation program detects any other
database type attached to an existing installation of MSDE or a version of MSDE or SQL
Server 2000 that does not have at least Service Pack 3, the installation will abort.
Note: For installation exceeding 500 agents, we recommend that you install Microsoft
SQL Server 2000 instead of using the Microsoft SQL Server Desktop Engine that is
provided with VMS.
Reference:
http://www.cisco.com/en/US/products/sw/cscowork/ps2330/products_installation_guide_chapter09186a00804d
Free Sample :PassGuide-it certification Printable PDF Or software
Download: Actualtest offers free demo for IT certification Exams You can check out the interface, question quality and usability of our IT Simulation exams before you decide to buy it. We are the only one site can offer demo for almost all products
http://demo.passguide.com/download
1
QUESTION 13:
The Cisco Security Agent has been installed on Certkiller hosts running a variety of
operating systems. Which three operating systems are supported for deployment of
CSA? (Choose three)
A. OS2
B. hpUX
C. Linux
D. Solaris
E. AIX
F. Windows
G. Atari
Answer: C, D, F
Explanation:
The Cisco Security Agent is supported on Windows, Linux, and Solaris operating
systems. The tables below list the system requirements for each.
Agent Requirements (Windows)
642-513
Actualtests.com – The Power of Knowing
To run the Cisco Security Agent on your Solaris server systems, the requirements are as
follows:
Agent Requirements (Solaris)
To run the Cisco Security Agent on your Linux systems, the requirements are as follows:
Agent Requirements (Linux)
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_installation_guide_chapter09186a00805ae
b
642-513
Actualtests.com – The Power of Knowing
QUESTION 14:
A Certkiller end user is attempting to install the CSA on their PC. Which type of
privileges must this user have on a host system to install CSA?
A. Superuser
B. Administrator
C. User
D. Viewer
E. Guest
Answer: B
Explanation:
Once you build an agent kit on CSA MC, you deliver the generated URL, via email for
example, to end users so that they can download and install the Cisco Security Agent.
They access the URL to download and then install the kit. This is the recommended
method of agent kit distribution. End users must have administrator privileges on their
systems to install the agent.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00805
a
QUESTION 15:
The Certkiller security administrator uses a dedicated workstation to communicate
with the CSA MC. Which protocol is required for the administrative workstation to
communicate with the CSA MC?
A. SSH
B. Telnet
C. SSL
D. IPSec
E. FTP
F. HTTP
Answer: C
Explanation:
The components that make up the CSA MC are shown in the following diagram:
642-513
Actualtests.com – The Power of Knowing
The web browser, shown on the right in the diagram, represents any web browser on any
system across an enterprise from which administrators can securely access the CSA MC
web-based interface. Communications between the web browser and the web server
occur over SSL, allowing administrators to securely access the database of rule
configurations from any location.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00805
a
QUESTION 16:
The CSA Management Center is being configured and installed in the Testing
network. Which protocol should never be disabled on the CSA MC?
A. SSH
B. Telnet
C. IPSec
D. SSL
E. All of the above
Answer: D
Explanation:
The CSA MC Components are shown below:
642-513
Actualtests.com – The Power of Knowing
The web browser, shown on the right in the diagram, represents any web browser on any
system across an enterprise from which administrators can securely access the CSA MC
web-based interface. Communications between the web browser and the web server
occur over SSL, allowing administrators to securely access the database of rule
configurations from any location. The SSL service should not be disabled, or
communications to the MC will be lost.
The web server provides the means of communication between the web browser and all
other CSA MC system components. The web server displays reporting information,
configuration version data, and event logging data.
QUESTION 17:
The Certkiller security administrator is installing the CSA MC program on a server.
What application is installed on the server after the CSA MC is installed?
A. Cisco Trust Agent
B. ACS
C. SOL
D. CSA
E. Cisco Works
Answer: D
Explanation:
When the CSA MC installation completes, an agent installation automatically begins. It
is recommended that an agent protect the CSA MC system. (You may uninstall the agent
separately if you choose, but this is not the recommended configuration.)
If an agent is already installed on a system to which you are installing CSA MC, that
agent will automatically be upgraded by the CSA MC agent installation.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_installation_guide_chapter09186a00805ae
b
642-513
Actualtests.com – The Power of Knowing
QUESTION 18:
What are the three CSA MC Administrator roles that could be found in the
Certkiller CSA Management Center? (Choose three)
A. Access
B. Configure
C. Deploy
D. View
E. Monitor
F. Administer
G. Root
Answer: B, C, E
Explanation:
Administrators can have different levels of CSA MC database access privileges. The
initial administrator created by the CiscoWorks installation automatically has
configuration privileges.
CiscoWorks/CSA MC Administrator Roles:
Configure-If the CiscoWorks administrator has the Network Administrator or System
Administrator option enabled, this provides full read and write access to the CSA MC
database.
Deploy-If the CiscoWorks administrator has only the Network Operations option
enabled, this provides full read and partial write access to the CSA MC database.
Administrators can manage hosts and groups, attach policies, create kits, schedule
software updates, and perform all monitoring actions.
Monitor-If the CiscoWorks administrator has none of the roles listed in the first two
bullets enabled, this provides administrators with read access to the entire CSA MC
database. Administrators can also create reports, alerts, and event sets.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_installation_guide_chapter09186a00805ae
b
QUESTION 19:
Communications to the CSA MC passes through a firewall in the Certkiller network
and the associated ports need to be allowed through this firewall. Which port is used
to access the CSA MC from the administrative workstation?
A. 21
B. 23
C. 1741
D. 1802
E. 666
642-513
Actualtests.com – The Power of Knowing
Answer: C
Explanation:
Port 1741 is the port for Common Management Foundation (CMF) web serveraccess, and
is used by Cisco Works and the Cisco CSA MC. To access CSA MC from a remote
location, launch a browser application on the remote host and enter the following as the
URL:
http://:1741
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00805
a
QUESTION 20:
What happens if the Agent UI control rule is not present in any active rule modules
within the Certkiller CSA MC?
A. The Agent UI becomes present on the Certkiller system
B. The Agent UI is not present on the Certkiller system
C. The Agent UI is visible on the Certkiller system
D. The Agent UI is not visible on the Certkiller system
Answer: D
Free download:pass4sure CCSP 642-513
Free download?testking CCSP 642-513
Download Free PassGuide Product, Help you pass any it Exams,Click Me
| Actualtests Free Downloads |
|
Type
|
Exam Bible |
NEW Questions & Answers |
Latest Updated
|
Download link |
 |
All Actual-Test 's Exam Pack |
858
|
1 days ago |
Full Download
|
Download Free Latest Actualtests Certification Braindumps
- Free Actualtest Actualtests CCSP 642-533
- Free Actualtest Actualtests CCSP 642-551
- Free Actualtest Actualtests CCSP 642-511
- Free Actualtest Actualtests CCSP 642-523
- Free Actualtest Actualtests CCSP 642-521
- Free Actualtest Actualtests CCSP 642-591
- Free Actualtest Actualtests CCSP 642-522
- Free Actualtest Actualtests CCSP 642-503
- Free Actualtest Actualtests CCSP 642-524
- Free Actualtest Actualtests CCSP 642-515
