Testinside|CCNA,CCNP,CCIE,MCSE,MCSA,CISCO,cissp,ibm,hp,oracle

Securing Hosts Using Cisco Security Agent Exam (HIPS) : 642-513 Exam

Exam Number/Code: 642-513
Exam Name:Securing Hosts Using Cisco Security Agent Exam (HIPS)

“Securing Hosts Using Cisco Security Agent Exam (HIPS)”, also known as 642-513 exam, is a Cisco certification.
Preparing for the 642-513 exam? Searching 642-513 Test Questions, 642-513 Practice Exam, 642-513 Dumps?

Free 642-513 Demo Download
TestInside offers free demo for 642-513 exam ( Securing Hosts Using Cisco Security Agent Exam (HIPS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

642-513 HIPS
Securing Hosts Using Cisco Security Agent Exam

Exam Number: 642-513
Associated Certifications: CCSP
Duration: 75 minutes (65-75 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Hosts Using Cisco Security Agent exam 642-513 HIPS is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the HIPS v3.0 course. This exam tests a candidate’s knowledge and ability to describe, configure, and verify the Cisco Security Agent product.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe and deploy the CSA and CSA MC products
Explain the concept of network defense in depth
Describe Cisco Security Agent architecture
Describe the life cycle of an attack
Explain how Cisco Security Agent protects against attacks
Identify the CSA MC and CSA system requirements
Identify the administration workstation requirements
Install the CSA MC
Configure basic settings on the CSA MC
Install the CSA using a default group

Use CSA MC to configure groups, manage hosts, and build policies
Describe various components of the menu bar and its function in the CSA MC interface
Create, save, and delete data on the CSA MC
Create groups to ease host management and security policy deployment
Build Agent kits for the newly created groups
View host status and modify host configuration
Distribute software updates to hosts
Discuss components of a policy
Configure policies and rule modules

Use CSA MC to configure rules
Describe the basics of rule construction and functionality
Configure rules common to Windows and UNIX systems
Configure Windows-Only rules
Configure UNIX-Only rules
Describe the individual rules you can add to your policies that allow CSA MC to categorize processes and correlate events across multiple systems
Describe and configure the system API Control Rule
Describe and configure the Network Shield Rule
Describe and configure the Buffer Overflow Control Rule
Describe and configure the Email Worm Protection Rule module
Describe and configure the Installation Applications Policy
Describe and configure Global Event Correlation

Define application classes and work with variables
Explain the use of application classes in creating security policies
Discuss the preconfigured application classes included in the CS AMC
Configure a static application class
Create a dynamic application class and an application-builder rule
Discuss how events sets are used to ease administration of security policies
Configure data, file and network address sets
Create registry, COM component and network services sets
Use the COM extraction utility to gather PROGIDs and CLSIDs for the software installed on a system
Configure Query Settings variables to be used with Query rules

Use CSA Analysis and define and generate reports
Understand and configure application deployment investigation
Understand and configure product associations for application deployment investigation
Configure and run application deployment reports
Understand and configure application behavior investigation
Understand and use behavior analysis reports
Import and use behavior analysis rule modules
Explain the features of the Event Log and Event Monitor
Configure filtering of events for logging, reports, and alerts
Create event-based alerts
Generate reports on events selected by sorting criteria

QUESTION 27:
Which definitions can be used to allow consistent configuration of policies across
multiple systems and can also be used for event reporting purposes?
A. Hosts
B. Software updates
C. Agents kits
D. Registration control
E. Groups
Answer: E
Explanation:
Host groups reduce the administrative burden of managing a large number of agents.
Grouping hosts together also lets you apply the same policy to a number of hosts. A
group is the only element required to build agent kits. Grouping individual host systems
together provides the following advantages:
It lets you consistently apply the same set of policies across multiple host systems.
It lets you apply Alert mechanisms and Event Set parameters based on group
configurations.
It lets you use Test Mode to try out policies on groups of hosts before you actively
enforce those policies.
You can group hosts together based on any criteria that best fits your enterprise. For
example:
Group hosts according to system function, such as web servers. Then you would create a
policy that corresponds specifically to the needs of your web servers and distribute it to
that group.
Group hosts according to business groups, such as finance, operations, and marketing.
Distribute policies based on each business group’s individual needs.
Group hosts according to geographical or topological location. For example, group hosts
based on their subnet designation for reporting purposes.
Group hosts according to their importance to your organization. Place mission-critical
systems into a common group to apply critical alert level configurations to them.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00804
2
QUESTION 28:
The Certkiller network utilizes hosts with a variety of operating systems. Which
three systems with specific operating systems are automatically placed into
mandatory groups containing rules for that operating system? (Choose three)
A. OS2
B. HPUX
C. Solaris
D. Mac OS
E. Linux
F. Windows
Answer: C, E, F
Explanation:
CSA MC provides three auto-enrollment architectural groups (Windows, Solaris, Linux)
that are mandatory for all hosts of a given OS architecture. By providing group
auto-enrollment for hosts, any policies you attach to these groups also become mandatory
by association. You might want to use these mandatory groups to apply policies which
prevent some critical service from being inadvertently banned. For example, you could
attach policies to prevent DNS or DHCP from being disabled by an overly restrictive
rule.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00805
a
QUESTION 29:
The Certkiller CSA administrator has just added some of the Certkiller hosts into a
group. What is a benefit of putting hosts into groups?
A. There is no need to configure rules
B. There is no need to configure rule modules
C. The administrator can deploy rules in test mode
D. The administrator does not have to deploy rules in test mode
E. None of the above
Answer: C

Testinside CCSP 642-513 Questions and Answers : 99 Q&As
Updated: October 3rd , 2008
Price: $129.99 $89.99

Free download?pass4sure CCSP 642-513
Free download?testking CCSP 642-513

Type	Exam Bible	New Questions & Answers	Latest Updated	Download link
	All Testinside's Exam Pack	698	1 days ago	Available