JN0-541 Online Practice Questions and Answers

You want Enterprise Security Profiler (ESP) to capture layer 7 data of packets traversing the network. Which two steps must you perform? (Choose two.)

A. Configure ESP to enable application profiling, and select the contexts to profile.

B. Under the Violation Viewer tab, create a permitted object, select that object, and then click Apply.

C. Start or restart the profiler process.

D. Create a filter in the ESP to show only tracked hosts.

You implement Traffic Anomaly detection and you find numerous alerts of port scans from your security auditing team that you want to ignore. You create an address book entry for the security audit team specifying the IP addresses of those machines. What should you do next?

A. Create a rule at the top of the Traffic Anomaly rule base to ignore traffic from security audit team, and make this a terminal rule.

B. Create a rule at the top of the Traffic Anomalyrulebase to ignore traffic from security audit team.

C. Create a rule at the top of the IDPrulebase to ignore traffic from security audit team, and make this a terminal rule.

D. Create an exempt rule for the security audit team in the Exemptrulebase to ignore Traffic Anomalies.

In which three situations would you create a compound attack object? (Choose three.)

A. When the pattern "@@@@@@@@" and context "ftp-get-filename" completely define the attack.

B. When attack objects must occur in a particular order.

C. When one of the attack objects is a protocol anomaly.

D. When the pattern needs to be defined using a stream 256 context.

E. You have at least two attack objects that define a single attack.

Which interface does IDP use to communicate with Security Manager?

A. eth0

B. console port

C. eth1

D. HA port

Which layers of the OSI Model does IDP look into when inspecting a packet?

A. Layers 2-7

B. Layers 3-7

C. Layer 7 only

D. Layers 2-4 only

Which method of detection does IDP Sensor use to detect attacks against a fake system on the network?

A. NetworkHoneypot

B. Spoofing Detection

C. Stateful Signatures

D. Backdoor Detection

Which method of detection does IDP Sensor use to detect rootkits or Trojans present on internal systems?

A. Protocol Anomaly

B. NetworkHoneypot

C. Stateful Signatures

D. Backdoor Detection

Which command verifies the IDP Management Server process?

A. service MgtSvr status

B. server mgtSvr status

C. servicemgtServer status

D. service management status

Which three functions can the IDP Sensor perform? (Choose three.)

A. performs attack detection and prevention

B. forwards logs and status messages to the IDP Management Server

C. collects and presents logs to the IDP User Interface

D. store logs locally when the IDP Management Server is unreachable

Which command is used to verify the license installed on the IDP Sensor?

A. scio lic list

B. sctop lic list

C. sctop -l

D. get license