IBM Security Network Intrusion Prevention System V4.3 Implementation (C2150-561) Free Practice Test

Question 1

Which area of the IBM Protocol Analysis Module technology prevents Skype from using enterprise network bandwidth?

A. Application Control

B. Threat Detection and Prevention

C. Client-side Application Protection

D. Data Security

Correct Answer: A

Question 2

What are two purposes for the Quarantine Rules in the Response Tuning page in the Local Management Interface? (Choose two.)

A. review rules generated in response to intruder events

B. set network configuration options

C. define how the appliance should send notifications when it detects an intrusion in the network

D. temporarily disable a quarantine rule

E. add new quarantine rules

Correct Answer: A,E

Question 3

A system backup is recommended before which action?

A. changes to network configuration

B. updates to security content

C. configuring security events

D. updates to firmware

Correct Answer: D

Question 4

Which interface mode is required in order for quarantine response rules to work?

A. Bypass Mode

B. Inline Simulation Mode

C. Passive Monitoring Mode

D. Inline Protection Mode

Correct Answer: D

Question 5

How does single-click blocking work?

A. It enables the Block Response for the reported event. The appliance blocks all traffic to and from the IP address until the Block Response is disabled.

B. It enables the Quarantine Response for the reported event. The appliance blocks all traffic to and from that IP address until the Quarantine Response is disabled.

C. It adds a rule to the Quarantine Rules page to block the source IP address reported in the event. The appliance blocks all traffic to and from that IP address for the time specified in the rule.

D. It adds a rule to the Firewall Rules page to block the source IP address reported in the event. The appliance blocks all traffic to and from that IP address until the firewall rule is disabled.

Correct Answer: C

Question 6

Where are security updates installed through the Local Management Interface?

A. Secure tab, select Manage Updates page

B. Secure tab, select Security Events

C. Manage tab, select Updates and Licensing Administration page

D. Manage tab, select Update Settings

Correct Answer: C

Question 7

What is the best Attack Prevention Method that identifies and stops malicious code based on behavior rather than matching a particular attack signature or pattern?

A. TCP Reassembly

B. Content Analysis

C. Shellcode Heuristics

D. Flow Assembly

Correct Answer: C

Question 8

Which three IBM Security Network Intrusion Prevention System models require a network bypass unit to support a Fail Open state? (Choose three.)

A. GX5204

B. GX7800

C. GX4004-V2-200

D. GX6116

E. GX5208-V2

F. GX4004-V2

Correct Answer: B,D,E

Question 9

Which method restores an IBM Security Network Intrusion Prevention System V4.3 appliance to the factory defaults?

A. connect to the appliance remotely via SSH, log in as root, and in the command line type restore Factory_default_configuration -i -u

B. connect to the appliance locally via a Web browser, log in as admin, and from the Local Management Interface (LMI) select the Configuration link on the left menu > Restore to Factory Default (unconfigured)

C. connect to the appliance remotely via SSH, log in as admin, and from the Configuration menu select Appliance Management > Restore to Factory Default (unconfigured)

D. from the LCD panel located in the front of the appliance, select Menu > Configuration > Restore to Factory Default (unconfigured)

Correct Answer: C

Question 10

An administrator wants to inspect e-mail traffic on a specific protection domain that is being sent to a specific e-mail address. Which policy meets this requirement?

A. Security Events

B. Connection Events

C. User Defined Events

D. Firewall Rules

Correct Answer: C

Welcome to TestSimulate

IBM Security Network Intrusion Prevention System V4.3 Implementation (C2150-561) Free Practice Test