Pass Your Cisco 642-627 Exam Easy!

can some1 help with a link to the 152 new questions please, this dump is no longer valid, took an exam today and fail too badly. only 10 questions were there in the exam.

Latest dumps are out. with 152 questions..

Not one week ago, someon took the exam and pass with not so bad of a score.. And now, this... keep trying for those who was not so lucky, hopefully a new report or dump will be soon availalble... I will postpone my exam till then..

@Miguelonio. On my case similar to Rick, the dump is no longer valid. There's a possibility that we have different set of exam. Your lucky if you take the exam using the same on the dumps otherwise you will fail. It's up to you if you take the risk just like me or wait for the new dumps to come out before taking the exam.

Hello Herson,
¿How many questions in total has the exam you took?
I woul like to take the exam next week, but I don't feel encouraged according to your experience. Can you please give us more details about the exam?
There are people here that have successfully passed the exam using the very same dump, I would like to confirm if this dump is still valid.

Thanks in advance.

Guys, unfortunately I failed the exam today. Rick was right. I have one drag and drop and the lab in # 76 question and the rest of the them including multiple choice didn't came out. I can assess them because I reviewed the dumps everyday for 2 months. We will just wait for the new dumps in 3-4 months to come up before taking the exam.

Hi ,

I took in 21 August 12 from Singapore. I only study the dump .

@Thaw, when did you take the exam? Do you believe that this dump is still valid?

passed with 924 still valid only 10 news questions

@ herson, I dont think, I know now this dump is not valid anymore..

Guys, Does it mean that there is a new set of exam? I'll taking the exam on Thursday and I will be revoking due to your comments that this dump is no longer valid. Is there anyone that took the exam and the questions are from this dump?

Hi Rick, Do you think that this dump is no longer valid?

I failed my exam today. Got around 55 new qestions.. :(

Hi Guys ,
I passed the exam today ,
but a got 890 ,i think some Ans in this dums are wrong so cross check the ans before going to exam.
all the question from this dums and comments.

Guys

Passed, 9xx points!!!!


The dump still valid.

Pay atention for the questions bellow.

And the order of questions is no the same.

Dump is valid. A few new questions comprehensively described below.

The lab is unfriendly! Namely interface of IDM simulator is obscuring different crucial options and it took a time for me to find required buttons.

Anyhow passed with 9xx.

Concluded my Security track. Going for voice now :)

First of all, thanks to all contributors! Passed on 9th May with 9xx with the dumps and feedback by contributors. You may go through the below points which appeared in my exam:

A) On the active signature window, there is an advanced option on bottom right corner. Drill down that window to miscellaneous tab. In the exam, it shows that window with following question: Meaning/Significance of IP Log option. Options were Signature logging(the one I selected, please cross-check), IPS syslog, SDEE, etc.

B) What makes a signature to fire once when an event occurred for an attacker address and thereafter does send a summary for all attacker addresses? Options were summary, global summary(the one I selected, please cross-check), summary key, event count. Reference: http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html

C) Which IPS engine process events and allows further correlation. Options were normalizer, atomic, service, meta engine(the one I selected, please cross-check).

D) Question from the dump: Which IPS alert action is available only in inline mode ? The answer should be "deny packet inline" but this option was not there as one of the alternatives. Please check.

E) which external product/service is used to check in-depth information of signature. Options were Cisco intellishield alert manager, Cisco mars, etc.(Rest of the options did not seem to be correct, I guess it's one of these two).

F) When you configure anamoly dection, which zones can be configured? Choose Three. Options were:
internal(Correct)
external(Correct)
dmz
illegal(Correct)
private
self

G) Lab and Hotspot same.

More questions/information fetched during my study of this forum:

A) Which command on a Catalyst Switch show span information? Options are: show monitor, show interface, show span (most probable answer), show session

B) What are the user types on the IPS?
Configuration --> Sensor Setup --> Users, click "Add" and under "User Role" you will see 4 types:
Administrator, Operator, Viewer, Service

C) How many sensing interfaces does the 4200 Series sensor have? Options: Varies depending on model(most probable answer), 2, 4, 8, 16. Reference: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/ps9157/product_data_sheet09186a008014873c_ps4077_Products_Data_Sheet.html

D) What does key word rotate means part of AD KB generation?
Anomaly detection creates an initial baseline, known as a knowledge base, of the network traffic. The default interval value for periodic schedules is 24 hours and the default action is rotate, meaning that a new knowledge base is saved and loaded, and then replaces the initial knowledge base after 24 hours.

E) Question gives you the command of "ips inline fail-open sensor sensorname", and ask if this command apply on IPS module (AIM/NME), ASA, or IPS 4200 series. Correct answer: AIP-SSM (ASA). Reference: http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ssm.html

F) "monitor session 1 GigabitEthernet 0/47 ingress". What is the ingress command for? Five alternatives to choose from. Reference: http://www.enterprisenetworkingplanet.com/netsysm/article.php/3766701/Troubleshoot-Your-Network-With-Cisco-SPAN-Ports.htm

Which command on a Catalyst Switch show span information?

show monitor
show interface
show span (answer)
show session

----------------------------------------------------------------

Which IPS engine process event and allowing further correlation?

ANSWER: Meta Engine

The Meta engine defines events that occur in a related manner within
a sliding time interval. This engine processes events rather than packets.

----------------------------------------------------------------

What are the user types on the IPS?

Configuration --> Sensor Setup --> Users, click "Add" and under "User Role" you will see 4 types:

Administrator
Operator
Viewer
Service

----------------------------------------------------------------

What does key word rotate means part of AD KB generation?

Anomaly detection creates an initial baseline, known as a knowledge
base, of the network traffic. The default interval value for periodic schedules
is 24 hours and the default action is rotate, meaning that a new knowledge base is saved and loaded, and then replaces the initial knowledge base after 24 hours

The scanner threshold is set to 120. Witch two statements about this histogram are true ?

B. From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses
D. You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations
So the anwers in this dump are correct.

Then i manage to remember 3 new questions.

1. From Cisco Security Manager, witch external component or service is used to access in-depth signature information?

A. Cisco Security MARS
B. Cisco IntelliShield Service
C. ScanSafe Service (my answer) but im not sure if this is right
D. Cisco SensorBase

2. Witch two statements accurately describe virtual sensor operations on the Cisco IPS appliance? (Chose two).

A. You must create a new instance or signature set for each new virtual sensor
B. Each wirtual sensor can have its own unique event action rules.
C. Creating a new virtual sensor creates a "virtual" machine on the Cisco IPS appliance.
D. The packet processing policy is virtualized.
E. vs0 can be cloned then deleted.

My choices werde B & D also not sure if they are right.

3. Witch four user privilege levels are available on the Cisco IPS appliance? (Chose four).

A. administrator
B. User
C. operator
D. viewer
E. root
F. service

Correct should be A,C,D,E

A) On the active signature window, there is an advanced option on bottom right corner. Drill down that window to miscellaneous tab. In the exam, it shows that window with following question: Meaning/Significance of IP Log option. Options were Signature logging(the one I selected, please cross-check), IPS syslog, SDEE, etc.

B) What makes a signature to fire once when an event occurred for an attacker address and thereafter does send a summary for all attacker addresses? Options were summary, global summary(the one I selected, please cross-check), summary key, event count. Reference: http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html

C) Which IPS engine process events and allows further correlation. Options were normalizer, atomic, service, meta engine(the one I selected, please cross-check).

D) Question from the dump: Which IPS alert action is available only in inline mode ? The answer should be "deny packet inline" but this option was not there as one of the alternatives. Please check.

E) which external product/service is used to check in-depth information of signature. Options were Cisco intellishield alert manager, Cisco mars, etc.(Rest of the options did not seem to be correct, I guess it's one of these two).

F) When you configure anamoly dection, which zones can be configured? Choose Three. Options were:
internal(Correct)
external(Correct)
dmz
illegal(Correct)
private
self

G) Lab and Hotspot same. Practice through IPS simulation recommended!

H) Answer options are all re-arranged.

Passed,, 900.
any way what is IPS stand for???

did the today 25-07-2012 dump still valid. 8 new one
refer the this link http://www.proprofs.com/quiz-school/story.php?title=ips-v7-test-a , test-b and test-C
thanks for all

hi
i took the exam yesterday 25-07-2012.
the dump is still valid

5 or 6 new questions, nothing to worry about.
regarding the lab , the last question of the red treshold should be found in the configuration/policies. at the buttom of the right page, therre is a value of 90 it should be changed to 80 with an apply.
also in the lab ther is no such 15 value in the risk categoryas mentionned in the show answer, you should find the dropdown list that list the mycustomrisk risk category created and then you can assign the actions

Friends,

IPS completes CCNP sec. dumps are good, almost seen all questions. but there are quite a few new questions. ones that i remember are below,

1. what are the user types on IPS?
2. what make a signature to fire once when a event occurred for an attacker address and thereafter does send a summary for all attacker addresses ?

options : summary, global summary, summary key, event count.

i have choosen global summary, hope this is correct since questions says summary for all attackers.

3. what does key word rotate means part of AD KB generation ?
4. on the active signature window, there is a advanced option on bottom right corner, when we drill down that window to miscellaneous tab ? on the exam it shows that window with few answers, so please navigate that window and understand the options there.

sorry friends, there are even few more, but thats all i can remember. but please note, those are really straight forward, please do enough home work.

try to get he Michael Shannon new IPS7.0 CBT and watch out. that helps you being a IPS expert and moreover you will be successful in the exam.

all the best to everyone and special thanks to chips. you rock !!!

thanks/s v

Which three statements about the Cisco IntelliShield Alrt Manager are true?(Choose three)
A- Alert iformation is analyzed and validated by Cisco security analysts.
B- Alert analysis is vendor-neutral.
C- The Built-in workflow system provides a machanism for tracking vulerability remediation and integration with Cisco Security Manager and Cisco Security MARS
D- Users can customize the notification to deliver tailored information relevant to the needs of the organization.
E- Customers are automatically subscibed to the Cisco Security IntelliShiled Alert Manager Service with Cisco IPS license.
F- More than q0 reports types are available within the Cisco Security IntelliShield Alert Manager Serice.

Correct: A-C-D

VALID dump with 5 new ques

TWO
.........

Two config needed for Security MARS to

application to pull IPS in Prom mode


All the best every1

Valid dump

One two ques
ONE
......
Default on IPS 4200
a. password recovery enabled
b. telnet disabled
c. Web port is 80
TLS/SSL diabled
IP is 192.168.1.2 and
g/w is 192.168.1.1

dump is very valid
Did the exam yesterday. Passed with 840 with a couple of new questions but they are in the comments. Maybe 3 new questions but cannot remember.

What does the following do???


Switch# show monitor session 2
Session 2
----------
Source Ports:
RX Only: Fa5/12
TX Only: None
Both: None
Source VLANs:
RX Only: None
TX Only: None
Both: None
Destination Ports: Fa5/45
Filter VLANs: 1-5,9
Switch#

Dump is valid. Thanks Mr Chips

New questions
The scanner threshold is set to 120. Witch two statements about this true ?

B. From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses
D. You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations


1. From Cisco Security Manager, witch external component or service is used to access in-depth signature information?

A. Cisco Security MARS
B. Cisco IntelliShield Service
C. ScanSafe Service
D. Cisco SensorBase

2. Witch two statements accurately describe virtual sensor operations on the Cisco IPS appliance? (Chose two).

A. You must create a new instance or signature set for each new virtual sensor
B. Each wirtual sensor can have its own unique event action rules.
C. Creating a new virtual sensor creates a "virtual" machine on the Cisco IPS appliance.
D. The packet processing policy is virtualized.
E. vs0 can be cloned then deleted.


3. Witch four user privilege levels are available on the Cisco IPS appliance? (Chose four).

A. administrator
B. User
C. operator
D. viewer
E. root
F. service

Going 2 do exam on 23rd July.
Could somebody point me 2wards
the IPS study guide.
Pointless to know nothing and
pass exam
Many thanks

Passed with 944. * new questions
All mentioned in the comments
All the best

DUMP is 100% valid

I did the exam yesterday. Passed 937. Dump still valid with 2 new questions.

yeah thnx to chips n others
i've done my xam yesterday n passed with 9xx
this dump is still valid.
got 8 new question out of which 4 were mentioned in the comments
so 4-5 really new question
sorry guys I remmember only 2 of those
1) features about Event Store
2) qstn regarding alarm firing once and then sending summary to all the devices..

Yes Same Lab and Simlet

same lab and simlet

@elie R : Was the labs and simlets same as in the dumpz ?
I will be writing xam within 2 days. So plz tell me ?
Is this dump still valid ?

I presented the exam today , i passed it with a score of 917 , it is valid but you have to pay attention on the orders because they change the orders of the possible answers and there is nearly 10 new questions from these :

1)command to see the Event Store from the CLI?
Answer : show events ( From the top-level prompt of the CLI, events can be displayed through the show
events command)

2)Command and control interface.. Answer : it is the management Interface (The command and control interface on these sensors is called Management0/0)

3)When they ask about correlation of signatures into higher level the answer is (Meta Engine)



4)search about IPV6 and IPV4 signature features in common or something like this .

2 new question.

1. command and control interface in IPS4200 is?
Answer - Management0/0

2. Which format you can download IPS report.
Answer - PDF and CSV
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/ips_manager/3.0/user/guide/ch009.html#wp241472

@Omar Naseem,

What were the questions? Do you remember the chapters?
Thanks for the information

passed today with 938 points Alhamdulillah.!!
around 8 new questions, lab totally identical to chips vce.

Hello Guys

I'm going to go for exam 642-627 in this month. What was new questions in this exam? Which chapters I'm must study hard?

Please help me. I must passed this exam until 10 August. 10 August I become the father.

Thanks , for the information, Today I Pass the Exam, , It has five new question,

I remember one: What Signature Support IPV4 and IPv6? Check this.

Best Regards,

hi all
just passed an hour ago. scored 948.
dumps are valid
YES ! there are up to 10 new question, so study well and good luck.
i will try to recall and update new question
Thanks to chips and all.

@Kasonta, @Mfarouk7900, thanks a lot, guys!

i HAVE passed today with 958 the dump is still valid

Dear Ruslan

The following is the CBT nuggets torrent
http://www.demonoid.me/files/details/2878439/0012965386113/

and this is the pdf

http://www.4shared.com/office/yd8r-bVj/CCNP_Security_IPS_642-627.htm

Hi Ruslan
The dirrefence is course contecnt where the 642-533 IPS V6is the old module and cisco introduced the new Course contect which is 642-627 IPSV7.

Kasonta

Hi, guys!
could anybody explain me the difference between 642-533 and 642-627 exams, please?
and where can i find material/books for getting knowledge for this? i want to study myself. i've just found some cbtnuggets for 642-533
thanks in advance

Passed yesterday with 88X, so this dump is still valid i had about 5 new questions, and did some mistakes in the questions in this dump but still Pass.

The scanner threshold is set to 120. Witch two statements about this histogram are true ?

B. From a single source you do not expect to see nonestablished connections to more than 100 different destination IP addresses
D. You do not expect to see more than 10 sources generate nonestablished connections to 5 or more different destinations
So the anwers in this dump are correct.

Then i manage to remember 3 new questions.

1. From Cisco Security Manager, witch external component or service is used to access in-depth signature information?

A. Cisco Security MARS
B. Cisco IntelliShield Service
C. ScanSafe Service (my answer) but im not sure if this is right
D. Cisco SensorBase

2. Witch two statements accurately describe virtual sensor operations on the Cisco IPS appliance? (Chose two).

A. You must create a new instance or signature set for each new virtual sensor
B. Each wirtual sensor can have its own unique event action rules.
C. Creating a new virtual sensor creates a "virtual" machine on the Cisco IPS appliance.
D. The packet processing policy is virtualized.
E. vs0 can be cloned then deleted.

My choices werde B & D also not sure if they are right.

3. Witch four user privilege levels are available on the Cisco IPS appliance? (Chose four).

A. administrator
B. User
C. operator
D. viewer
E. root
F. service

Correct should be A,C,D,E on behalf of post of Varun

Can some one please explain the LAB ?
i am unable to understand !

I passed today. No worries this dump is still valid for passing my new question are all reportet here:
- What are the user types on the IPS?
- Configuration option required IPS to allow MARs to login into IPS
- default configuration for IPS 4200 series comes with which options ( telnet is disabled, SSH enabled , default ip address 192.168.1.2. with gateway 192.168.1.1
-F) When you configure anamoly dection, which zones can be configured?

SIM and LAB are the exactly the same and order of answers were changed.
Understand the stuff with CBT, learn the dump and the reported question.Have fun :-)
Thanks Chips & Friends

I passed yesterday with 9XX , as everybody said the order of the answers was changed , so take care , Lab and sim are the same , and about 4-6 questions new
as mentioned by other ppl.
with you all good luck and thanks for sharing.

passed 2day with score 938 about 7 questions were new.the sim is the same as the dump.. tc because all the answers order were different and about the question that asks about scanner threshold set to 120,
i selected option A & D and got 100% in Advanced Troubleshooting .
goodluck and thanks

8 new questions scored 9xx

I passes the exam last week with 9xx, so the dump is valid, just 5 new questions.
you should be good to go.

Hi All,
Any one can help me out, how to get IDM image to work on GNS.

Thanks to Chips&Steaks, I passed my exam with 967 marks, i changed answers in Q1 and Q2 , Q3 and Q4 were new questions, Please check and confirm the answers
1) Which four parameter are used to configure how often IPS generate alerts when signature is firing?
i selected summary mode,summary interval, global summary threshold and summary key.
2) question about scanner threshold set to 120,
i selected option A & D and got 100% in Advanced Troubleshooting
3) configuration option required IPS to allow MARs to login into IPS
4) default configuration for IPS 4200 series comes with which options ( telnet is disabled, SSH enabled , default ip address 192.168.1.2. with gateway 192.168.1.1 etc please check and confirm the answer.
im sorry couldn't remember more questions

Tnx to God n i apprec. gud job done by Chips. I passed 2day. Anyone nxt to do this exam shld prepare very well. They are changing the Qs gradually. Dou the dumb z still valid just need little extra work.

Forgot to add, when doing the dump in VCE, shuffle the answers.
Exam>Options>Randomize choices where enabled

just passed today. 927. This dump does it plus some new questions. Go through this dump.

Dear All,
Yesterday I Passed with 917, still the dumps is valid , anyone can go for exam..5 new questions..same sim n lab

Still valid, 5 new questions.

Alhamdulillah- All Praise to ALLAH, I cleared my exam 2 days back with this exam guys. Thanks to the uploader.

hello guys ..

Thank to chips for this dump and to all person who put feedback or any information.

i did the exams yesterday 16/5/2012 and still valid i got 927 and there are around 6 new questions.

More questions/information fetched during my study of this forum:

A) Which command on a Catalyst Switch show span information? Options are: show monitor, show interface, show span (most probable answer), show session

B) What are the user types on the IPS?
Configuration --> Sensor Setup --> Users, click "Add" and under "User Role" you will see 4 types:
Administrator, Operator, Viewer, Service

C) How many sensing interfaces does the 4200 Series sensor have? Options: Varies depending on model(most probable answer), 2, 4, 8, 16. Reference: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/ps9157/product_data_sheet09186a008014873c_ps4077_Products_Data_Sheet.html

D) What does key word rotate means part of AD KB generation?
Anomaly detection creates an initial baseline, known as a knowledge base, of the network traffic. The default interval value for periodic schedules is 24 hours and the default action is rotate, meaning that a new knowledge base is saved and loaded, and then replaces the initial knowledge base after 24 hours.

E) Question gives you the command of "ips inline fail-open sensor sensorname", and ask if this command apply on IPS module (AIM/NME), ASA, or IPS 4200 series. Correct answer: AIP-SSM (ASA). Reference: http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ssm.html

F) "monitor session 1 GigabitEthernet 0/47 ingress". What is the ingress command for? Five alternatives to choose from. Reference: http://www.enterprisenetworkingplanet.com/netsysm/article.php/3766701/Troubleshoot-Your-Network-With-Cisco-SPAN-Ports.htm

First of all, thanks to all contributors! Passed on 9th May with 9xx with the dumps and feedback by contributors. You may go through the below points which appeared in my exam:

A) On the active signature window, there is an advanced option on bottom right corner. Drill down that window to miscellaneous tab. In the exam, it shows that window with following question: Meaning/Significance of IP Log option. Options were Signature logging(the one I selected, please cross-check), IPS syslog, SDEE, etc.

B) What makes a signature to fire once when an event occurred for an attacker address and thereafter does send a summary for all attacker addresses? Options were summary, global summary(the one I selected, please cross-check), summary key, event count. Reference: http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/clisgdef.html

C) Which IPS engine process events and allows further correlation. Options were normalizer, atomic, service, meta engine(the one I selected, please cross-check).

D) Question from the dump: Which IPS alert action is available only in inline mode ? The answer should be "deny packet inline" but this option was not there as one of the alternatives. Please check.

E) which external product/service is used to check in-depth information of signature. Options were Cisco intellishield alert manager, Cisco mars, etc.(Rest of the options did not seem to be correct, I guess it's one of these two).

F) When you configure anamoly dection, which zones can be configured? Choose Three. Options were:
internal(Correct)
external(Correct)
dmz
illegal(Correct)
private
self

G) Lab and Hotspot same. Practice through IPS simulation recommended!

H) Answer options are all re-arranged. Study carefully!

the dump is valid, but there are about 5-6 new question.

hotspot and sim is same, the new question i remember about SDEE and about IP Reassembly in sig0 advance option

Hi kohtwe
please the question of the histogram exhibit in this exam The Answer was b
&d can anyone check that for me because i think The Answer was a&D

Hi Ratan,
All are from chips dumps except 6 new question. Good luck!

kohtwe
whats about LAB & SIM.. is this same as chips dumps?

Thank you my friend...

Hi Jinoy,

Just now i passed the exam, total 70. 1 Simulation , 6 drap and drop.
6 new questions. I got the score 917. You can pass! No worry. Go and take.

Hi kohtwe please update us after ur exam then we need to plan for exam, thanks in advance,

Hi all, I'm going to exam on next Tuesday, please help me,
how many simulation, simlat, drap n drop and questions?

Thanks,
ko htwe

Another different question that came up today was: How many sensing interfaces does the 4200 Series sensor have?

Options were:

- Varies depending on model (answer)
- 2
- 4
- 8
- 16


http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/ps9157/product_data_sheet09186a008014873c_ps4077_Products_Data_Sheet.html

Thanks Mr Chips and contributors and study hard!

Passed today. Still valid. Thanks Chips (Everyone else too). 4 to 5 questions that I didn't recognized.

please the question of the histogram exhibit in this exam was b
&d can anyone check that for me because i think it was a&D

Hi Misbah
plz explain about Lab & SIM...

Hi,
Passed IPS Exam 16-04-2012. 100% valid. 5 to 6 new Question.
Any one can feel free contact me.

Hey Superman,

My choices were "show span" and "show monitor", I went with "show span"

To me, before you can use "show monitor session 1" you first must have "monitor session 1" configured. The question ask which command show span information. I picked my answer base on cisco command reference. "show span" would show me the ports that are being spanned, but I could be wrong. Good luck everyone!

Example

These examples show how to display SPAN information for the switch. In this example, the SPAN source is port 2/1 and the SPAN destination is port 2/12. Both transmit traffic and receive traffic are monitored. Normal incoming packets are disabled on the SPAN destination port.

Console> (enable) show span

Status : enabled
Admin Source : Port 2/1
Oper Source : Port 2/1
Destination : Port 2/12
Direction : transmit/receive
Incoming Packets: disabled

Console> (enable)

http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/command/reference/sh_sp_te.html#wp32885

Hi superman,
plez explain about LAB & SIM about this exam.. i really need it.

please the question of the histogram exhibit in this exam was b
&d can anyone check that for me because i think it was a&D

i just passed my exam . 7 new questions .. I remember the following:

2- how to check the span on the cli

a)show interfaces
b)show span
c)show session
d)show monitor (* I'm 90 % sure that this is the correct answer - pls. Mr.Security replay if you disagree)

see below please

Switch# show monitor session 2
Session 2
----------
Source Ports:
RX Only: Fa5/12
TX Only: None
Both: None
Source VLANs:
RX Only: None
TX Only: None
Both: None
Destination Ports: Fa5/45
Filter VLANs: 1-5,9
Switch#

__________________________________________________________



2- It gives you the command of "ips inline fail-open sensor sensorname", and ask if this command apply on IPS module (AIM/NME), ASA, or IPS 4200 series.

Correct answer: AIP-SSM (ASA)

__________________________________________________________

3- * I DON'T REMEMBER THE QUESTIONS BUT THE ANSWER IS: ** Log Attacker Packets

__________________________________________________________

sorry guys this is all i can remember for now ,, if i remembered any thing i will come back to post it for your


finally thank you so much Chips for this great dump, and thank you everyone for sharing ..really great work

Hi Mr. Security.
whats about LAB.plz comment..

I passed the test about a week ago with a 9XX. Big thanks to Chips and everyone on here. There are 7 new questions and here are the answer to 4 of them. Study hard and good luck!

Which command on a Catalyst Switch show span information?

show monitor
show interface
show span (answer)
show session

----------------------------------------------------------------

Which IPS engine process event and allowing further correlation?

ANSWER: Meta Engine

The Meta engine defines events that occur in a related manner within a sliding time interval. This engine processes events rather than packets.

----------------------------------------------------------------

What are the user types on the IPS?

Configuration --> Sensor Setup --> Users, click "Add" and under "User Role" you will see 4 types:

Administrator
Operator
Viewer
Service

----------------------------------------------------------------

What does key word rotate means part of AD KB generation?

Anomaly detection creates an initial baseline, known as a knowledge base, of the network traffic. The default interval value for periodic schedules is 24 hours and the default action is rotate, meaning that a new knowledge base is saved and loaded, and then replaces the initial knowledge base after 24 hours

Hi to everyone i read the dumps i saw hotspot question but not seen lab question plz confirm will the lab question be part of eaxm or not

Friends,

IPS completes CCNP sec. dumps are good, almost seen all questions. but there are quite a few new questions. ones that i remember are below,

1. what are the user types on IPS?
2. what make a signature to fire once when a event occurred for an attacker address and thereafter does send a summary for all attacker addresses ?

options : summary, global summary, summary key, event count.

i have choosen global summary, hope this is correct since questions says summary for all attackers.

3. what does key word rotate means part of AD KB generation ?
4. on the active signature window, there is a advanced option on bottom right corner, when we drill down that window to miscellaneous tab ? on the exam it shows that window with few answers, so please navigate that window and understand the options there.

sorry friends, there are even few more, but thats all i can remember. but please note, those are really straight forward, please do enough home work.

try to get he Michael Shannon new IPS7.0 CBT and watch out. that helps you being a IPS expert and moreover you will be successful in the exam.

all the best to everyone and special thanks to chips. you rock !!!

thanks/s v

Hi Folks,

I passed in IPS 7.0 exam studying also with this material (I got more than 900).
But, there were additional quastions that is not in the material, like, for example, "monitor session 1 GigabitEthernet 0/47 ingress". What does the ingress command for ? (or something like this) and then there were a five alternatives to choose. Another important recomendation: Keep in mind that for many questions, they change the position of the alternatives..
And more than this, they disappear with the answer of this material, for example: Which IPS alert action is available only in inline mode ? The answer should be "deny packet inline" but this options doesn't exist and the other options all of them existe in the IPS material comparing the inline mode to promiscous mode. So, for this question I don't know the right answer ..
There was another question regarding the Rotate word and its meaning about the Anomaly detection mode..
But, fortunately, i got success with this material.
Thank you all of you that post all the tips and tricks.

:-)

Thank you chips. This dump is still good to pass the exam. I got 7 new questions. 2 of them are #1 & 3 in the below post. The rest of them are not that bad if you studied.

Guys, I passed with 938/1000 using this guide yesterday (26th Mac 2012). It is valid with 4-5 new questions.

I just want to share the new questions while my memory still fresh.

1. The command to check for span and rspan session configured in switches. Answers choices are like "show session" , "show monitor", "show interface" , etc.Please check and verify answer.

2. It gives you the command of "ips inline fail-open sensor sensorname", and ask if this command apply on IPS module (AIM/NME), ASA, or IPS 4200 series. -- It won't be IPS 4200 and should be ASA. But please check and verify answer.

3. Remember there's an existing question about configuration required on IPS so that it can integrate with CSM? The answer is configure TLS/HTTPS + allowing CSM host. Now there's a new one about configuration required for integration with Cisco MARS. Im not sure the answer either, please check and verify.

4. This question about which IPS engine process event and allowing further correlation. The answers options are "normalizer", "atomic", "service", and some I can't remember. Please check and verify.

So far that's what I can remember. All the best!

Hi Sobia Khan,
I saw your posts on this page again, can you please share your contact # so i can ask you regarding CCSP Exams. Thanks a lot.
My contat number is 0092-300-8416509

i 4got to tell you that most of the questions answers were re-aranged so take care.

I have passed yesterday with score 927/1000 , i got 70 questions and the time was 2 hours, it was more than enough i finished the exam in 1 hour, there was about 5 or 6 new questions , one of the new question was about which command ti show the SPAN traffic on the Catalyst switch "show span or show interface or show monitor or show traffic " , most of the other new questions regards the IDM so study it carfully and have a similt.

Good Luck all

Passed 642-627 (IPS Exam) today with 897/1000 score and that completes my CCNP Security exam ! 7-8 new questions and almost all MCQ options were rearranged that made it very confusing ! Lab and SIMLET still the same.."Match the following" questions are exact same - no rearrangements, not all questions were there though !!

All the best to all aspirants !!

What are the steps involved with creating risk category ?

Thanks

Hi Guy
I cleared my exam today 9xx dumps still valid lab and simlet all from dump , but around 7 or 8 new questions and he MCQ answers are re-arranged.

Thanks all of you and all the best

This is dump valid
I have 783 point

sorry Forgotten
I have 70Q and min score 783

March 2, Dump is still valid, lab and simlet all from dump. 4 ~ 5 new Question

March 2, Dump is still valid, lab and simlet all from dump. offcourse the MCQ answers are re-arranged completely. 6 to 8 new questions. Thank you Dump !!!!

Does anyone have a link to the electronic version of the Centification Guide?

@SL,
SL, do you remember the new questions came for the exam, if you remember, please post it.Thanks

The dump is valid and around 8 new questions, the answers may not have A-D choices, it changed to 口 for you to tick the correct answer so you need to know the actual answer instead of ABCD. GOOD luck

@abzulman
Hi Abzulman, do you remember the new questions came for your exam, please post it. Thanks

yest cleared the exam with 938 . 5- 6 new questions. the rest are all from the dumps (including the lab & simlet).ofcourse , the MCQ answers are re-arranged completely.

All the best

@John
type ime-7.0.1 in rapidshare.com, you will find it.

Can someone post a link to the Cisco IDM demo.

Passed the test yesterday using this dump. The simulation question of requiring you to create a new Event Action Override is the same. The testlet is similar but not all the questions were the same. You need to be a little familiar with the IDM to figure out where the relevant configuration can be viewed. Its not that bad though because non-relevant tabs / sections in the testlet are not clickable!

MCQs were almost all from the dump BUT not all. I got ard 7 new questions (10%). If you did a little extra reading up and studying up Cisco IPS concepts you will be fine.

Good luck!

Passed with 9xx/1000.
Prepare with dumps properly, so that you know exactly what the answer is.
The MCQ's are not in order and also. the extra options added also look similar to the correct answers.
Study well.

All the best.

What is everyone using to practice the Sim/Lab? I have the IPS Manager Demo but the CONFIG screen is blank??? Can someone point me in the right direction? I also have the ASDM Demo.
Thanks for your help

Tested today, most of the answers were rearranged, and there is a few new questions. If you use this dump, you need to leard the correct answers, not the order or the letters.

Hi all,

Today i just finish 642-627 IPS exam. Have some comments:
- Almost questions are in the Chip's dump. But the postion is different, quite difficult to remember exactly multi choice question.
- Lab and simlet still is valid.
- About 5-7 new questions.

Finally, i have 886 points, enough to pass. Good luck to next candidates.

Thanks,

Lam

I found only 76 questions in this dumps?? Is it like that only?? or problem with my VCE ?? Please advise me if i have to go through another dumps

I have found the link to the PDF for ccnp security ips 642-627 and it has downloaded and opened fine. NO I WILL NOT EMAIL IT TO YOU.Follow the link below

http://search.4shared.com/q/CCAD/1/CCNP%20Security%20IPS%20642-627

Anyone have a clear picture or a way of doing the this SIM on the Exam? I have downloaded the lastest dump, I just want to make sure before taking the exam. Anyone else have anything to contribute to this test? Please advise ~Cheers

@Chips
Really thanks , I got 876/1000 , 60 Questions all from this Dump including lab and drag and drop.

I am now in 642-637. wish me for Good Luck.

Which signature action should be selected to cause the attacker's traffic flow to terminate when the Cisco IPS appliance is operating in promiscuous mode?

A- deny connection
B- deny attacker
C- reset TCP connection
D- deny packet, reset TCP connection
E- deny connection, reset TCP connection

Correct: B

Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tunning the Cisco IPS appliance to reduce false positive?(Choose two)

A- Subtract all aggressive actions using event action filters.
B- Enable anomaly detection learning mode.
C- Enable verbose alerts using event action overrides.
D- Decrease the number of events required to trigger the signature.
E- Increase the maximum inter-event interval of the signature.

Correct: A-E

Which three statements about the Cisco IntelliShield Alrt Manager are true?(Choose three)
A- Alert iformation is analyzed and validated by Cisco security analysts.
B- Alert analysis is vendor-neutral.
C- The Built-in workflow system provides a machanism for tracking vulerability remediation and integration with Cisco Security Manager and Cisco Security MARS
D- Users can customize the notification to deliver tailored information relevant to the needs of the organization.
E- Customers are automatically subscibed to the Cisco Security IntelliShiled Alert Manager Service with Cisco IPS license.
F- More than q0 reports types are available within the Cisco Security IntelliShield Alert Manager Serice.

Correct: A-C-D

try to setup the full VCM program not the trail one , only the trail gives you 5 Qs Only

Dear,
I start the ASDM demo Mode , But when i click the IPS section , Show the error,
[Your current java memory heap size is less than 256MB..]
I set in the parameters but all inn vain,

Please Guide me,

Any recommendation on BOOKS. Do any one have soft copy

Thanks chips this dump is gr8. Today i passed and scored 893.
In my exam lab simulation did not work at all thats why i got 893.
i have scored 100% in all sections except lab question.

A cisco catalyst switch is experiencing packet drops on SPAN destination port that is connected to an cisco IPS appliance.
Which three configurations should be considered to resolve the packet drop issue?

Correct answer

A) Configure an additional SPAN session to a different cisco IPS appliance interface connected to the same virtual sensor.
B) Configure an Etherchannel bundle as the SPAN destination port.
D) Configure VACL capture.

ABD are correct answers.