Transcription
IBM C2150-620IBM Security Network Protection (XGS) V5.3.2System AdministrationIBM C2150-620 Dumps Available Here m/c2150-620-dumps.htmlEnrolling now you will get access to 60 questions in a unique set ofC2150-620 dumpsQuestion 1A System Administrator has been seeing a lot of SSLv2-Weak Cipher attacks reported on the network andwants to increase the severity of the events.How can this be accomplished?Options:A. Modify the Threat Level of the signature.B. Create an Incident in SiteProtector for SSLv2 Weak Cipher.C. Modify the Event Log response for the Intrusion Preventions Object.D. increase the X-Force Protection Level for the Intrusion Prevention Object.Answer: DExplanation:What do the various Protection Levels in the X-Force Virtual Patch and Trust X-Force Defaults mean?Answer: For Security Network IPS (GX) sensors, there is an X-Force Virtual Patch policy that is used todetermine which signatures are enabled by default (this feature is enabled by default but can be disabled).On Security Network Protection (XGS) sensors, this same Protection Level can be specified for each IPSObject in the Intrusion Prevention Policy.Note: Intrusion Prevention Object – Threat level protectionX-Force Virtual Patch Protection Levels- NoneDo not enable any signatures by default. This option is for a user that wants complete control over whichsignatures get enabled.- ModerateThe moderate policy enables most attack events for a good level of security protection with minimal chanceof false alarms. The moderate policy is designed for users who intermittently monitor security events andminimally manage the IPS configuration.- Aggressivehttps://www.certification-questions.com
IBM C2150-620The aggressive policy enables a high percentage of attack events for a high level of security protection witha chance of false alarms. The aggressive policy is designed for users who perform testing and tuningbefore IPS deployment, and who closely monitor security events and occasionally fine-tune the IPSconfiguration.- ParanoidThe paranoid policy enables almost all attack events (including events from the latest XPUs) for a very highlevel of security protection with significant chance of false alarms. The paranoid policy is designed for userswho perform considerable testing and tuning before IPS or XPU deployment, and who closely monitorsecurity events and frequently fine-tune the IPS configuration.References: http://www-01.ibm.com/support/docview.wss?uid swg21701441Question 2A System Administrator wants to configure an XGS so that when the SSH Brute Force security event istriggered against machine Server1, any further traffic from the source IP address contained in the securityevent alert is dropped for a timed period.How should the System Administrator configure the XGS to perform this?Options:A. Edit the properties of the SSH Brute Force security event and create a quarantine response toblockthe source IP.B. Create a Network Access policy object to drop all traffic from the source IP contained in thesecurityevent alert to Server1.C. Create a Network Access policy object with a quarantine rule to block the source IP when thesecurityevent is triggered against Server1.D. Create an IPS Filter policy object for the SSH Brute Force security event with a Victim addressofServer1 and a quarantine response to block the source IPAnswer: CExplanation:QuestionWhy are some events allowed after setting a block response?CauseMost network attacks are carried out in a single packet or in several packets that are reconstructed into asingle "session." For these attacks, the Block response in the XGS Intrusion Prevention policy isappropriate to use, and is translated into a block packet response and/or into a block connection response.Certain events, however, are classified as "non-sequitur." Non-sequitur events are events that require ahttps://www.certification-questions.com
IBM C2150-620succession of packets to occur before the signature is triggered. For example, a port scan signature mayrequire a succession of ten port probes before the signature would trigger. In this case, many of theoffending "packets" would have already passed through the system.AnswerFor these types of signatures, you must set the Quarantine response in addition to the Block responseunder the Default Repository Shared Objects Intrusion Prevention select signature Edit enablethequarantine response under the Quarantine tab Save. The quarantine response blocks the offending IP fora period of time, ensuring that the remaining probes do not get through. The standard block packet or dropconnection responses (set by the Block response) are ineffective in stopping this kind of activity when notused in conjunction with Quarantine.List of non-sequitur events include SSH Brute Force.References: http://www-01.ibm.com/support/docview.wss?uid swg21687475Question 3A System Administrator needs to create a pcap capture file which contains the FTP traffic inspected by theXGS and therefore has enabled the FTP Get signature in the Default IPS Object.Which other action needs to be performed to ensure that the desired capture file is available in the LocalManagement interface (LMI) for this event only?Options:A. Select "Log With Raw” on the FTP Get signature that was enabled.B. Configure "Capture Connection” on the Response tab for the Default IPS Object.C. Enable the tools capture pinterface from the command line filtering by FTP Get event.D. Configure "Capture Connection” on the Response tab for an IPS Event Filter Policy rule forFTP Getevent.Answer: AExplanation:Log With Raw is a feature of XGS that logs a summary and the associated packet capture for the IPS eventor OpenSignature event. The content of the packet capture is displayed in SiteProtector through the EventDetails, which can be used for network forensics and investigation.References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition,Version 2.0, page 260Question 4A Security Administrator want to block access to streaming video on a news website.Which object should be used and how should it be configured?https://www.certification-questions.com
IBM C2150-620Options:A. Use an IP Reputation object with the streaming video option enabled.B. Use a URL Category object with the News/Magazine category enabled.C. Use a Web application object with the stream/download action for the website.D. use a URL Category object with the News/Magazine category enabled and a Non-Webapplication withvideo streaming protocols.Answer: CExplanation:Use Web Application objects to control access to categorized types of web-based applications and tocontrol how people use them on your network. The Network Protection database provides an indexed list ofWeb Application categories that you can block or limit access to on your network. These categories includeweb mail, social networking, and gaming sites.In addition to blocking or limiting these site categories, you can prohibit users from performing specificactions on many of these sites. You can allow users to view social media sites such as YouTube or Flickr,but not allow users to post to them. Or you can allow users to view and to post to networking sites, such asFacebook or Myspace, but not to upload photos or to play games.Example: Block video on cnn.comOn the Web Applications tab, click the Filter button and create a filter.The Filter returns a list of Web Applications with news content and the associated Actions. Add cnn.com –Stream/Download to the Added Web Application Actions list. Click SaveConfiguration.Etc.References: Implementation Guide for IBM Security Network Protection ('XGS for Techies') second edition,Version 2.0, pages 74-78Question 5A System Administrator is preparing to manage an XGS appliance using the SiteProtector System.Which three management actions can be performed? (Choose three.)Options:A. Apply a snapshot.B. Restart the appliance.C. Configure Static Routes.D. Create a Firmware backup.E. Manage the Appliance SSL m
IBM C2150-620F. Change the Flexible Performance Level.Answer: A, D, EQuestion 6A Security Administrator wants to enable a block page to alert users when they attempt to access HTTPwebsites that are blocked due to a Network Access policy (NAP) rule.How should the Administrator achieve this?Options:A. Add a NAP rule with an action of Drop.B. Add a NAP rule with an action of Reject.C. Add a NAP rule that has an action of Do Not inspect and then set the response object to BlockPage.D. Add a NAP rule with an action of Reject (Authenticate) and then create a special user groupthat hasdefault action of Block HTTP.Answer: CQuestion 7The System Administrator has discovered the XGS device is overloaded and is dropping legitimate traffic.Which setting is likely responsible for this behavior?Options:A. Unanalyzed policy configurationB. TCP resets- TCP reset interfaceC. Fail Closed hardware bypass modeD. LogDB response enabled on NAP rulesAnswer: AQuestion 8A System Administrator notices a large amount of bandwidth being used by one of the web applicationservers on an unexpected destination port.Which method can the System Administrator use to review a sample of that s.com
IBM C2150-620A. Add an event filter for the IP address in question and assign it a packet capture response.B. Start a capture after adding filters specifying the source IP address and destination port.C. Use the tcpdump command to generate a capture and specify the src host and dst port values.D. Create an NAP rule specifying the source host address, web application, and a captureresponse.Answer: BQuestion 9A System Administrator wants to create an IPS Policy using X-Force recommended signatures, but doesnot want any signatures to be used in a blocking mode.Which configuration option within the IPS Policy will provide this capability?Options:A. Edit the IPS Policy object and uncheck ‘Enable X-Force Protection Level Blocking’.B. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘None’.C. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘Moderate’.D. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘Aggressive’.Answer: BExplanation:X-Force Virtual Patch Protection Levels- NoneDo not enable any signatures by default. This option is for a user that wants complete control over whichsignatures get enabled.Question 10A System Administrator of a banking organization has become aware of some malicious traffic to its IBMSecurity Network Protection (XGS) appliance. The logs show patters of Denial of Service (DoS) attack anda lot of encrypted packets targeted to the M.1 port of the XGS appliance coming from an internal laptop IPaddress.What should the System Administrator do next?Options:A. Configure Management access policy to restrict access.B. Configure Inbound SSL policy to inspect and drop such traffic.https://www.certification-questions.com
IBM C2150-620C. Configure Management access policy to set the management port as TCP reset port.D. Configure Network access policy and Intrusion Prevention Policy to block DoS attacks.Answer: BWould you like to see more? Don't miss our C2150-620PDF file ions.com
Answer: For Security Network IPS (GX) sensors, there is an X-Force Virtual Patch policy that is used to determine which signatures are enabled by default (this feature is enabled by default but can be disabled). On Security Network Protection (XGS) sensors, this same Protection Level can be specified for each IPS
