IBM C2150-620 - IBM Security Network Protection (XGS) V5.3.2 System Administration Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Topic 1)
A System Administrator notices a large amount of bandwidth being used by one of the web application servers on an unexpected destination port.
Which method can the System Administrator use to review a sample of that traffic?
Which method can the System Administrator use to review a sample of that traffic?
A. Add an event filter for the IP address in question and assign it a packet capture response.
B. Start a capture after adding filters specifying the source IP address and destination port.
C. Use the tcpdump command to generate a capture and specify the src host and dst port values.
D. Create an NAP rule specifying the source host address, web application, and a capture response.
Answer: B
Question #7 (Topic: Topic 1)
A System Administrator needs to create a pcap capture file which contains the FTP traffic inspected by the XGS and therefore has enabled the FTP_Get signature
in the Default IPS Object.
Which other action needs to be performed to ensure that the desired capture file is available in the Local Management interface (LMI) for this event only?
in the Default IPS Object.
Which other action needs to be performed to ensure that the desired capture file is available in the Local Management interface (LMI) for this event only?
A. Select “Log With Raw†on the FTP_Get signature that was enabled.
B. Configure “Capture Connection†on the Response tab for the Default IPS Object.
C. Enable the tools>capture>pinterface from the command line filtering by FTP_Get event.
D. Configure “Capture Connection†on the Response tab for an IPS Event Filter Policy rule for FTP_Get event.
Answer: A
Question #8 (Topic: Topic 1)
A Security Administrator want to block access to streaming video on a news website.
Which object should be used and how should it be configured?
Which object should be used and how should it be configured?
A. Use an IP Reputation object with the streaming video option enabled.
B. Use a URL Category object with the News/Magazine category enabled.
C. Use a Web application object with the stream/download action for the website.
D. use a URL Category object with the News/Magazine category enabled and a Non-Web application with video streaming protocols.
Answer: C
Question #9 (Topic: Topic 1)
A System Administrator wants to create an IPS Policy using X-Force recommended signatures, but does not want any signatures to be used in a blocking mode.
Which configuration option within the IPS Policy will provide this capability?
Which configuration option within the IPS Policy will provide this capability?
A. Edit the IPS Policy object and uncheck ‘Enable X-Force Protection Level Blocking’.
B. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘None’.
C. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘Moderate’.
D. Edit the IPS Policy object and set ‘Enable X-Force Protection Level Signatures’ to ‘Aggressive’.
Answer: B
Question #10 (Topic: Topic 1)
A System Administrator of a banking organization has become aware of some malicious traffic to its IBM Security Network Protection (XGS) appliance. The logs
show patters of Denial of Service (DoS) attack and a lot of encrypted packets targeted to the M.1 port of the XGS appliance coming from an internal laptop IP
address.
What should the System Administrator do next?
show patters of Denial of Service (DoS) attack and a lot of encrypted packets targeted to the M.1 port of the XGS appliance coming from an internal laptop IP
address.
What should the System Administrator do next?
A. Configure Management access policy to restrict access.
B. Configure Inbound SSL policy to inspect and drop such traffic.
C. Configure Management access policy to set the management port as TCP reset port.
D. Configure Network access policy and Intrusion Prevention Policy to block DoS attacks.
Answer: B
