JN0-541 Online Practice Questions and Answers

Which command on the IDP sensor CLI can be used to display the sensor statistics, which policy is installed, and mode of sensor deployment?

A. sctop "s" option

B. sensor statistics can only be displayed from Security Manager GUI

C. scio list s0 sensor stat

D. scio sensor stat

Which statement is true regarding policy installation on an IDP sensor?

A. A policy version is created when a new policy is successfully installed.

B. Thepkid process on the sensor handles the policy installation.

C. Thepolicy.set file is updated on the sensor.

D. The sensor stops processing traffic when the policy is being installed.

If the power is lost to an IDP sensor, which feature allows the traffic to continue to flow through the device?

A. NIC bypass

B. peer port modulation

C. protocol anomaly detection

D. stateful inspection

How does the IDP sensor emulate a honeypot?

A. The sensor will prompt the user for user names and passwords, but does not provide further protocol emulation.

B. The sensor will reply to TCP and UDP connection requests, but will not perform any further protocol emulation.

C. The sensor will reply to TCP connection requests, and emulate the requested protocol.

D. When the sensor receives a TCP SYN request, the sensor will reply with a SYN/ACK.

Which two statements are true about the Enterprise Security Profiler (ESP)? (Choose two.)

A. The ESP indicates when existing hosts or protocols are being used.

B. The ESP indicates which hosts are talking with each other, and which protocols are being used.

C. The ESP provides a summary of protocols and contexts on each host.

D. The ESP indicates when a specific machine has been attacked.

In which three fields does Log Investigator allow you to create reports and view logs? (Choose three.)

A. Time

B. Attack

C. Destination Port

D. Sensor IP Address

Which two statements about ESP are true? (Choose two.)

A. ESP is started try default in IDP version 3.0 or newer.

B. ESP must be configured and started on the IDP Sensor CLI before it is used.

C. ESP must be synchronized manually by the administrator to view the latest data.

D. ESP must be configured and started on each IDP Sensor manually, through the IDP User Interface.

Which method of detection does IDP Sensor use to detect rootkits or Trojans present on internal systems?

A. Protocol Anomaly

B. NetworkHoneypot

C. Stateful Signatures

D. Backdoor Detection

Which three are Predefined reports? (Choose three.)

A. Top Rules

B. Top Attacks

C. Attacks by User

D. Attacks over Time

How can you create a quick report?

A. right-click on an entry in the Log Investigator

B. right-click on a predefined report

C. right-click on an entry in the Log Viewer

D. Quick reports are available in the Dashboard only.