Share your IPS v7.0 Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the IPS v7.0 exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the IPS v7.0 642-627 exam, your materials, the way you learned, your recommendations…
Yes is the same LAP. don’t afraid I tell you go ahead
@Mohammed: I have sent u P4S for ASA
Dear Syed,
Thanks for your help but am not able to download please can you send it to me by 4shared
Appreciate.
Hi, syed
can u send me the PS4 about ASA? E-mail bhattacharya1988@gmail.com
@syed,
Any update.
What is the passing score is it 800 or 769?
Cleared with 886 marks..Dump is 100% valid except sim & Hotspot not given in the dump but its very easy..Thanks everyone…
Congrats Sayed — which dump do you think is best? I will remake this one as much as I can.
dumps available on examcollection with 80 questions, r u the same who recently cleared SECURE?
Thanks — yes — we cleared Secure now – everyone was in the mid-to high 900′s. Looks like IPS will be more like high 800′s…. hope we can break that
If anyone is planning to take this test soon please email me at
tutschips@hotmail.com
We have some updated information that needs verification in a real test — confident it will help people get over 900 for the test where it seems most people max at 886 right now. Cheers Chips
Hello Steak&Chips how are you? What’s up for the preparation of the exam?
Hey Zahoor,
We have the new IPS official book and there is some obvious wrong answers in the dumps.
Switch based HA for one: Etherchannel and STP are the correct answers.
Email me for the a in progress .vce to trial out. Chips
Dear Syed,
Congratulation still im not get the p4s kindly can you help me in this thanks for your all.
Hello Steak, can you please share with me the work you have done so far at: zahoor.mirza@gmail.com ?
One more thing, can I take the exam of CCNA-Security after passing all the exams of CCNP-Security ?
Thanking you in advance for your effort.
I would recommend that you clear CCNA Security before doing anything else. It is very easy and only took me 1 week of study with CBT Nuggets and the Official Guide + Dumps to clear it with a 1000. Lab can be practiced in Packet Tracer as well.
Email is inbound.
right answer seems to me:
Question
Which three statements about the Cisco IPS appliance normalizer feature are true? (Choose three)
answer
- cannot analyze asymmetric traffic flows (answer test…for me is incorrect)
- modifies ambiguously fragmented IP traffic (correct seems t me) Vol. 2 Pag. 3-7
right answer seems to me:
Question
Which three statements about the Cisco IntelliShield Alert Manager are true? (Choose three)
Answer
The built-in workflow system provides a mechanism for tracking vulnerability remediation and integration with Cisco Security Manager and Cisco Security MARS (for me is incorrect)
Alert analysis is vendor-neutral (correct seems to me) Vol. 3 Pag. 5-122
Agreed Ale. I would choose fragmented traffic over asymmetric. This was changed in updated .vce.
The Official Guide and other documentation states that the IPS appliance can do asymmentric flows but the NORMALIZER Engine will have degraded performance. This is where the virtual sensor comes in where you have load-balancing and return traffic coming in on a separate interface. The virtual sensor can treat the two interfaces as a single source.
Also agreed on the this question as well. Also have updated that one in the .vce with references to the documentation online about this.
If it was just : The built-in workflow system provides a mechanism for tracking vulnerability remediation. > then it would be correct.
This is one question that we cannot get a clear result on
What is a best practice to follow before tuning a Cisco IPS signature?
A: Disable all the alert actions on the signature to be tuned.
> this is the only option that is mentioned clearly in the Official Guide
B: Disable the signature to be tuned.
> is mentioned for reducing false positives but not really for tuning any signature
C: Create a clone of the signature to be tuned.
> not mentioned anywhere online or in the official guide + only refers to cloning a policy.
Any thoughts either way?
right answer seems to me:
Question:
Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two)
2) Increase the maximum inter-event interval of the signature (answer by test)
3) Enable verbose alerts using event action overrides (rcorrect to me Vol.2 Pag 4-56, Item 2)
Yes agreed on this one as well – no mention of inter-event intervals.
I can send you an updated .vce will all these in it if you wish….and improved understanding of the LAB as well as simlet.
ok Steak&Cheap. Please send me to: deleuze_guattari@yahoo.com
Thanks a lot
sorry …Steak&Chips not Steak&Cheap..
Ale
no problems — but the email address bounced — please email tutschips@hotmail.com and I will reply.
sent
@Steak&Chips.
Please can you send me security 642-617 Exam to my Email Thanks.
mohammed11130@yahoo.com
sorry the Email is mohammed_11130@yahoo.com
Hi All,
I am just about to start the track for CCSP, any recommendations for which exam to start first and also for practice with labs.
Thanks for any responses.
Hi Tigger,
CCSP is no longer available – it is now CCNP Security with the 642-6xx exams.
You need CCNA + CCNA Security then I would recommend Secure 637, IPS 627 and whichever one you like with Firewall 617 and VPN 647.
You can do almost everything on GNS3 – the IPS is the hard one. Gigavelocity is a good service as well.
Hi all! Can anybody share official cert guide for ips 7.0? As i know it is released. Also searching for cbt nuggets update video. I just found quick reference for new exam.
Hi All ,
Am planning to write IPS 7.0 exam anybody help me with hot spot Q&A . Please mail to pavan.rambatla@gmail.com
Hi Steak&Chips ,
Colud please post the IPS 7.0 hot spot Q& A . am planning to give this exam by next week.
Thanks & Regards,
Pavan.
Hi Steaks ,
Thanks for ur prompt response.
Regards,
Pavan
Enough people have passed now with 900+ that I have published the updated VCE
http://www.examcollection.com/cisco/Cisco.ActualTests.642-627.v2011-11-16.by.Chips.76q.vce.file.html
Could still be some errors so check all questions carefully. Also the lab is better defined now.
DId the exam today, one simulation exactly like in the chips dump and used ejg dumps no new questions.
Yesterday I passed it with 958 (60 questions min score 783)
I’ ve changed 2 answer:
In the exibit about scanner threshold I’ ve choose the answer:
“From a single source you do not expect to see non established connections to more than 120 different destination IP address”
In the question “In which 3 ways can you cachieve better Cisco IPS appliance performance”
I’ ve choose
A, B, D
Regards Ale
Hi Ale, what dump did you use?
Regards
Gabriel
Hi Gabriel, I used the dump Steak&Sheap has posted 22 on november
Regards
Ale
Excellent.
Thank you very much Ale.
Best regards,
Posted a new dump with 3-corrected answers after finding some research/documentation to support change.
Also added selection limiting (i.e. choose 2, cant choose more than 2) on the multiple choice.
It hasnt been posted yet but it will be over at examcollection.
The Q/A’s that I changed can also be seen in the comments of Chip’s 76q dump from 11/16/11 so you can have access to them now (although they’ll be wrong in the exam file).
Just to clarify, its been uploaded to the site, it just hasnt been added to the list yet so please be patient and wait for it or use the comments section from chip’s dump to get the corrected answers. By the time I see any request for me to email it, it will probably already be up on examcollection.
does anyone have the the latest p4sure dump for the exam? please share.
thanks
Please guys. Where can I get CCNP Security IPS 642-627 Official Cert Guide ?
Passed today with 927. Dumps are 100% valid
@Zahoor can you let us know which dumps you use and how many questions was out from it?
There were 60 questions, all were from the dumps. I followed the dumps: http://www.examcollection.com/cisco/Cisco.ActualTests.642-627.v2011-11-16.by.Chips.76q.vce.file.html
Any one is going for exam ?
all question from v2011-11-16.by.Chips.76q.vce.file. I got 9xx on Monday exam.
there were 60 Q.
Dear All Friends,
Is there any official guide for IPS?
pls provide download link for (CBT,Train signal)
Thanks in Advance
@joe, use the old IPS study guide from cisco press:
IPS 642-533
The technology is the same.
If you want to try the IPS Interface you can run it in demo mode which will help familiarize with the exam.
http://www.4shared.com/get/xI1yxiZb/IME-702.html
There were 60 questions, all were from the dumps. I followed the dumps: http://www.examcollection.com/cisco/Cisco.ActualTests.642-627.v2011-11-16.by.Chips.76q.vce.file.html
All Questions were from Dumps
Thanks to Chips, l scored 9xx today.
Finally l am certified CCSP and CCNP Security.
l used :-
http://www.examcollection.com/cisco/Cisco.ActualTests.642-627.v2011-11-16.by.Chips.76q.vce.file.html
100 % valid.
Question on the lab layout:
Is the actual lab a windows GUI based type lab just like on the chips dump?
Or do we have to log into a router and do some configs in there as well?
Thanks for the help and all everyone does on this site. ~ Cheers
Does any one have the CBT Nuggest for CCNP security FIREWALL 642-617? please share the link.
@Canada,
Yes it is a GUI Cisco IDM interface. and no config on any routers.
I need the cbt nuggets for this exam, does anyone have a link for those?
Thanks Chips & Co. Dump still valid for 100%. Passed with 967.
I hope you will encounter CCIE Security sometimes
Does anyone have a soft copy of the CCNP Security IPS 642-627 Official Cert Guide? or a link for a download?
Cheers
chips and everyone, thanks. i passed my 642-627 with 886. i had problem with the labs so i had 74% in the lab section but thanks for everything
Chips Dumps are 100 % valid, Appeared IPS exam yesterday. got 9xx
Thanks for materials
Hi Steak,
Am Karunakar am planning to write my ccna-security could please share the dumps to my mail ID
taritlakarunakar@gmail.com
Hi Karunakar,
You are in the wrong section please try here
http://www.securitytut.com/ccna-security/share-ccna-security-experience
To anyone else – we have finally finished CCNP and will take a break before doing CCIE. So probably last time we check this forum. Good luck to all and please keep the discussion going – feel free to refine and upload your own dumps
Steak & Chips
Does anyone have a copy of the ebook for the IPS exam? If so please post a link or email it to me rr6451999@gmail.com. Thx
Hello, guys I started to study for the IPS and there are no CBT so I start to study with the old 642-533 videos, how much this change from the IPS 7 version? it still use the IDM GUI??? or now questiosn are related to asdm config?
Also if that’s the case can I practice whit the asdm demo mode? I don’t have much experience with IPS and I usually deal with firewalls and vpns on my regular job, so please any advice or answer will be fantastic
Thanks!
I believe C is the correct answer to the following question:
What is a best practice to follow before tuning a Cisco IPS signature?
A. Disable all the alert actions on the signature to be tuned
B. Disable the signature to be tuned
C. Create a clone of the signature to be tuned
D. Increase the number of events required to trigger the signature to be tuned
E. Decrease the attention span (maximum inter-event interval) of the signature to be tuned
I base this on the following two excerpts from the Cisco ILT Guides for IPS v7.0:
Tuning the IPS Sensor to Reduce False Positives
It is important to leave the original signature intact for all hosts that do not trigger false positives with it.
When tuning a signature, clone the problematic signature and tune the copy.
Use event action filters to:
– Remove problematic hosts from the original signature
– Only enable problematic hosts in the copied signature
Tuning the IPS Sensor to Reduce False
Negatives
It is recommended to enable the modified, more general signature for as many hosts as possible.
1. When tuning a signature, clone the problematic signature and tune the copy.
2. Then, disable the original signature and only use the copy.
3. Run the copy in detection mode and tune its false positives, if any.
4. Move the tuned copy to prevention mode, if required.
It appears that Cisco recommends cloning signatures before any tuning occurs.
I have found the link to the PDF for ccnp security ips 642-627 and it has downloaded and opened fine. NO I WILL NOT EMAIL IT TO YOU…Follow the link below
http://search.4shared.com/q/CCAD/1/CCNP%20Security%20IPS%20642-627
Anyone have a clear picture or a way of doing the this SIM on the Exam? I have downloaded the lastest dump, I just want to make sure before taking the exam. Anyone else have anything to contribute to this test? Please advise ~Cheers
same as @Canada, please someone can contribute whit commenst about the sims?
Hello guys, I really need help whit lab and simlet for this test, I’m not an expert on IPS so if someone can post a more detail way to get the lab clear, I don’t have acces to an IPS so I’m trying to stydy whit the ASDM DEMO mode but I don’t know if this will be enough, On the event action override I cannot create the risk level as it requested on the lab
Can someone help me whit this?
Thanks!
Used the recent Chips VCE, tested today 2/10/12. Almost all of the answer orders had been rearranged. One of the Drag and drops had been rearranged.
There were also a few new questions that were not included.
Hi there. How many LAB´s tasks is there in the real exam?
@Kamakiriad
Did you take the test on friday? You are talking about the chips VCE on examcollection?
Hello, Does anyone here have the official certification guide for IPS 642-627 v7.0 ?? Please I need help urgently.
Hello Canada, Thanks I din’t see the link initially. Great find. I work a bit to find it but could not. Thanks again.
finally ccnp-s!. Thanks chip et al. (9.5)
onto ccie security. our true valentine
@pa congrats, I whis you my best on your CCIE track.
Can you please help me whit some advises about this test, specially labs and simlet please!
Thanks!
All questions has been rearranged!!!!!!! Be carefull
@Kamakiriad… Do you remember which drag and drop was re-arranged?
@Ila …Do you remember which drag and drop was re-arranged?
What is everyone using to practice the Sim/Lab? I have the IPS Manager Demo but the CONFIG screen is blank??? Can someone point me in the right direction? I also have the ASDM Demo.
Thanks for your help
I have to take this test in two weeks, does someone have any update regarding this exam? Are the dumps still valid?