Category: Cisco
Flydumps bring you the best Cisco 642-551 exam preparation materials which will make you pass in the first attempt.And we also provide you all Cisco 642-551 exam updates as Microsoft announces a change in its Cisco 642-551 exam syllabus,we inform you about it without delay.
Exam A
QUESTION 1
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Attackers and hackers can employ social engineering techniques to pose as legitimate people
seeking out information. A few well structured telephone calls to unsuspecting employees can provide a
significant amount of information Incorrect:
A – Is called ‘Access attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’
D – Is called ‘Denial of Service (DOS) attacks’
E – This is an example of social engineering
QUESTION 2
Which communication protocol is used by the administrator workstation to communicate with the CSA MC?
A. SSH
B. Telnet
C. HTTPS
D. SSL
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Management Center for Cisco Security Agent (CSA MC) uses a Secure Sockets Layer (SSL)-enabled web interface.
QUESTION 3
What should be the first step in migrating a network to a secure infrastructure?
A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The development of a security policy is the first step to a secure infrastructure, without this availability of your network will be compromised.
QUESTION 4
Select two ways to secure hardware from threats. (Choose two.)
A. The room must have steel walls and doors.
B. The room must be static free.
C. The room must be locked, with only authorized people allowed access.
D. The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: -Incorrect:
A – Not a required element.
B – Is called ‘Environment Threat mitigation’
QUESTION 5
At which layer of the OSI model does a proxy server work?
A. data link
B. physical
C. application
D. network
E. transport
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A proxy server is an application
QUESTION 6
Which command on the Cisco PIX Security Appliance is used to write the current running config to the Flash memory startup config?
A. write terminal
B. write config
C. write memory
D. write startup config
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect: A – Shows running configuration on screen, like show running-configuration B – No such command D – No such command
QUESTION 7
What is a description of a promiscuous PVLAN port?
A. It has a complete Layer 2 separation from the other ports within the same PVLAN.
B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN.
D. It cannot communicate with other ports.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect:
A – This is called ‘Isolated’
B – This is called ‘Community’
D – No such PVLAN
QUESTION 8
How do you enable a host or a network to remotely access the Cisco IPS/IDS sensor?
A. Configure static routes.
B. Configure dynamic routing.
C. Configure allowed hosts.
D. Configure DHCP.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The Allowed Hosts option enables you to define which IP addresses are allowed to access the sensor via
its management interface.
QUESTION 9
In which version did NTP begin to support cryptographic authentication?
A. version 5
B. version 4
C. version 3
D. version 2
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Version 3 or above is required to support Cryptographic authentication mechanism between peers.
QUESTION 10
What must be configured on a network-based Cisco IDS/IPS to allow to monitor traffic?
A. Enable rules.
B. Enable signatures.
C. Disable rules.
D. Disable signatures.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 11
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
These attacks are when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny services or access to networks, systems, or services.
Incorrect:
A – Is called ‘Access attacks’
B – Is called ‘Reconnaissance attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’
QUESTION 12
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN?
A. remote-access VPN
B. overlay VPN
C. WAN-to-WAN VPN
D. site-to-site VPN
E. SSL VPN
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Site-to-site VPNs can be deployed using a wide variety of Cisco VPN Routers. Cisco VPN routers provide
scalability through optional encryption acceleration. The Cisco VPN router portfolio provides solutions for
small office and home office (SOHO) access through centralsite VPN aggregation. SOHO solutions include
platforms for fast-emerging cable and DSLaccess technologies.
Incorrect:
A – This VPN solution connects telecommuters and mobile users securely and cost-effectively to corporate
network resources from anywhere in the world over any access technology.
QUESTION 13
Which method of mitigation packet-sniffer attacks is most cost effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Cryptography: Rendering packet sniffers irrelevant is the most effective method for countering packet sniffers. Cryptography is even more effective than preventing or detecting packet sniffers. If a communication channel is cryptographically secure, the only data a packet sniffer detects is cipher text (a seemingly random string of bits) and not the original message.
QUESTION 14
Which encryption method uses a 56-bit to ensure high-performance encryption?
A. 3DES
B. AES
C. RSA
D. DES
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Incorrect: A – 3DES 3*56bits B – Advanced Encryption Standard C – It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography.
QUESTION 15
In which Cisco Catalyst Series switches can the Firewall Service Modules be installed?
A. Catalyst 2900 and 3500 XL Series
B. Catalyst 1900 and 2000 Series
C. Catalyst 4200 and 4500 Series
D. Catalyst 6500 and 7600 Series
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
QUESTION 16
Which protocol does the Cisco Web VPN solution use?
A. SSH
B. Telnet
C. SSL
D. IPSec
E. XML
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/ networking_solutions_sub_solution_home.html
QUESTION 17
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Probe phase: The attacker identifies vulnerable targets in this phase. The goal of this phase is to find computers that can be subverted. Internet Control Message Protocol (ICMP) ping scans are used to map networks, and application port scans identify operating systems and vulnerable software. Passwords can be obtained through social engineering, a dictionary attack, a brute-force attack, or network sniffing. Incorrect: A – Phase 2 B – Phase 4 C – Phase 3 D – Phase 5
QUESTION 18
What are the three types of private VLAN ports? (Choose three.)
A. typical
B. isolated
C. nonisolated
D. promiscuous
E. community
F. bridging
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
Explanation:
There are three types of PVLAN ports:
Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and
community ports within a PVLAN.
Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN,
but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from
promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports. Community:
Community ports communicate among themselves and with their promiscuous ports. These interfaces are
separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.
QUESTION 19
What is considered the main administrative vulnerability of Cisco Catalyst switches?
A. SNMP
B. Telnet
C. Poor passwords
D. Poor encryption
Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explantion:
By default, a Cisco switch shows the passwords in plaintext for the following settings in the configuration
file: the .enable. password, the username password, the console line and the virtual terminal lines.
Using the same password for both the enable secret and other settings on a switch allows forpotential
compromise because the password for certain settings (for example, telnet) may be in plaintext and can be
collected on a network using a network analyzer. Also, setting the same password for the .enable secret.
passwords on multiple switches provides a single point of failure because one compromised switch
endangers other switches.
QUESTION 20
Click and drag the four steps to mitigating worm attacks in order from step 1 to steep 4.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
1.
Containment: Contain the spread of the worm inside your network and within your network. Compartmentalize parts of your network that have not been infected.
2.
Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.
3.
Quarantine: Track down each infected machine inside your network. Disconnect, remove, or block
infected machines from the network.
4.
Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
Flydumps is ready to provide Cisco 642-551 candidates with Cisco 642-551 training materials which can be very much helpful for getting Cisco 642-551 certification, which means that candidates.Cisco 642-551 can easily get access to the services of Cisco 642-551 for practice exam, which will assure them 100% Cisco 642-511 success rate.Though Cisco642-551 tests are not easy at all, but they do not make Cisco 642-551 things complicated.
100% Valid And Newest–Do not worry about your Cisco 642-513 exam! Just try Flydumps the latest Cisco 642-513 exam dumps.The latest new version with all the official new added Cisco 642-513 questions and answers.High pass rate and money back
Exam A
QUESTION 1
Which of these is a reason for using groups to administer Agents?
A. to link similar devices together
B. to complete configuration changes on groups instead of hosts
C. to complete the same configuration on like items
D. to apply the same policy to hosts with similar security requirements
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which three items make up rules? (Choose three.)
A. variables
B. applications
C. application classes
D. rule modules
E. policies
F. actions
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which action do you take when you are ready to deploy your CSA configuration to systems?
A. select
B. clone
C. deploy
D. generate rules
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Which one of the five phases of an attack attempts to become resident on a target?
A. probe phase
B. penetrate phase
C. persist phase
D. propagate phase
E. paralyze phase
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What is the purpose of the Audit Trail function?
A. to generate a report listing events matching certain criteria, sorted by event severity
B. to generate a report listing events matching certain criteria, sorted by group
C. to generate a report showing detailed information for selected groups
D. to display a detailed history of configuration changes
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
In which type of rules are network address sets used?
A. COM component access control rules
B. connection rate limit rules
C. network access control rules
D. file control rules
E. file access control rules
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which three of these does the buffer overflow rule detect on a UNIX operating system, based on the type of memory space involved? (Choose three.)
A. location space
B. stack space
C. slot space
D. data space
E. heap space
F. file space
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When should you use preconfigured application classes for application deployment investigation?
A. never
B. always
C. only for specific applications
D. only when applications require detailed analysis
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 10
Which systems with specific operating systems are automatically placed into mandatory groups containing rules for that operating system? (Choose three.)
A. OS2
B. HPUX
C. Solaris
D. Mac OS
E. Linux
F. Windows
Correct Answer: CEF Section: (none) Explanation Explanation/Reference:
We provide Cisco 642-513 help and information on a wide range of issues.Cisco 642-513 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-513 free to send us any questions and we always try our best to keeping our Customers Satisfied.
Flydumps offers the first-hand Cisco 642-513 exam real questions and answers, by train the latest Cisco 642-513 PDF and VCE dumps, you will well prepare for the Cisco 642-513 exam. Visit Flydumps.com to get free new version for training.
Exam A
QUESTION 1
Certkiller chose the Cisco CSA product to protect the network against the newest attacks. Cisco Security Agent provides Day Zero attack prevention by using which of these methods?
A. Using signatures to enforce security policies
B. Using API control to enforce security policies
C. Using stateful packet filtering to enforce security policies
D. Using algorithms that compare application calls for system resources to the security policies
E. None of the above
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Because Cisco Security Agent analyzes behavior rather than relying on signature matching, it never needs updating to stop a new attack. This zero-update architecture provides protection with reduced operational costs and can identify so-called “Day Zero” threats.” At a high level, Cisco(r) Security Agent is straightforward. It intercepts system calls between applications and the operating system, correlates them, compares the correlated system calls against a set of behavioral rules, and then makes an “allow” or”deny” decision based on the results of its comparison. This process is called INCORE, which stands for intercept, correlate, rules engine. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_white_paper0900aecd8020f448.shtml
QUESTION 2
Certkiller has implemented the CSA product to provide security for all of their devices. For which layers of the OSI reference model does CSA enforce security?
A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Security Agent provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. The Cisco Security Agent consolidates endpoint security functions in a single agent, providing:
1.
Host intrusion prevention
2.
Spyware/adware protection
3.
Protection against buffer overflow attacks
4.
Distributed firewall capabilities
5.
Malicious mobile code protection
6.
Operating-system integrity assurance
7.
Application inventory
8.
Audit log-consolidation
This provides security for endpoints at the network layer (layer 3) through the application layer (layer 7).
QUESTION 3
The CSA architecture model is made up of three major components. Which three are they? (Choose three)
A. Cisco Trust Agent
B. Cisco Security Agent
C. Cisco Security Agent Management Center
D. Cisco Intrusion Prevention System
E. An administrative workstation
F. A syslog server
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation: The CSA MC architecture model consists of a central management center which maintains a database of policies and system nodes, all of which have Cisco Security Agent software installed on their desktops and servers. The agents themselves, and an administrative workstations, combined with the Management Center, comprise the three aspects of the CSA architecture. Agents register with CSA MC. CSA MC checks its configuration database for a record of the system. When the system is found and authenticated, CSA MC deploys a configured policy for that particular system or grouping of systems.
Preparing Cisco 642-513 exam is not difficult now.You can prepare from Cisco 642-513 Certification or Cisco 642-513 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-513 study material notes for test preparation.Latest Cisco 642-513 study material available.
Where To Download New Free Cisco 642-511 VCE Exam Dumps? As we all know that new Cisco 642-511 exam are difficult to pass, but if you get the valid Cisco 642-511 exam questions, you will pass the Cisco 642-511 exam easily. Nowdays, Flydumps has published the newest Cisco 642-511 exam dumps with free vce test software and pdf dumps, by training the Flydumps Cisco 642-511 questions, you will pass the exam easily!
Exam A
QUESTION 1
When using an Inline-Power enabled Catalyst Switch, which pins are used to supply Inline-Power to an IP Phone?
A. Pins 1, 2, 3, and 6
B. Pins 1, 2, 5, and 6
C. Pins 2, 4, 6, and 8
D. Pins 3, 4, 7, and 8
E. Pins 4, 5, 7, and 8
Correct Answer: A
QUESTION 2
When using a Cisco Inline-Power Patch-Panel, which pins are used to supply Inline-Power to the IP Phone?
A. Pins 1, 2, 3, and 6
B. Pins 1, 2, 5, and 6
C. Pins 2, 4, 6, and 8
D. Pins 3, 4, 7, and 8
E. Pins 4, 5, 7, and 8
Correct Answer: E
QUESTION 3
You are a network administrator at Certkiller . Your newly appointed Certkiller trainee wants to know what protocol IP Phone uses to learn the Voice VLAN ID it should use for Voice traffic.
What will your reply be?
A. Skinny Station Protocol
B. 802.1q
C. LLQ
D. VTP
E. CDP
Correct Answer: E
QUESTION 4
You are the network administrator at Certkiller . Your newly appointed Certkiller trainee wants to know what MailStore options are supported in Unity version 2.4.6.
What will your reply be?
A. MS Mail
B. Domino
C. Exchange 2000
D. Exchange 5.5
E. None of the above
Correct Answer: D
QUESTION 5
You are a network administrator at Certkiller . Certkiller has a Unity3.0/ and Exchange 2000 system. Which of the following attributes will be stored in Active Directory? (Choose three.)
A. Transfer Type (Supervised, Release to switch)
B. Location ID
C. Alternate Extensions
D. Recorded Name
E. All of the above
Correct Answer: BCD
QUESTION 6
You are a network administrator at Certkiller . Your newly appointed Certkiller trainee wants to know what Network Management Server (NMS) application she can use to monitor Voice quality by polling the SNMP MIB for MQC.
What will your reply be?
A. Voice Health Monitor
B. Quality of Service Policy Manager
C. Internetwork Performance Monitor
D. Resource Manager Essentials
E. None of the above
Correct Answer: C
QUESTION 7
You are the network administrator at Certkiller . The Certkiller network and the complete MPLS router QoS configuration is shown in the following exhibit:
The LAN switches (and any other equipment in the cloud) do not mark or remark the packets.
With regard to the QoS configuration in the exhibit, when IP Phone A calls IP Phone B, how will the voice and signalling packets be marked by the time they arrive at IP Phone B?
A. Voice: IP Precedence 5: Signaling 3
B. Voice: DSCP AF ; Signaling : DSCP EF31
C. Voice: IP Precedence 5; Signaling 3: 0
D. Voice: DSCP EF; Signaling : DSCP EF31
E. Voice: DSCP EF; Signaling : 0
Correct Answer: D
QUESTION 8
You are a network administrator at Certkiller . Your newly appointed Certkiller trainee wants to know what protocol an IP Phone uses to learn the IP Address of its TFTP Server.
What will your reply be?
A. CDP
B. OSPF
C. HSRP
D. EIGRP
E. DHCP
Correct Answer: E
QUESTION 9
With regard to jitter, which of the following statements are true?
A. Jitter is the variation from the time that a packet is expected to be received and when it is actually received. Voice devices have to compensate for jitter by setting up a playout buffer to accept voice in a smooth fashion and avoid discontinuity in the voice stream.
B. Jitter is the actual delay from the time that a packet is expected to be transmitted and when it actually is transmitted. Voice devices have to compensate for jitter by setting up a playin buffer to play back voice in a smooth fashion and avoid discontinuity in the voice stream.
C. Jitter is the actual delay from the time that a packet is expected to be transmitted and when it actually is transmitted. Voice devices have to compensate for jitter by setting up a playout buffer to play back voice in a smooth fashion and avoid discontinuity in the voice stream.
D. Jitter is the variation from the time that a packet is expected to be received and when it is actually received. Voice devices have to compensate for jitter by setting up a playin buffer to accept voice in a smooth fashion and avoid discontinuity in the voice stream.
Correct Answer: A
QUESTION 10
You are a network administrator at Certkiller . Your newly appointed Certkiller trainee wants to know what the differences between Type of Service (ToS) and Class of Service (CoS) are.
What will your reply be? (Choose two.)
A. CoS allows a class based access to the media, but ToS prioritizes this access according to the precedence bit.
B. CoS is a field in the IP header, but ToS is evaluated by the routing protocol.
C. CoS is a Layer 2 mechanism, but ToS is a Layer 3 mechanism.
Correct Answer: AC
Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Cisco 642-511 helps you master the concepts and techniques that will enable you to succeed on the Cisco 642-511 exam the first time.
New VCE and PDF– If you want to pass Cisco 642-501 exam successfully,do not miss to test Cisco latest Cisco 642-501 brain dumps.All Cisco 642-501 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.
Exam A
QUESTION 1
Exhibit: servicepassword-encryption ! aaa new-model aaa authentication login default line aaa authentication login nologin name aaa authentication login admin tacacs+ enable aaa authentication ppp default tacacs+ ! enable secret 5 $1$WogB$7.0FLEFgB8Wp.C9eqNX9L/ !! interface Group-Async ip unnumbered Loopback0 ip tcp header-compression passive encapsulation ppp async mode interactive John at Certkiller Inc. is looking at this configuration to figure out what method authenticates through the vty port. Which method is correct?
A. no access permitted
B. line password
C. no authentication required
D. default authentication used
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Enabling Authentication for LoginUsing the aaaauthentication logincommand and the following keywords,
you create one or more lists of authentication methods that are tried at login. The lists are used with the
login authenticationline configuration command.
Enter the following command in global configuration mode to enable authentication for login:
Switch# aaa authentication login {default |list-name} method1 […[method3]]The keyword list-name is any
character string used to name the list you are creating. The method keyword refers to the actual method
the authentication algorithm tries, in the sequence entered. You can enter up to three methods:
Reference: http://www.cisco.com/en/US/products/hw/switches/ps637/ products_configuration_guide_chapter09186a008007 f03
QUESTION 2
James the administrator on Certkiller is trying to figure out which router table is modified or prevented from updating, if a rerouting attack occurs. (Choose one)
A. ARP
B. address
C. bridging
D. routing
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Route filters can be set up on any interface to prevent learning or propagating routing information
inappropriately. Some routing protocols (such as EIGRP) allow you to insert a filter on the routes being
advertised so that certain routes are not advertised in some parts of the network.
Reference:
Managing Cisco Network Security (Ciscopress) page 233
QUESTION 3
Brain the security administrator is in charge of creating a security policy for Certkiller Inc. Which two statements about the creation of a security policy are true? (Choose two)
A. It helps Chief Information Officers determine the return on investment of network security at Certkiller Inc.
B. It defines how to track down and prosecute policy offenders at Certkiller Inc.
C. It helps determine which vendor security equipment or software is better than others.
D. It clears the general security framework so you can implement network security at Certkiller Inc.
E. It provides a process to audit existing network security at Certkiller Inc.
F. It defines which behavior is and is not allowed at Certkiller Inc.
Correct Answer: EF Section: (none) Explanation
Explanation/Reference:
Explanation:
Reasons to create a network security policy:
1.
Provides a process to audit existing network security
2.
Provides a general security framework for implementing network security
3.
Defines which behavior is and is not allowed
4.
Often helps determine which tools and procedures are needed for the organization
5.
Helps communicate consensus among a group of key decision-makers and defines responsibilities of users and administrators
6.
Defines a process for handling network security incidents
7.
Enables global security implementation and enforcement
8.
Creates a basis for legal action if necessary
Reference:
Managing Cisco Network Security (Ciscopress) page 43
QUESTION 4
Johnthe administrator at Certkiller Inc. is working on securing the router passwords. Which IOS command encrypts all clear text passwords in a router configuration?
A. service password-encryption
B. service password md5
C. encrypt passwords
D. enable password-encryption
E. service password-encrypted
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
servicepassword-encryption To encrypt passwords, use the service password-encryption global
configuration command. Use the no form of this command to disable this service.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/
products_command_summary_chapter09186a00800 d9c26.ht
QUESTION 5
Johnthe administrator wants to know which type of key exchange mechanism is Diffie-Hellman.
A. Private key exchange
B. RSA keying
C. Public key exchange
D. AES key exchange
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Diffie-Hellman is used to securely exchange public keys so that shared secret keys can be securely
generated for use as DES keys.
Reference:
Managing Cisco Network Security (Ciscopress) page 467
QUESTION 6
John the security administrator for Certkiller Inc. needs to identify three character mode access methods. Choose three character mode access methods.
A. ppp
B. tty
C. vty
D. async
E. acl
F. aux
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
Explanation:
AAA and Character-Mode Traffic – AAA secure character-mode traffic during login sessions via the lines”
1.
Aux
2.
Console
3.
TTY
4.
VTY
Reference:
Managing Cisco Network Security (Ciscopress) page 113
QUESTION 7
Kathy the security administrator for Certkiller Inc. is working on defending the network.
One of the attacks she is working to defend is SYN flooding and is looking to know which Cisco IOS
feature defends against SYN flooding DoS attacks.
A. Route authentication
B. Encryption
C. ACLs
D. TCP intercept
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The TCP intercept feature in Cisco IOS software protects TCP servers from SYN-flooding attacks, a type
of DoS attack.
Reference:
Managing Cisco Network Security (Ciscopress) page 239
QUESTION 8
The security team at Certkiller Inc. was asked the question, what attack is most often used in social engineering. They all answered this wrong. What is the correct answer?
A. Session fragment
B. Unauthorized access
C. Data manipulation
D. Malicious applets
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Social engineering is when someone attempts to manipulate others to access information or access
without authorization. Social engineering has many levels, but they all have the same goal of gaining
unauthorized information or access.
QUESTION 9
Jason the security administrator Certkiller Inc. wants to know by default, how long does a router wait before terminating an unattended line connection?
A. 5 minutes
B. 10 minutes
C. 20 minutes
D. 30 minutes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
In the page 76 of the MCNS book you see the right data is 10 minutes.
QUESTION 10
Which of the following are Cisco firewall features? (Choose three.)
A. PIX firewall
B. authentication proxy
C. flash memory
D. CBAC
E. stateful failover
F. IDS
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IOS firewall feature set was first introduced as CiscoSecure Integrated Software (CSIS). The
Cisco IOS firewall overview lists the following features:
1) Standard and extended access lists
2) Dynamic access lists
3) Reflexive access lists
4) System auditing
5) TCP intercept
6) Java blocking
7) Context-based access control – CBAC examines traffic passing through the firewall at all layers (up to
the application layer). CBAC is used to generate dynamic accesslists.
8) Cisco IOS firewall IDS.
9) DoS mitigation
10) Authentication proxy – Authentication proxy is used to proxy authentication requests to AAA server.
This allows authentication to occur on a per-user basis.
11) Network Address Translation
12) IPSec network security
13) Neighbor router authentication
14) Event logging
15) User authentication and authorization
6) Real-time alerts
Reference:
CCSP SECUR exam certification guide p.69-70
QUESTION 11
Which of the following IOS commands will you advice the Certkiller trainee technician to use when setting the timeout for router terminal line?
A. exec-timeout minute [seconds]
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds]
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
http://www.cisco.com/warp/public/793/access_dial/comm_server.html
QUESTION 12
What is another name for packet mode when working in a NAS environment?
A. Interface
B. PPP
C. CTY
D. Async
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
http://www.cisco.com/warp/public/707/32.html
QUESTION 13
Which of the following represents the two files that are necessary to run SDM on a Cisco Router? (Select two)
A. secure.shtml
B. sdm.shtml
C. sdm.exe
D. sdm.tar
E. home.tar
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The answer are B sdm.shtml and D sdm.tar Do show flash on cisco router sdm the single files available
are sdm.tar, sdm.shtml and sdmconfig.cfg All these fiel are necessary to run the SDM on the router,
instead of the SDM.exe is to install the application on router but not to run the application
CCSP Self-Study Securing Cisco IOS Network (Secur) CiscoPress.comJohn F Roland Page 541
Note:
Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdm.tar flash:
Router# copy tftp://<tftp server IP address>/sdm.shtml flash:
Router# copy tftp://<tftp server IP address>/home.tar flash:
Router# copy tftp://<tftp server IP address>/home.html flash
QUESTION 14
Choose the command that you will advice the new Certkiller trainee technician to use to verify that SDM has been installed on a Cisco router.
A. show manager
B. show version
C. show flash
D. show sdm
E. show running-config
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
The quickest test is to connect your PC to the lowest-numbered Ethernet port with a cross-over cable and browse to http://<router ip-address> and see if Cisco SDM launch point is present on the resulting web page. If you have a Cisco 83x, 1701, 1710, 1711, or 1712 router, configure the PC to obtain an IP address automatically. If you have any other supported router, configure the PC with the static IP address 10.10.10.2. Alternatively, you can use the CLI to check that the Cisco SDM files are present in the router Flash memory: enter show flash and look for the Cisco SDM file set: sdm.tar, sdm.shtml, sdmconfig-xxxx.cfg. If the files are present, then confirm that the router configuration is set to support Cisco SDM. The configuration requirements are explained in the document Downloading and Installing SDM.
QUESTION 15
Which of the following protocols can you use to provide secure communications between a target router and SDM? (Select two.)
A. HTTPS
B. RCP
C. Telnet
D. SSH
E. HTTP
F. AES
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Cisco SDM communicates with routers for two purposes: to access the Cisco SDM application files for download to the PC and to read and write the router configuration and status. Cisco SDM uses HTTP(s) to download the application files to the PC. A combination of HTTP(s), Telnet/SSH is used to read and write the router configuration.
QUESTION 16
Which of the following actions can you take to prevent newly configured commands from being sent to a target router?
A. delete
B. remove
C. undo
D. clear-commands
E. refresh
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
To send the commands, you have to do a Deliver. However, if you do a refresh, then the router is polled and the current configuration on the router is brought back to the SDM and any changes that were not yet delivered would be lost. Therefore, the answer is REFRESH – E
QUESTION 17
Which one of the following actions can you take to enable SDM generated commands to reach the target router?
A. You could refresh.
B. You could save.
C. You could deliver.
D. You could download.
E. You could copy-config.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
If you are working in Advanced mode, you must save your work by clicking the Deliver button on the SDM toolbar. The Deliver window allows you to preview the commands that you are sending to the router, and allows you to specify that you want the commands saved to the router’s startup configuration.
QUESTION 18
Which of the following URLs is used to securely access SDM on a router with an IP address of 10.0.5.12?
A. https://10.0.5.12/flash/sdm.tar
B. https://10.0.5.12/flash/sdm.html
C. https://10.0.5.12/flash/sdm.shtml
D. https://10.0.5.12/flash/sdm
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Start SDM SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router
archive, which then loads the signed SDM Java file. To launch SDM:
——————————— Step 1 From your browser, type in the following universal resource locator (URL):
https://<router IP address> https://… specifies that the Secure Socket Layer (SSL) protocol be used for a
secure connection
QUESTION 19
What is the maximum amount of routers SDM can manage simultaneously?
A. 1
B. 5
C. 50
D. 100
E. determined by router model
F. all of the above
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
One. Cisco SDM is a tool for configuring, managing, and monitoring a single Cisco router. Each Cisco router is accessible with its own copy of Cisco SDM.
QUESTION 20
Which of the following is the minimum IOS release that is capable of supporting SDM?
A. 11.2
B. 12.0
C. 12.1
D. 12.2
E. 6.1
Correct Answer: D Section: (none) Explanation
QUESTION 21
How many devices can Cisco SDM administer?
A. 1
B. 2
C. 3
D. 4
E. There is no limit.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Cisco SDM is a tool for configuring, managing, and monitoring a single Cisco router. Each Cisco router is accessible with its own copy of Cisco SDM.
QUESTION 22
Which of the following configurations restricts telnet access to a router by requiring the password cisco?
A. line vty 0 4 login cisco
B. line vty 0 4 set password cisco login
C. line vty 0 4 password cisco login
D. line vty 0 4 set login set password cisco
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
To restrict telnet access to a Cisco router, you must configure the virtual terminal lines (VTY) that telnet
uses.
Require a login with the login line configuration command (enabled on vty lines by default). You must also
set a password with the password (password) line configuration command, or remote user telnet
connections will be refused, informing them that a login is required, but no password is set.
QUESTION 23
Which of the following commands encrypts all router passwords?
A. service config-passwords
B. service running-encryption
C. service password-encryption
D. service encrypt-passwords
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Using the global configuration command service password-encryption, causes all passwords to be
encrypted so they are unreadable when the router configuration is viewed.
QUESTION 24
Which of the following configuration register values will allow a Cisco router to go immediately into ROM mode at any time during a routers operation?
A. 0x2101
B. 0x2002
C. 0x2210
D. 0x2102
Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation:
If bit 8 of the configuration register is off (0x2002) the router can be sent directly into ROM mode at any
time if the break key is issued, losing the running configuration. If bit 8 is turned on (0x2102), the break key
can only be issued within the first 60 seconds of router boot up.
QUESTION 25
By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
By default, the Cisco IOS Firewall will fire an alarm for a spam attack if an email contains 250 or more
recipients.
QUESTION 26
Which of the following AAA security server protocols can the IOS Firewall support? Select all that apply.
A. MD5
B. RSA Signatures
C. TACACS+
D. RADIUS
E. CA
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation:
The IOS Firewall can communicate with a AAA server running either RADIUS or TACACS+.
QUESTION 27
What is the default mode TCP Intercept operates in?
A. intercept
B. aggressive
C. 3-way
D. responsive
E. watch
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: TCP Intercept can be in either intercept mode or passive watch mode. In intercept mode, each TCP SYN packet will be intercepted and responded to on behalf of the server it is protecting. With passive watch mode, TCP Intercept monitors the connection to the server to make sure the connection becomes complete. If the server cannot complete the connection within a configurable time period, TCP Intercept will send a reset packet to the server, clearing up the server’s resources.
QUESTION 28
What is the range of the number of characters the IOS enable secret password can be?
A. 1-20
B. 1-25
C. 4-24
D. 4-30
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
An IOS enable secret password must be between 1 and 25 characters long. The first character cannot be
a number.
QUESTION 29
Which of the following commands enables TCP Intercept?
A. tcp intercept enable
B. ip tcp intercept enable
C. ip tcp intercept enable list
D. ip tcp intercept list
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
To enable TCP Intercept define an access list for hosts you want to protect, then reference that list with the
ip tcp intercept list (list) command.
QUESTION 30
What must you change the configuration register value to, when you need to perform password recovery on a router?
A. 0x2102
B. 0x2142
C. 0x2241
D. 0x2410
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Setting the configuration register value to 0x2142 will force the router upon a reboot, to boot the image
from flash, but to ignore the startup configuration. This allows you to set an enable secret, then to copy the
running configuration to the startup configuration, thus performing password recovery.
Cisco 642-501 Interactive Testing Engine is an engine that can be downloaded and installed on your PC. This Cisco 642-501 is not only advanced and equipped with much more features, it is also not internet dependent, once installed.It enables you to see Interconnecting Cisco Networking Devices Part 1 questions and answers in a simulated Cisco 642-501 exam environment. Working with Cisco 642-501 Interactive Testing Engine is like passing an actual Cisco 642-501 exam.