New Questions Cisco 642-552 New Questions For Cisco 642-552 ExamNew Questions Cisco 642-552 New Questions For Cisco 642-552 Exam

GOOD NEWS:Flydumps has published the new version with all the new added questions and answers. By training the Cisco 642-552 VCE dumps, you can pass the exam easily and quickly.

Exam A
QUESTION 1
A malicious program is disguised as another useful program; consequently, when the user executes the program, files get erased and then the malicious program spreads itself using emails as the delivery mechanism. Which type of attack best describes how this scenario got started?
A. DoS
B. worm
C. virus
D. trojan horse
E. DDoS
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer’s network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests cannot get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests. A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include
*
attempts to “flood” a network, thereby preventing legitimate network traffic

*
attempts to disrupt connections between two machines, thereby preventing access to a service

*
attempts to prevent a particular individual from accessing a service

*
attempts to disrupt service to a specific system or person Distributed Denial of Service

*
An attacker launches the attack using several machines. In this case, an attacker breaks into several machines, or coordinates with several zombies to launch an attack against a target or network at the same time.

*
This makes it difficult to detect because attacks originate from several IP addresses.

*
If a single IP address is attacking a company, it can block that address at its firewall. If it is 300 00 this is extremely difficult.
QUESTION 2
What is the key function of a comprehensive security policy?
A. informing staff of their obligatory requirements for protecting technology and information assets
B. detailing the way security needs will be met at corporate and department levels
C. recommending that Cisco IPS sensors be implemented at the network edge
D. detailing how to block malicious network attacks
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Developing a strong security policy helps to protect your resources only if all staff members are properly instructed on all facets and processes of the policy. Most companies have a system in place whereby all employees need to sign a statement confirming that they have read and understood the security policy. The policy should cover all issues the employees encounter in their day-to-day work, such as laptop security, password policy, handling of sensitive information, access levels, tailgating, countermeasures, photo IDs, PIN codes, and security information delivered via newsletters and posters. A top-down approach is required if the policy is to be taken seriously. This means that the security policy should be issued and supported from an executive level downward.
QUESTION 3
Which building blocks make up the Adaptive Threat Defense phase of Cisco SDN strategy?
A. VoIP services, NAC services, Cisco IBNS
B. network foundation protection, NIDS services, adaptive threat mitigation services
C. firewall services, intrusion prevention, secure connectivity
D. firewall services, IPS and network antivirus services, network intelligence
E. Anti-X defense, NAC services, network foundation protection
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Computer connected to the Internet without a firewall can be hijacked and added to an Internet outlaw’s botnet in just a few minutes. A firewall can block malware that could otherwise scan your computer for vulnerabilities and then try to break in at a weak point. The real issue is how to make one 99.9% secure when it is connected to in Internet. At a minimum computers need to have firewall, antivirus and anti-spyware software installed and kept up-to-date. A home network that uses a wired or wireless router with firewall features provides additional protection. A computer virus can be best described as a small program or piece of code that penetrates into the operating system, causing unexpected and negative events to occur. A well-known example is a virus, SoBig. Computer viruses reside in the active memory of the host and try to duplicate themselves by different means. This duplication mechanism can vary from copying files and broadcasting data on local-area network (LAN) segments to sending copies via e-mail or an Internet relay chat (IRC). Antivirus software applications are developed to scan the memory and hard disks of hosts for known viruses. If the application finds a virus (using a reference database with virus definitions), it informs the user.
QUESTION 4
DRAG DROP You work as a network administrator at Certkiller .com. Your boss Mrs. Certkiller asks you to match the malicious network attack types with the correct definition.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation:
1.
Reconnaissance: Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack. This phase is also where the attacker draws on competitive intelligence to learn more about the target. The phase may also involve network scanning either external or internal without authorization. This is a phase that allows the potential attacker to strategize his attack. This may spread over time, as the attacker waits to unearth crucial information. One aspect that gains prominence here is social engineering. A social engineer is a person who usually smooths talk’s people into revealing information such as unlisted phone numbers, passwords or even sensitive information. Other reconnaissance techniques include dumpster diving. Dumpster diving is the process of looking through an organization’s trash for discarded sensitive information. Building user awareness of the precautions they must take in order to protect their information assets is a critical factor in this context.

2.
DOS (Denial Of Service) Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer’s network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests cannot get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests.

3.
Brute force The brute force method is the most inclusive – though slow. Usually, it tries every possible letter and number combination in its automated exploration.
QUESTION 5
DRAG DROP You work as a network administrator at Certkiller .com. Your boss Mrs. Certkiller asks you to match signature type with the correct definition.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation:
1.
DOS (Denial Of Service)
Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing
normal services. The most common DoS attacks will target the computer’s network bandwidth or
connectivity. Bandwidth attacks flood the network with such a high volume of traffic, which all available
network resources are consumed and legitimate user requests cannot get through. Connectivity attacks
flood a computer with such a high volume of connection requests, that all available operating system
resources are consumed and the computer can no longer process legitimate user requests.
2.
Exploit
A defined way to breach the security of an IT system through vulnerability.

QUESTION 6
Which of these two ways does Cisco recommend that you use to mitigate maintenance-related threats? (Choose two.)
A. Maintain a stock of critical spares for emergency use.
B. Ensure that all cabling is Category 6.
C. Always follow electrostatic discharge procedures when replacing or working with internal router and switch device components.
D. Always wear an electrostatic wrist band when handling cabling, including fiber-optic cabling.
E. Always employ certified maintenance technicians to maintain mission-critical equipment and cabling.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 7
What are two security risks on 802.11 WLANs that implement WEP using a static 40-bit key with open authentication? (Choose two.)
A. The IV is transmitted as plaintext, and an attacker can sniff the WLAN to see the IV.
B. The challenge packet sent by the wireless AP is sent unencrypted.
C. The response packet sent by the wireless client is sent unencrypted.
D. WEP uses a weak-block cipher such as the Data Encryption Algorithm.
E. One-way authentication only where the wireless client does not authenticate the wireless-access point.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation: The wireless nature and the use of radio frequency for networking makes securing WLANs more challenging than securing a wired LAN. Originally, the Wired Equivalent Privacy (WEP) protocol was developed to address this issue. It was designed to provide the same privacy that a user would have on a wired network. WEP is based on the RC4 symmetric encryption standard and uses either 64-bit or 128-bit key. However, the keys are not really this many bits because a 24-bit Initialization Vector (IV) is used to provide randomness. So the “real key” is actually 40 or 104 bits long. There are two ways to implement the key. First, the default key method shares a set of up to four default keys with all the wireless access points (WAPs). Second is the key mapping method, which sets up a key-mapping relationship for each wireless station with another individual station. Although slightly more secure, this method is more work. Consequently, most WLANs use a single shared key on all stations, which makes it easier for a hacker to recover the key. Now, let’s take a closer look at WEP and discuss the way it operates. To better understand the WEP process, you need to understand the basics of Boolean logic. Specifically, you need to understand how XORing works. XORing is just a simple binary comparison between two bytes that produce another byte as a result of the XORing process. When the two bits are compared, XORing looks to see if they are different. If they are different, the resulting output is 1. If the two bits are the same, the result is 0. If you want to learn more about Boolean logic, a good place to start is here: http://en.wikipedia.org/wiki/Boolean_algebra. All this talk about WEP might leave you wondering how exactly RC4 and XORing are used to encrypt wireless communication. To better explain those concepts, let’s look at the seven steps of encrypting a message:
1.
The transmitting and receiving stations are
initialized with the secret key. This secret
key must be distributed using an out-of-band mechanism such as email, posting it
on a website, or giving it to you on a piece
of paper the way many hotels do.
2.
The transmitting station produces a seed,
which is obtained by appending the 40-bit
secret key to the 24-bit Initialization
Vector (IV), for input into a Pseudo
Random Number Generator (PRNG).
3.
The transmitting station inputs the seed to
the WEP PRNG to generate a key stream
of random bytes.
4.

The key stream is XORd with plaintext to
obtain the cipher text.

5.
The transmitting station appends the
cipher text to the IV and sets a bit
indicates that it is a WEP-encrypted
packet. This completes WEP
encapsulation, and the results are
transmitted as a frame of data. WEP only
encrypts the data. The header and trailer
are sent in clear text.
6.
The receiving station checks to see if the
encrypted bit of the frame it received is
set. If so, the receiving station extracts the
IV from the frame and appends the IV
with the secret key.
7.
The receiver generates a key stream that
must match the transmitting station’s key.
This key stream is XORd with the cipher
text to obtain the sent plaintext.

QUESTION 8
DRAG DROP You work as a network administrator at Certkiller .com. Your boss Mrs. Certkiller asks order the steps to mitigate a worm attack.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: Viruses and worms are part of a larger category of malicious code or malware. Viruses and worms are programs that can cause a wide range of damage from displaying messages to making programs work erratically or even destroying data or hard drives. Viruses accomplish their designed task by placing self-replicating code in other programs. When these programs execute, they replicate again and infect even more programs. Closely related to viruses and worms is spyware. Spyware is considered another type of malicious software. In many ways, spyware is similar to a Trojan, as most users don’t know that the program has been installed and it hides itself in an obscure location. Spyware steals information from the user and also eats up bandwidth. If that’s not enough, it can also redirect your web traffic and flood you with annoying pop-ups.
Many users view spyware as another type of virus.
The following are the recommended steps for worm attack mitigation:

1.
Containment: Contain the spread of the worm inside your network and within your network. Compartmentalize parts of your network that have not been infected.

2.
Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.

3.
Quarantine : Track down each infected machine inside your network. Disconnect, remove, or block infected machines from the network.

4.
Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
QUESTION 9
Which method of mitigating packet-sniffer attacks is the most effective?
A. implement two-factor authentication
B. deploy a switched Ethernet network infrastructure
C. use software and hardware to detect the use of sniffers
D. deploy network-level cryptography using IPsec, secure services, and secure protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
You cannot talk about VPNs without saying something about IP Security (IPSec). IPSec is a framework of
open standards. It is not bound to any specific encryption or authentication algorithm keying technology.
IPSec acts on the network layer, where it protects and authenticates IP packets between participating
peers such as firewalls, routers, or concentrators. IPSec security provides four major functions:

*
Confidentiality The sender can encrypt the packets before transmitting them across the network. If such a communication is intercepted, it cannot be read by anybody.

*
Data integrity The receiver can verify whether the data was changed while traveling the Internet.

*
Origin authenticationThe receiver can authenticate the source of the packet.

*
Antireplayprotection The receiver can verify that each packet is unique and is not duplicated.
QUESTION 10
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of attack prior to launching an attack. This phase is also where the attacker draws on competitive intelligence to learn more about the target. The phase may also involve network scanning either external or internal without authorization. This is a phase that allows the potential attacker to strategize his attack. This may spread over time, as the attacker waits to unearth crucial information. One aspect that gains prominence here is social engineering. A social engineer is a person who usually smooths talk’s people into revealing information such as unlisted phone numbers, passwords or even sensitive information. Other reconnaissance techniques include dumpster diving. Dumpster diving is the process of looking through an organization’s trash for discarded sensitive information. Building user awareness of the precautions they must take in order to protect their information assets is a critical factor in this context.
QUESTION 11
What should be the first step in migrating a network to a secure infrastructure?
A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The development of a security policy is the first step to a secure infrastructure, without this availability of your network will be compromised.
QUESTION 12
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Denial of Service (DoS) is an attack designed to render a computer or network incapable of providing normal services. The most common DoS attacks will target the computer’s network bandwidth or connectivity. Bandwidth attacks flood the network with such a high volume of traffic, that all available network resources are consumed and legitimate user requests cannot get through. Connectivity attacks flood a computer with such a high volume of connection requests, that all available operating system resources are consumed and the computer can no longer process legitimate user requests. A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include
*
attempts to “flood” a network, thereby preventing legitimate network traffic

*
attempts to disrupt connections between two machines, thereby preventing access to a service

*
attempts to prevent a particular individual from accessing a service

*
attempts to disrupt service to a specific system or person
QUESTION 13
Which method of mitigation packet-sniffer attacks is most cost effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
Cryptography: Rendering packet sniffers irrelevant is the most effective method for countering packet sniffers. Cryptography is even more effective than preventing or detecting packet sniffers. If a communication channel is cryptographically secure, the only data a packet sniffer detects is cipher text (a seemingly random string of bits) and not the original message.
QUESTION 14
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Probe phase: The attacker identifies vulnerable targets in this phase. The goal of this phase is to find computers that can be subverted. Internet Control Message Protocol (ICMP) ping scans are used to map networks, and application port scans identify operating systems and vulnerable software. Passwords can be obtained through social engineering, a dictionary attack, a brute-force attack, or network sniffing. Incorrect: A – Phase 2 B – Phase 4 C – Phase 3 D – Phase 5
QUESTION 15
What is considered the main administrative vulnerability of Cisco Catalyst switches?
A. SNMP
B. Telnet
C. Poor passwords
D. Poor encryption

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explantion:
By default, a Cisco switch shows the passwords in plaintext for the following settings in the configuration
file: the .enable. password, the username password, the console line and the virtual terminal lines.
Using the same password for both the enable secret and other settings on a switch allows for potential
compromise because the password for certain settings (for example, telnet) may be in plaintext and can be
collected on a network using a network analyzer. Also, setting the same password for the .enable secret.
passwords on multiple switches provides a single point of failure because one compromised switch
endangers other switches.

QUESTION 16
DRAG DROP
Click and drag the four steps to mitigating worm attacks in order from step 1 to steep 4.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation:
Worm attack mitigation requires diligence on the part of system and network administration staff.
Coordination between system administration, network engineering, and security operations personnel is
critical in responding effectively to a worm incident. The following are the recommended steps for worm
attack mitigation:

1.
Containment: Contain the spread of the worm inside your network and within your network. Compartmentalize parts of your network that have not been infected.

2.
Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.

3.
Quarantine: Track down each infected machine inside your network. Disconnect, remove, or block infected machines from the network.

4.
Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
QUESTION 17
Certkiller .com network administrators have just configured SSH on their target router and have now discovered that an intruder has been using this router to perform a variety of malicious attacks. What have they most likely forgotten to do and which Cisco IOS commands do they need to use to fix this problem on their target router?
A. forgot to reset the encryption keys using the crypto key zeroize rsa Cisco IOS global configuration command
B. forgot to close port 23 and they need to issue the no transport input telnet Cisco IOS global
configuration command
C. forgot to disable vty inbound Telnet sessions and they need to issue the line vty 0 4 and the no transport input telnet Cisco IOS line configuration commands
D. forgot to restrict access to the Telnet service on port 23 using ACLs and they need to issue the access-list 90 deny any log Cisco IOS global configuration command, and the line vty 0 4 and access-class 90 in Cisco IOS line configuration commands

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Telnet and rlogin commands are known as unsecure commands, they transports the data packets on plain text format. If anyone can tries to capture the packets they can easily read. So SSH (Secure Shell) is the most usable Remote Login tool. Which maintains the secure communication. Router(Config)#line vty 0 4 Router(Config-router)transport input telnet | ssh | all May be telnet is enabled so just disable the telnet using no.
QUESTION 18
To verify role-based CLI configurations, which Cisco IOS CLI commands do you need use to verify a view?
A. parser view view-name, then use the ? to verify the available commands
B. enable view view-name, then use the ? to verify the available commands
C. enable view, then use the parser view view-name to verify the available commands
D. show view view-name to verify the available commands

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Role-Based CLI Access feature allows the network administrator to define “views,” which are a set of operational commands and configuration capabilities that provide selective or partial access to CiscoIOS EXEC and configuration (Config) mode commands. Views restrict user access to CiscoIOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices. SUMMARY STEPS1. enable view
2.

configure terminal

3.

parser view view-name

4.

secret 5 encrypted-password

5.

commands parser-mode {include | include-exclusive | exclude} [all] [interface interface-name | command]

6.

exit

7.

exit

8.

enable [privilege-level] [view view-name]

9.

show parser view [all]
QUESTION 19
What two tasks should be done before configuring SSH server operations on Cisco routers? (Choose two.)
A. Upgrade routers to run a Cisco IOS Release 12.1(1)P image.
B. Upgrade routers to run a Cisco IOS Release 12.1(3)T image or later with the IPsec feature set.
C. Ensure routers are configured for external ODBC authentication.
D. Ensure routers are configured for local authentication or AAA for username and password authentication.
E. Upgrade routers to run a Cisco IOS Release 11.1(3)T image or later with the IPsec feature set.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices.
Communication between the client and server is encrypted in both SSH version 1 and SSH version 2.
Implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm.
SSH was introduced into these IOS platforms and images:

1.
SSH Version 1.0 (SSH v1) server was introduced in some IOS platforms and images starting in Cisco IOS Software Release 12.0.5.S.

2.
SSH client was introduced in some IOS platforms and images starting in Cisco IOS Software Release
12.1.3.T.
3.
SSH terminal-line access (also known as reverse-Telnet) was introduced in some IOS platforms and images starting in Cisco IOS Software Release 12.2.2.T.

4.
SSH Version 2.0 (SSH v2) support was introduced in some IOS platforms and images starting in Cisco IOS Software Release 12.1(19)E. Example of SSH Configuration on Cisco Router aaanew-model username cisco password 0 cisco ip domain-name rtp.cisco.com cry key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2 line vty 0 4 transport input SSH
QUESTION 20
In the Cisco SDM Security Audit Wizard screen shown in the figure, which Fix it action should be selected to prevent smurf denial of service attacks?

A. IP Mask Reply is enabled
B. IP Unreachables is enabled
C. IP Directed Broadcast is enabled
D. IP Redirects is enabled
E. IP Proxy ARP is enabled
F. Access class is not set on vty lines

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Directed-Broadcast An IP directed broadcast is a datagram sent to the broadcast address of a subnet that is not directly attached to the sending machine. The directed broadcast is routed through the network as a unicast packet until it arrives at the target subnet, where it is converted into a link-layer broadcast. Because of the nature of the IP addressing architecture, only the last router in the chain, which is connected directly to the target subnet, can conclusively identify a directed broadcast.
*
IP directed broadcasts are used in the extremely common and popular smurf Denial of Service (DoS)
attacks. In a smurf attack, the attacker sends ICMP echo requests from a falsified source address to a
directed broadcast address, causing all the hosts on the target subnet to send replies to the falsified
source. By sending a continuous stream of such requests, the attacker can create a much larger stream of
replies, which can completely inundate the host whoseaddress is being falsified.
*
This service should be disabled on all interfaces when not needed to prevent smurf and DoS attacks.
*
Cisco AutoSecure disables IP directed broadcasts using the no ip directed-broadcast command in
interface configuration mode on each interface.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_white_paper09186a00801dbf61.shtml

Cisco 642-552 Interactive Testing Engine is an engine that can be downloaded and installed on your PC.This Cisco 642-552 is not only advanced and equipped with much more features,it is also not internet dependent, once installed.It enables you to see Interconnecting Cisco Networking Devices Part 1 questions and answers in a simulated Cisco 642-552 exam environment. Working with Cisco 642-552  Interactive Testing Engine is like passing an actual Cisco 642-552 exam.

Flydumps Cisco 642-551 New Questions:Just Updated Cisco 642-551 Exam with All New QuestionsFlydumps Cisco 642-551 New Questions:Just Updated Cisco 642-551 Exam with All New Questions

Flydumps  presents the highest quality of Cisco 642-551 practice material which helps candidates to pass the Cisco 642-551 exams in the first attempt.The brain dumps are the latest,authenticated by expert and covering each and every aspect of Cisco 642-551   exam.

Exam A
QUESTION 1
What is a set of conditions that, when met, indicates that an intrusion is occurring or has occurred?
A. rules
B. state tables
C. signatures
D. master parameters

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
If you choose Add from the Allowed Hosts panel in Cisco IDM, which two fields are available for configuration? (Choose two.)
A. Static Routes
B. Dynamic Routes
C. IP Address
D. Default Route
E. Netmask

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 4
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 5
What are the three types of private VLAN ports? (Choose three.)
A. typical
B. isolated
C. nonisolated
D. promiscuous
E. community
F. bridging

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 6
LAB
This is the answer:

pixfirewall(config)#interface eth3 100full
pixfirewall(config)# nameif eth3 protected security 56
pixfirewall(config)# ip address protected 192.168.147.1 255.255.255.0
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 7
When port security is enabled on a Cisco Catalyst switch, what is the default action when the configured maximum of allowed MAC addresses value is exceeded?
A. The port is shut down.
B. The port is enabled and the maximum number automatically increases.
C. The MAC address table is cleared and the new MAC address is entered into the table.
D. The MAC address table is shut down.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 8
What is a description of a promiscuous PVLAN port?
A. It has a complete Layer 2 separation from the other ports within the same PVLAN.
B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN.
D. It cannot communicate with any other ports.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which two protocols does Cisco Secure ACS use for AAA services? (Choose two.)
A. TACACS+
B. Telnet
C. SSH
D. RADIUS
E. SSL
F. SNMP

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which command would be used on the Cisco PIX Security Appliance to show the pool of addresses to be translated?
A. show nat
B. show xlate
C. show global
D. show conn

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What is the default security-level definition setting for the outside interface for the Cisco PIX Security Appliance?
A. 0
B. 100
C. 50
D. 25

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 12
Which Cisco IOS command enables the AAA access-control commands and functions on the router, and overrides the older TACACS and extended TACACS commands?
A. no aaa authentication login default enable
B. aaa authentication login default local
C. aaa new-model
D. login authentication default
E. no login authentication default

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which communication protocol is used by the administrator workstation to communicate with the CSA MC?
A. SSH
B. Telnet
C. HTTPS
D. SSL

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
To which router platform can Turbo ACLs be applied?
A. Cisco 800 Router
B. Cisco 2600 Series Router
C. Cisco 3500
D. Cisco 7200 Router

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which administrative access mode for the Cisco PIX Security Appliance allows you to change the current settings?
A. unprivileged mode
B. privileged mode
C. configuration mode
D. monitor mode
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 16
Which Cisco IDS/IPS feature enables the appliance to aggregate alarms?
A. FireOnce
B. response actions
C. alarm summarization
D. threshold configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which method does a Cisco firewall use for packet filtering?
A. inspection rules
B. ACLs
C. security policies
D. VACLs

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which component within the Cisco Network Admission Control architecture acts as the policy server for evaluating the endpoint security information that is relayed from network devices, and for determining the appropriate access policy to apply?
A. CiscoWorks
B. CiscoWorks VMS
C. Cisco Secure ACS
D. Cisco Trust Agent
E. Cisco Security Agent

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which command is used to reboot the Cisco PIX Security Appliance?
A. reboot
B. restart
C. boot D. reload

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Packet sniffers work by using a network interface card in which mode?
A. inline
B. cut-through
C. promiscuous
D. Ethernet
E. passive

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

Cisco 642-551 Questions and Answers Products basically comprise of the simulated Cisco 642-551   exam questions AND their most correct answers,accompanied with a methodical elucidation of the Cisco 642-551   answers and the probable wrong answers.The extent to which Cisco 642-551  Questions and Answers Products cover their Cisco subject is so thorough,that once you are done with a Cisco product, passing the Cisco 642-551  exam in first attempt should be a piece of cake.

642-551 New Questions – Recent Updated New Cisco 642-551 Dumps with New PDF & VCE642-551 New Questions – Recent Updated New Cisco 642-551 Dumps with New PDF & VCE

Flydumps bring you the best Cisco 642-551 exam preparation materials which will make you pass in the first attempt.And we also provide you all Cisco 642-551 exam updates as Microsoft announces a change in its Cisco 642-551 exam syllabus,we inform you about it without delay.

Exam A
QUESTION 1
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Attackers and hackers can employ social engineering techniques to pose as legitimate people
seeking out information. A few well structured telephone calls to unsuspecting employees can provide a
significant amount of information Incorrect:
A – Is called ‘Access attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’
D – Is called ‘Denial of Service (DOS) attacks’
E – This is an example of social engineering
QUESTION 2
Which communication protocol is used by the administrator workstation to communicate with the CSA MC?
A. SSH
B. Telnet
C. HTTPS
D. SSL

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Management Center for Cisco Security Agent (CSA MC) uses a Secure Sockets Layer (SSL)-enabled web interface.

QUESTION 3
What should be the first step in migrating a network to a secure infrastructure?
A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The development of a security policy is the first step to a secure infrastructure, without this availability of your network will be compromised.
QUESTION 4
Select two ways to secure hardware from threats. (Choose two.)
A. The room must have steel walls and doors.
B. The room must be static free.
C. The room must be locked, with only authorized people allowed access.
D. The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: -Incorrect:
A – Not a required element.
B – Is called ‘Environment Threat mitigation’
QUESTION 5
At which layer of the OSI model does a proxy server work?
A. data link
B. physical
C. application
D. network
E. transport

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A proxy server is an application
QUESTION 6
Which command on the Cisco PIX Security Appliance is used to write the current running config to the Flash memory startup config?
A. write terminal
B. write config
C. write memory
D. write startup config

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect: A – Shows running configuration on screen, like show running-configuration B – No such command D – No such command
QUESTION 7
What is a description of a promiscuous PVLAN port?
A. It has a complete Layer 2 separation from the other ports within the same PVLAN.
B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN.
D. It cannot communicate with other ports.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect:
A – This is called ‘Isolated’
B – This is called ‘Community’
D – No such PVLAN

QUESTION 8
How do you enable a host or a network to remotely access the Cisco IPS/IDS sensor?
A. Configure static routes.
B. Configure dynamic routing.
C. Configure allowed hosts.
D. Configure DHCP.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The Allowed Hosts option enables you to define which IP addresses are allowed to access the sensor via
its management interface.

QUESTION 9
In which version did NTP begin to support cryptographic authentication?
A. version 5
B. version 4
C. version 3
D. version 2

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Version 3 or above is required to support Cryptographic authentication mechanism between peers.

QUESTION 10
What must be configured on a network-based Cisco IDS/IPS to allow to monitor traffic?
A. Enable rules.
B. Enable signatures.
C. Disable rules.
D. Disable signatures.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 11
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
These attacks are when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny services or access to networks, systems, or services.
Incorrect:
A – Is called ‘Access attacks’
B – Is called ‘Reconnaissance attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’

QUESTION 12
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN?
A. remote-access VPN
B. overlay VPN
C. WAN-to-WAN VPN
D. site-to-site VPN
E. SSL VPN

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Site-to-site VPNs can be deployed using a wide variety of Cisco VPN Routers. Cisco VPN routers provide
scalability through optional encryption acceleration. The Cisco VPN router portfolio provides solutions for
small office and home office (SOHO) access through centralsite VPN aggregation. SOHO solutions include
platforms for fast-emerging cable and DSLaccess technologies.
Incorrect:
A – This VPN solution connects telecommuters and mobile users securely and cost-effectively to corporate
network resources from anywhere in the world over any access technology.

QUESTION 13
Which method of mitigation packet-sniffer attacks is most cost effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Cryptography: Rendering packet sniffers irrelevant is the most effective method for countering packet sniffers. Cryptography is even more effective than preventing or detecting packet sniffers. If a communication channel is cryptographically secure, the only data a packet sniffer detects is cipher text (a seemingly random string of bits) and not the original message.
QUESTION 14
Which encryption method uses a 56-bit to ensure high-performance encryption?
A. 3DES
B. AES
C. RSA
D. DES

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Incorrect: A – 3DES 3*56bits B – Advanced Encryption Standard C – It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography.
QUESTION 15
In which Cisco Catalyst Series switches can the Firewall Service Modules be installed?
A. Catalyst 2900 and 3500 XL Series
B. Catalyst 1900 and 2000 Series
C. Catalyst 4200 and 4500 Series
D. Catalyst 6500 and 7600 Series

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
QUESTION 16
Which protocol does the Cisco Web VPN solution use?
A. SSH
B. Telnet
C. SSL
D. IPSec
E. XML

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/ networking_solutions_sub_solution_home.html
QUESTION 17
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Probe phase: The attacker identifies vulnerable targets in this phase. The goal of this phase is to find computers that can be subverted. Internet Control Message Protocol (ICMP) ping scans are used to map networks, and application port scans identify operating systems and vulnerable software. Passwords can be obtained through social engineering, a dictionary attack, a brute-force attack, or network sniffing. Incorrect: A – Phase 2 B – Phase 4 C – Phase 3 D – Phase 5
QUESTION 18
What are the three types of private VLAN ports? (Choose three.)
A. typical
B. isolated
C. nonisolated
D. promiscuous
E. community
F. bridging

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
Explanation:
There are three types of PVLAN ports:
Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and
community ports within a PVLAN.
Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN,
but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from
promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports. Community:
Community ports communicate among themselves and with their promiscuous ports. These interfaces are
separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.

QUESTION 19
What is considered the main administrative vulnerability of Cisco Catalyst switches?
A. SNMP
B. Telnet
C. Poor passwords
D. Poor encryption

Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explantion:
By default, a Cisco switch shows the passwords in plaintext for the following settings in the configuration
file: the .enable. password, the username password, the console line and the virtual terminal lines.
Using the same password for both the enable secret and other settings on a switch allows forpotential
compromise because the password for certain settings (for example, telnet) may be in plaintext and can be
collected on a network using a network analyzer. Also, setting the same password for the .enable secret.
passwords on multiple switches provides a single point of failure because one compromised switch
endangers other switches.

QUESTION 20
Click and drag the four steps to mitigating worm attacks in order from step 1 to steep 4.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
1.
Containment: Contain the spread of the worm inside your network and within your network. Compartmentalize parts of your network that have not been infected.

2.
Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.

3.
Quarantine: Track down each infected machine inside your network. Disconnect, remove, or block

infected machines from the network.

4.
Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.

Flydumps is ready to provide Cisco 642-551 candidates with Cisco 642-551 training materials which can be very much helpful for getting Cisco 642-551 certification, which means that candidates.Cisco 642-551 can easily get access to the services of Cisco 642-551 for practice exam, which will assure them 100% Cisco 642-511 success rate.Though Cisco642-551 tests are not easy at all, but they do not make Cisco 642-551 things complicated.

New Questions-100% Valid Cisco 642-513 New Questions for Cisco 642-513 ExamNew Questions-100% Valid Cisco 642-513 New Questions for Cisco 642-513 Exam

100% Valid And Newest–Do not worry about your Cisco 642-513 exam! Just try Flydumps the latest Cisco 642-513 exam dumps.The latest new version with all the official new added Cisco 642-513 questions and answers.High pass rate and money back

Exam A
QUESTION 1
Which of these is a reason for using groups to administer Agents?
A. to link similar devices together
B. to complete configuration changes on groups instead of hosts
C. to complete the same configuration on like items
D. to apply the same policy to hosts with similar security requirements

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which three items make up rules? (Choose three.)
A. variables
B. applications
C. application classes
D. rule modules
E. policies
F. actions

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which action do you take when you are ready to deploy your CSA configuration to systems?
A. select
B. clone
C. deploy
D. generate rules

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 4
Which one of the five phases of an attack attempts to become resident on a target?
A. probe phase
B. penetrate phase
C. persist phase
D. propagate phase
E. paralyze phase

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What is the purpose of the Audit Trail function?
A. to generate a report listing events matching certain criteria, sorted by event severity
B. to generate a report listing events matching certain criteria, sorted by group
C. to generate a report showing detailed information for selected groups
D. to display a detailed history of configuration changes

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
In which type of rules are network address sets used?
A. COM component access control rules
B. connection rate limit rules
C. network access control rules
D. file control rules
E. file access control rules

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which three of these does the buffer overflow rule detect on a UNIX operating system, based on the type of memory space involved? (Choose three.)
A. location space
B. stack space
C. slot space
D. data space
E. heap space
F. file space

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When should you use preconfigured application classes for application deployment investigation?
A. never
B. always
C. only for specific applications
D. only when applications require detailed analysis

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 10
Which systems with specific operating systems are automatically placed into mandatory groups containing rules for that operating system? (Choose three.)
A. OS2
B. HPUX
C. Solaris
D. Mac OS
E. Linux
F. Windows

Correct Answer: CEF Section: (none) Explanation Explanation/Reference:
We provide Cisco 642-513 help and information on a wide range of issues.Cisco 642-513 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-513 free to send us any questions and we always try our best to keeping our Customers Satisfied.

Cisco 642-513 New Questions:Just Updated Cisco 642-513 Exam with All New Questions from FlydumpsCisco 642-513 New Questions:Just Updated Cisco 642-513 Exam with All New Questions from Flydumps

Flydumps offers the first-hand Cisco 642-513 exam real questions and answers, by train the latest Cisco 642-513 PDF and VCE dumps, you will well prepare for the Cisco 642-513 exam. Visit Flydumps.com to get free new version for training.

Exam A
QUESTION 1
Certkiller chose the Cisco CSA product to protect the network against the newest attacks. Cisco Security Agent provides Day Zero attack prevention by using which of these methods?
A. Using signatures to enforce security policies
B. Using API control to enforce security policies
C. Using stateful packet filtering to enforce security policies
D. Using algorithms that compare application calls for system resources to the security policies
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Because Cisco Security Agent analyzes behavior rather than relying on signature matching, it never needs updating to stop a new attack. This zero-update architecture provides protection with reduced operational costs and can identify so-called “Day Zero” threats.” At a high level, Cisco(r) Security Agent is straightforward. It intercepts system calls between applications and the operating system, correlates them, compares the correlated system calls against a set of behavioral rules, and then makes an “allow” or”deny” decision based on the results of its comparison. This process is called INCORE, which stands for intercept, correlate, rules engine. Reference: http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_white_paper0900aecd8020f448.shtml

QUESTION 2
Certkiller has implemented the CSA product to provide security for all of their devices. For which layers of the OSI reference model does CSA enforce security?
A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Security Agent provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. The Cisco Security Agent consolidates endpoint security functions in a single agent, providing:
1.
Host intrusion prevention
2.
Spyware/adware protection
3.
Protection against buffer overflow attacks
4.
Distributed firewall capabilities
5.
Malicious mobile code protection
6.
Operating-system integrity assurance
7.
Application inventory
8.
Audit log-consolidation
This provides security for endpoints at the network layer (layer 3) through the application layer (layer 7).
QUESTION 3
The CSA architecture model is made up of three major components. Which three are they? (Choose three)
A. Cisco Trust Agent
B. Cisco Security Agent
C. Cisco Security Agent Management Center
D. Cisco Intrusion Prevention System
E. An administrative workstation
F. A syslog server

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation: The CSA MC architecture model consists of a central management center which maintains a database of policies and system nodes, all of which have Cisco Security Agent software installed on their desktops and servers. The agents themselves, and an administrative workstations, combined with the Management Center, comprise the three aspects of the CSA architecture. Agents register with CSA MC. CSA MC checks its configuration database for a record of the system. When the system is found and authenticated, CSA MC deploys a configured policy for that particular system or grouping of systems.

 

Preparing Cisco 642-513 exam is not difficult now.You can prepare from Cisco 642-513 Certification or Cisco 642-513 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-513 study material notes for test preparation.Latest Cisco 642-513 study material available.