642-566 Security Solutions for Systems Engineers

Page 1   
Question 1

What should be taken into consideration while performing Cisco NAC Appliance design?

  • A. in-band versus out-of-band
  • B. edge deployment versus central deployment
  • C. Real-IP Gateway versus virtual gateway
  • D. Layer 2 versus Layer 3


Answer : A,B,C,D

Question 2

Cisco ASA 5500 Series provides intelligent threat defense and secure communications
services that stop attacks before they impact business continuity. Designed to protect
networks of all sizes, the Cisco ASA 5500 Series enables organizations to lower their
overall deployment and operations costs while delivering comprehensive multilayer
security.How can Cisco ASA 5500 Series Adaptive Security Appliances achieve
containment and control? (Choose two.)

  • A. enabling businesses to create secure connections
  • B. preventing unauthorized network access
  • C. probing end systems for compliance
  • D. tracking the state of all network communications


Answer : B,D

Question 3

Which Cisco ASA configuration is needed to perform active/active failover?

  • A. policy-based routing
  • B. redundant interfaces
  • C. virtual contexts
  • D. VLANs


Answer : C

Question 4

You are the network consultant from pass4usre.com. Please point out three security
products complement each other to achieve a secure e-banking solution.

  • A. Cisco Security Agent
  • B. Cisco Intrusion Prevention System
  • C. CCA Agent
  • D. Cisco Adaptive Security Appliance


Answer : A,B,D

Question 5

What will the NAC Appliance Agent check on the client machine? (Choose three.)

  • A. IP address
  • B. registry keys
  • C. Microsoft hotfixes
  • D. presence of Cisco Security Agent


Answer : B,C,D

Question 6

Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network
Admission Control (NAC) product that allows network administrators to authenticate,
authorize, evaluate, and remediate wired, wireless, and remote users and their machines
prior to allowing users onto the network. It identifies whether networked devices such as
laptops, desktops, and other corporate assets are compliant with a network's security
policies, and it repairs any vulnerabilities before permitting access to the network. Which
three policy types can be assigned to a network user role in the Cisco NAC Appliance
architecture? (Choose three.)

  • A. allowed IP address ranges
  • B. session duration
  • C. network port scanning plug-ins
  • D. VPN and roaming policies


Answer : B,C,D

Question 7

Which item is correct about the relationship between the VPN types and their descriptions?
1. DMVPN
2. GET VPN
3. DGVPN
4. Dynamic VTI
5. crypto maps
I. supported on Cisco IOS routers and ASAs
II. provides on-demand virtual access interface cloned from a virtual template configuration
III. combines two VPN technologies
IV. provides tunnel-less any-to-any connectivity
V. supports routing protocol over VPN tunnels

  • A. I-5,II-4,III-1,IV-2,V-3
  • B. I-5,II-4,III-3,IV-1,V-2
  • C. I-5,II-3,III-2,IV-4,V-1
  • D. I-5,II-4,III-3,IV-2,V-1


Answer : D

Question 8

You are the network consultant from pass4usre.com. Please point out three technologies
address ISO 17799 requirements for unauthorized access prevention.

  • A. VPN
  • B. Cisco Secure Access Control Server
  • C. 802.1X
  • D. Network Admission Control


Answer : B,C,D

Question 9

Which description is true about the hybrid user authentication model for remote-access
IPsec VPNs?

  • A. VPN servers authenticate by using digital certificates, and users authenticate by using pre-shared keys.
  • B. VPN servers authenticate by using digital certificates, and users authenticate by using usernames and passwords.
  • C. VPN servers and users authenticate by using digital certificates.
  • D. VPN servers and users authenticate by using pre-shared keys.


Answer : B

Question 10

__________ a feature of a system-level approach to security management.

  • A. multiple-element management
  • B. responsibility sharing
  • C. multiple cross-vendor management platforms
  • D. high availability


Answer : D

Question 11

Which item will be performed on Cisco IP Phones so that they can authenticate it before
obtaining network access?

  • A. AAA client
  • B. Cisco Security Agent
  • C. IEEE 802.1X supplicant
  • D. one-time password


Answer : C

Question 12

In reconnaissance attacks, which two attack methods are typically used? (Choose two.)

  • A. TCP/UDP port scanning and sweeping
  • B. buffer overflows
  • C. ARP spoofing
  • D. operating system and application fingerprinting


Answer : A,D

Question 13

Which two key criteria will be used while sizing Cisco Security MARS model to deploy?
(Choose two.)

  • A. auto-mitigation requirements
  • B. using a one-, two-, or three-tier Cisco Security MARS architecture
  • C. events-storage requirements
  • D. incoming events per second rate


Answer : C,D

Question 14

You are the network consultant from pass4usre.com. Please point out two components
included in a detailed design document for a security solution.

  • A. WEP
  • B. existing network infrastructure
  • C. IDS
  • D. proof of concept


Answer : B,D

Question 15

Secure Sockets Layer (SSL) is a cryptographic protocol that provides security and data
integrity for communications over TCP/IP networks such as the Interne. When SSL uses
TCP encapsulation on Cisco SSL VPNs, the user's TCP session is transported over
another TCP session, thus making flow control inefficient if a packet is lost. Which is the
best solution of this problem?

  • A. Cisco Secure Desktop
  • B. DAP
  • C. DTLS
  • D. SSL traversal


Answer : C

Page 1