642-583 Security Solutions for Systems Engineers

Page 1   
Question 1

Which authentication protocol can provide single sign-on (SSO) services?

  • B. TACACS+
  • C. Diameter
  • D. Kerberos
  • E. EAP

Answer : D

Question 2

Deploying logical security controls such as firewall and IPS appliances is an example of
which kind of risk-management option?

  • A. risk avoidance
  • B. risk transfer
  • C. risk retention
  • D. risk reduction
  • E. risk removal

Answer : A

Question 3

Refer to the exhibit. A distributed DoS attack has been detected. The attack appears to
have sources from many hosts in network X/24. An operator in the network operation
center is notified of this attack and must take preventive action. To block all offending
traffic, the network operator announces a BGP route, with the next-hop attribute of, for the X/24 network of the attacker.
Which two methods do the routers at the regional office, branch office, and telecommuter
location use to prevent traffic going to and from the attacker? (Choose two.)

  • A. a dynamic ACL entry to block any traffic that is sourced from the X/24 network
  • B. a static route to, which points to a null interface
  • C. a prefix list to block routing updates about the X/24 network
  • D. strict uRPF
  • E. a route map to tag all traffic from the X/24 network with the no-export community attribute

Answer : B,D

Question 4

Answer :

Question 5

Pharming attacks, which are used to fool users into submitting sensitive information to
malicious servers, typically involve which attack method?

  • A. ARP poisoning
  • B. DNS cache poisoning
  • C. DHCP exhaustion
  • D. DHCP server spoofing
  • E. IP spoofing

Answer : B

Question 6

Which two settings can the Cisco Security Agent (release 5.2 and later) monitor to control
user's wireless access? (Choose two.)

  • A. protection types such as WEP, TKIP
  • B. wireless card type (802.11a, b, org)
  • C. SSIDs
  • D. antivirus version
  • E. lightweight versus autonomous mode

Answer : A,C

Question 7

Which feature of the Cisco IronPort S-Series allows administrators to control which users
get access to gambling sites?

  • A. HTTPS inspection
  • B. authentication with Active Directory
  • C. malware scanning
  • D. web reputation filters

Answer : B

Question 8

Answer :

Question 9

Answer :

Question 10

suitable to be deployed over the Internet?

  • A. DGVPN
  • B. DMVPN
  • C. VTI
  • D. GREoverlPsec
  • E. IPsec direct encapsulation
  • F. GET VPN

Answer : F

Question 11

What are two differences between symmetric and asymmetric encryption algorithms?
(Choose two.)

  • A. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk encryption.
  • B. Asymmetric encryption is slower than symmetric encryption.
  • C. Asymmetric encryption requires a much larger key size to achieve the same level of protection as symmetric encryption
  • D. Symmetric encryption is used in digital signatures and asymmetric encryption is used in HMACs.

Answer : B,C

Question 12

Cisco SSL VPN solution uses the Cisco Secure Desktop to provide which four
functionalities? (Choose four.)

  • A. pre-login assessment
  • B. application plug-ins
  • C. secure vault
  • D. Cache Cleaner
  • E. Advanced Endpoint Assessment
  • F. smart tunnel

Answer : A,C,D,E

Question 13

Which two logical controls are available on Cisco lOS routers to limit the damage of
physical intrusions? (Choose two.)

  • A. USB smart token key storage
  • B. security stickers
  • C. disabling of password recovery
  • D. digitally signed Cisco lOS image
  • E. port security

Answer : A,C

Question 14

Which statement regarding the hybrid user authentication model for remote-access IPsec
VPNs is correct?

  • A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames and passwords.
  • B. VPN servers authenticate by using digital certificates, and users authenticate by using usernames and passwords
  • C. VPN servers authenticate by using digital certificates, and users authenticate by using pre-shared keys.
  • D. VPN servers and users authenticate by using digital certificates.
  • E. VPN servers and users authenticate by using pre-shared keys.

Answer : B

Question 15

Which three benefits does DMVPN offer? (Choose three.)

  • A. supports spokes that use dynamic IP addresses
  • B. supports IP unicast and multicast traffic
  • C. supports native routing protocols over the tunnels
  • D. is available on Cisco IOS routers and on Cisco ASA security appliances
  • E. provides tunnel-less any-to-any connectivity
  • F. has less overhead than GRE over IPsec

Answer : A,B,C

Page 1