642-591 Implementing Cisco NAC Appliance

Page 1   
Question 1

Which two functions could be performed by Cisco NAC Appliance Agent configured?
(Choose two.)

  • A. quarantine an end user until the client machine complies with company policy
  • B. check for up-to-date antivirus and antispam files
  • C. initiate periodic virus scans
  • D. perform registry, service, and application checks


Answer : B,D

Question 2

You are a network administrator for a university. You would like to restrict access to
specific, targeted subnets by role, such as student, administration, faculty, and guest roles.
How to achieve this goal by using the Cisco NAM?

  • A. define a bandwidth policy for each role that specifies the target subnets
  • B. define an IP-based traffic control policy for each role that specifies the target subnets
  • C. define extended access-control-list templates, and apply each template to a specific user role
  • D. define a host-based traffic control policy for each role that specifies the target subnets


Answer : B

Question 3

What is the objective of rule-to-requirement mapping while configuring a requirement?

  • A. associates a rule set to the remediation steps that a user follows to comply with the requirement
  • B. associates the requirement to a normal user role
  • C. ensures that Nessus scan-based requirements are satisfied before the user can log in to the network
  • D. associates the rules for operating system-based checks to the requirement list


Answer : A

Question 4

When does the secondary Cisco NAM take over in the process of configuring a Cisco NAM
high-availability?

  • A. when the UDP heartbeat signal is not transmitted and received within a certain time period
  • B. when the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failover peers
  • C. when the timeout value is exceeded during data-mirroring activities
  • D. when the IP-based heartbeat signal fails to be transmitted and received within a certain time period


Answer : A

Question 5

What will happen when the condition statement in a Cisco NAA check for required software
evaluates to false on a client machine?

  • A. The required software is automatically downloaded to the user device.
  • B. The required software is made available after the user is quarantined.
  • C. The user is put in the unauthenticated role and the software is considered missing.
  • D. The user is placed in the temporary role and the software is made available.


Answer : B

Question 6

Which is the interface that Cisco NAM failover peers always use to support inter-peer
connections?

  • A. the second Ethernet port
  • B. the serial connection
  • C. the eth0 interface
  • D. the eth1 interface


Answer : D

Question 7

How to make sure that the Cisco NAS has the latest version of the Cisco NAA to install on
user devices?

  • A. Each time the Cisco NAA is upgraded, the Cisco NAM automatically downloads the new version of Cisco NAA to all Cisco NAS servers.
  • B. Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form.
  • C. From the Cisco NAS Web Admin Console, enable Cisco NAA autoupdate on the Administration > Software Update form.
  • D. The Cisco NAA is upgraded directly to each Cisco NAS using the Upgrade Server form available on the Cisco NAM web console GUI.


Answer : A

Question 8

After rebooting from its initial configuration, what does the secondary Cisco NAM do?

  • A. automatically sends a message to all Cisco NAS servers, identifying itself as the secondary Cisco NAM
  • B. takes over as the active Cisco NAM if the secondary Cisco NAM has a higher priority
  • C. switches to active mode, enabling load sharing with the primary Cisco NAM
  • D. automatically synchronizes its database with the primary Cisco NAM


Answer : D

Question 9

The Nanjing library would like to deploy network admission control for their public wireless
network and their internal wired network. Their network has switches from different
manufacturers. Which Cisco NAC Appliance solution will be the most suitable for this
client?

  • A. a hybrid solution using in-band Cisco NAS for the wireless and out-of-band Cisco NAS for the wired deployment
  • B. an out-of-band Cisco NAS deployment with a Cisco NAM cluster
  • C. an in-band Cisco NAS deployment and a Cisco NAM
  • D. a combination of an out-of-band and an in-band Cisco NAS deployment with a Cisco NAM cluster


Answer : C

Question 10

In the process of deploying a Layer 3 out-of-band, which Cisco NAC Appliance component
offers the client-machine IP address to MAC address mapping?

  • A. Cisco Security Agent
  • B. Cisco NAA
  • C. Cisco Trust Agent
  • D. Cisco NAS


Answer : B

Question 11

Where is a local user validated?

  • A. at the Cisco NAS
  • B. at the Cisco NAM
  • C. at the authentication server
  • D. at the Cisco NAA


Answer : B

Question 12

What is the way that the Cisco NAM determines the presence of vulnerability without using
the Cisco NAA on the client machine?

  • A. The Cisco NAM will perform an agentless scan and interpret the results to determine if the client machine is vulnerable.
  • B. The end-user Cisco Trust Agent capability summary message does not match the defined role-based security policy requirement on the Cisco NAM.
  • C. The Nessus network scan report matches a defined role-based or OS-based vulnerability on the Cisco NAM.
  • D. The Cisco NAM receives a Cisco Security Agent vulnerability alert from the Cisco NAS.


Answer : C

Question 13

Which three elements compose a Cisco NAC Appliance solution? (Choose three.)

  • A. a Cisco router to provide VPN services
  • B. a Linux server for in-band or out-of-band network admission control
  • C. a Linux server for centralized management of network admission servers
  • D. a read-only client operating on an endpoint device


Answer : B,C,D

Question 14

In order to make sure that customers are able to perform update and remediation, which
features must be configured? (Choose one answer.)

  • A. Nessus plug-ins and antivirus rules
  • B. temporary roles and quarantines roles
  • C. session timeouts and traffic control policies
  • D. temporary and quarantine network remediation timer


Answer : C

Question 15

A client owns a network with wireless and wired users. The wired users perform mission-
critical bandwidth-sensitive applications. The wireless users access web-based support
portals within the central office. Based on the provided information, which Cisco NAC
Appliance solution will offer the most fault-tolerant option for this client?

  • A. one highly available Cisco NAM cluster and one in-band highly available Cisco NAS cluster
  • B. one Cisco NAM and one in-band highly available Cisco NAS cluster
  • C. one highly available Cisco NAM cluster, one out-of-band highly available Cisco NAS cluster, and one in-band Cisco NAS
  • D. one load-balanced highly available Cisco NAM cluster and one out-of-band highly available Cisco NAS cluster


Answer : C

Page 1