Do not worry about your Cisco 642-371 exam, Certadept now has published the new veriosn Cisco 642-371 exam dumps with more new added questions and answers, also you can free download vce test software and pdf dumps on certadept.com.
Exam A
QUESTION 1
How does the Cisco IOS IPS feature set monitor the network for malicious activity?
A. passive “bird-on-a-wire” packet inspection
B. deep inline packet inspection
C. Security Device Event Exchange (SDEE) packet inspection
D. out-of-band (OOB) packet inspection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What are three benefits that companies gain with intelligent networking based on Cisco IOS network infrastructure? (Choose three.)
A. a fully integrated network
B. a network requiring fewer networking devices
C. an adaptive network
D. a more resilient network
E. a completely fault-tolerant network
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Your customer has a basic stateful firewall setup that only permits incoming traffic from the Internet to an internal web server. What are the security risks if the firewall being used does not perform advanced application inspection and control like the ASA Security Appliance does? (Choose two.)
A. Allowing all return traffic from the internal web server back out to the Internet may increase the risk of worm propagation.
B. Peer-to-peer or instant messaging traffic using port 80 may exhaust the network capacity.
C. Not validating port 80 traffic content may increase the risk of malware infection.
D. Denial of service attacks launched against port 80 of the internal web server can bring down the web server.
E. If the firewall cannot perform deep packet inspection, the firewall cannot properly classify the HTTP and HTTPS traffic. This may lead to connectivity issues from the Internet to the internal web server.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit. Deploying integrated services on the Cisco ISR Router can help reduce network cost and complexity by integrating which four of these features on the ISR? (Choose four.)
A. firewall and VPN
B. IP telephony and voice mail
C. Secure Access Control Server
D. LAN switching and Wireless LAN
E. IPS
F. Anomaly Guard and Detection
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two of these statements best describe fast secure roaming for the wireless core feature set using autonomous access points? (Choose two.)
A. It is compatible with all wireless clients.
B. It reduces roaming latency through reduced client RF channel scanning enhancements.
C. It reduces roaming latency to targeted times of less than 75ms.
D. Roaming occurs without reauthentication through a centralized RADIUS server.
E. It is enabled through WLSE deployment.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 6
LAB A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 7
A customer is deploying a wireless core feature set using autonomous access points and requires Layer 2 roaming. What is a requirement when deploying this solution?
A. a minimum of one Cisco 4100 Series WLAN Controller
B. one WDS per subnet
C. a minimum of one Wireless LAN Services Module
D. all clients using Cisco Aironet Wireless LAN Adapters
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which of these is the Cisco IOS Firewall feature that creates specific security policies for each user with LAN-based, dynamic, per-user authentication and authorization?
A. DDoS Mitigation
B. Cisco Security Agent
C. Intrusion Prevention System
D. Authentication Proxy
E. Context-based Access Control
F. Monitoring, Analysis and Response System
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 9
What are three components of the wireless core feature set using autonomous access points? (Choose three.)
A. CiscoWorks WLSE
B. Wireless LAN Controller
C. lightweight access points
D. 802.1X authentication server
E. Wireless Control System
F. Cisco autonomous access points running WDS
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 10
A customer plans to implement a wireless core feature set using autonomous access points. When choosing the access points, what is required for the customer to implement WDS?
A. Client cards must be using Cisco’s LEAP authentication.
B. All APs must support 802.1X for registration with WDS.
C. WDS must be enabled on all APs in the WLAN.
D. The customer must have a WLSM blade in their Cisco Catalyst 6000.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What is the benefit of the parallel signature scanning feature in Cisco IOS IPS software?
A. scans multiple patterns within a Signature Micro Engine at any given time
B. scans traffic patterns serially and correlates the events in parallel
C. dynamically runs detection scanning rules in parallel within a Signature Micro Engine to increase IPS performance
D. runs currently configured scanning rules in parallel while updating new signature definition files to reduce the risk of day-zero attacks
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 13
A customer has deployed a wireless core feature set using autonomous access points and now wants to include a satellite building 4,500 feet away from the main campus. The customer also wants to provide wireless access to a courtyard for wireless clients in close proximity to the antenna mounting position. Which Cisco Aironet product is the most applicable solution?
A. Cisco Aironet 1000 Series
B. Cisco Aironet 1100 Series
C. Cisco Aironet 1200 Series
D. Cisco Aironet 1300 Series
E. Cisco Aironet 1400 Series
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two of these statements describe important aspects of performing a wireless site survey? (Choose two.)
A. An 802.11g access point with a variety of antennas can be used in all standard site surveys.
B. Site surveys can be performed manually or through assisted site survey.
C. Channel power during testing starts at the default minimum and gradually increases to the maximum.
D. Overlapping access points can create performance problems.
E. Surveys should be done after hours in an office building or during reduced inventory levels in warehouses.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What are three advantages of the Cisco Integrated Services Router product family? (Choose three.)
A. provides advanced security such as hardware encryption acceleration
B. provides investment protection through increased modularity
C. comes equipped with at least one 1000-based TX interface
D. contains integrated wireless access using the 802.11 g/b standard
E. contains integrated web-based management tools for easy configuration and maintenance
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 16
A customer needs approximately 15 to 20 wireless APs for RF coverage. Given that the customer is going to use the 1010 lightweight AP with the advanced feature set, what other product is required to complete this operational functionality?
A. 2700
B. WLSE
C. 4124
D. 2006
E. 4112
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which two of these statements best describe the benefits of Cisco’s wireless IDS functionality? (Choose two.)
A. AirDefense for wireless IDS is required by autonomous APs.
B. 2.4GHz RF management can monitor both 802.11 and non-802.11 RF interference.
C. APs only monitor the RF channels that are servicing the clients.
D. Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
E. Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which Cisco Catalyst Series switch is designed for enterprise LAN access, branch offices, Layer 3 distribution points, small- and medium-sized businesses, and metropolitan Ethernet deployments?
A. 2900
B. 3550
C. 4500
D. 6500
E. 8800
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 20
Which item is a feature of Cisco Compatible Extensions, Version 3?
A. full 802.11e compliance
B. full WPAv2 compliance
C. wireless IDS
D. NAC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 22
Which of these is the Cisco IOS security feature that enhances perimeter firewall protection by taking appropriate actions on packets and flows that violate the security policy or represent malicious network activity?
A. DDoS Mitigation (DDoS)
B. Cisco Security Agent (CSA)
C. Intrusion Prevention System (IPS)
D. Authentication Proxy (Auth Proxy)
E. Context-based Access Control (CBAC)
F. Monitoring, Analysis and Response System (MARS)
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 24
Deploying ISRs with integrated security services can help lower the total cost of ownership. Which of these Cisco ISR Routers features illustrate this point?
A. using built-in on-board VPN acceleration to reduce the amount of VPN configuration tasks
B. using the USB port to perform fast Cisco IOS image upgrade
C. using the security audit feature to implement inline Intrusion Prevention System
D. using the SDM configuration tool to reduce training costs
E. using the high performance AIM to increase the Cisco IOS Firewall performance
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 25
A customer wants to deploy a wireless advanced feature set using lightweight access points. A site survey
shows that the customer will need 34 APs to cover the facility. Assuming that the customer will not need to
install more APs, only two devices can be used for wireless functionality.
Which two? (Choose two.)
A. 2000 Series WLAN Controller
B. 4100 Series WLAN Controller
C. 4400 Series WLAN Controller
D. Wireless LAN Solution Engine
E. Wireless LAN Services Module
Correct Answer: BC Section: (none) Explanation Explanation/Reference:
QUESTION 26
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 27
Which Cisco security tool can determine if a Cisco ISR Router is properly secured?
A. Cisco Security MARS
B. SDM security audit
C. CSA
D. CSA MC
E. VMS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Regarding the performance (in kilo packets per second for a 64 byte packet) of the 3800 family of Cisco ISR Routers, which two of these are correct? (Choose two.)
A. The 3825 is rated at 175 kpps.
B. The 3825 is rated at 350 kpps.
C. The 3825 is rated at 500 kpps.
D. The 3845 is rated at 350 kpps.
E. The 3845 is rated at 500 kpps.
F. The 3845 is rated at 675 kpps.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Which program enables administrators to install the Cisco Aironet wireless configuration utility on multiple PCs across a network?
A. ACU
B. ADU
C. ACAU
D. ASTU
E. AireWave Director
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Your customer is concerned that adding firewall-based security will require major hardware changes. Which Cisco IOS Firewall benefit would you highlight?
A. Cisco IOS Firewall is available for a wide variety of router platforms. It scales to meet the bandwidth and performance requirements of any network.
B. Integrating firewall functions into a multiprotocol router takes advantage of an existing router investment, without the cost and learning curve associated with a new platform.
C. Because it is installed on a Cisco router, Cisco IOS Firewall is an all-in-one, scalable solution that performs multiprotocol routing, perimeter security, intrusion prevention, VPN functions, and per-user authentication and authorization.
D. Combining the Cisco CNS 2100 Series Intelligence Engine and the Cisco IOS Software Extensible Markup Language application helps a network administrator deploy any Cisco router with little or no preconfiguration to a given destination.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 31
In CiscoWorks LAN Management Solution, what are some of the examples of a managed device (sometimes called network elements)? (Choose three.)
A. routers
B. LAN switches
C. PBX switches
D. TDM switches
E. appliances
Correct Answer: ABE Section: (none) Explanation Explanation/Reference:
QUESTION 32
Which of these is the Cisco IOS Firewall feature that provides secure, per-application access control across network perimeters?
A. DDoS Mitigation
B. Cisco Security Agent
C. Intrusion Prevention System
D. Authentication Proxy
E. Context-based Access Control
F. Monitoring, Analysis and Response System
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which three of these items can a wireless assisted site survey optimize? (Choose three.)
A. radio transmit power setting
B. security selection
C. beacon interval
D. IPS auto-response settings
E. channel selection
F. IDS settings
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which network management solution performs configuration, monitoring,
and management of Cisco Firewall, VPN router, and IPS devices as well as maintains network device
inventory and software distribution features?
A. CiscoWorks Security Device Management Center (SD/MC)
B. Security Device Manager (SDM)
C. Adaptive Security Device Manager (ASDM)
D. CiscoWorks VMS/Management Center (VMS/MC)
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Cisco ISR Routers offer which three of these security benefits? (Choose three.)
A. onboard VPN accelerator
B. events correlation and proactive response
C. high-performance AIM VPN modules
D. virtual firewall
E. Cisco IOS Firewall and IOS IPS
F. transparent firewall
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Cisco 642-371 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 642-371.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question Cisco 642-371 to the text and laying out a complete study plan for review.Cisco 642-371 also includes a wealth of hands-on practice exercises and a copy of the Cisco 642-371 network simulation software that allows you to practice your Cisco 642-371 hands-on skills in a virtual lab environment.The Cisco 642-371 supporting website keeps you fully informed of any exam changes