Welcome to download the newest Pass4itsure C2180-374 VCE dumps: https://www.pass4itsure.com/c2180-374.html
Cisco 642-541 Certification exams Q and A provided by Flydumps will make you feel like you are taking an actual exam at a Prometric or VUE center. Furthermore,we are constantly updating our Cisco 642-541 practice material.Our candidates walk into the testing Room as confident as a Certification Administrator.So you can pass the eaxm beyond any doubt.
QUESTION 101
You are the administrator at Certkiller Inc. and you need to implement a firewall in the SAFE SMR small
network design.
In which module does the firewall exist in the SAFE SMR small network design?
A. The Internet module
B. The Corporate Internet module
C. The Campus module
D. The Edge module
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Corporate Internet Module
Key Devices:
1.
SMTP server-Acts as a relay between the Internet and the intranet mail servers
2.
DNS server-Serves as authoritative external DNS server for the enterprise; relays internal requests to the Internet
3.
FTP/HTTP server-Provides public information about the organization
4.
Firewall or firewall router-Provides network-level protection of resources, stateful filtering of traffic, and VPN termination for remote sites and users
5.
Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe White papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 102
Kathy the security administrator at Certkiller Inc. is implementing HIDS in the SAFE SMR small network
corporate Internet module.
On what device within the SAFE SMR small network corporate Internet module should Kathy perform
HIDS local attack mitigation?
A. HIDS is performed on Public services servers
B. HIDS is performed on Layer 2 switch
C. HIDS is performed on Firewall
D. HIDS is performed on Routers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers Reference: Safe White papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 9-46
QUESTION 103
According to SAFE SMR, what type of VPN connectivity is typically used with the Cisco PIX Firewall?
A. Remote access
B. Site-to-site
C. Mobile user
D. Corporate
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN connectivity is provided through the firewall or firewall/router. Remote sites authenticate each other with pre-shared keys and remote users are authenticated through the access control server in the campus module. Ref: Safe White papers; Page 13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 104
Which method will always compute the password if it is made up of the character set you selected to test?
A. Brute force computation
B. Strong password computation
C. Password reassemble
D. Brute force mechanism
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
How are application layer attacks mitigated in the SAFE SMR small network corporate Internet module?
A. NIDS
B. Virus scanning at the host level.
C. HIDS on the public servers.
D. Filtering at the firewall.
E. CAR at ISP edge.
F. TCP setup controls at the firewall to limit exposure.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks – Mitigated through HIDS on the public servers Ref: Safe White papers; Page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 106
How are packet sniffers attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Mitigated Threats Packet sniffers-Switched infrastructure and host IDS to limit exposure Ref: Safe White papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 107
HIDS local attack mitigation is performed on what devices within the SAFE SMR small network corporate Internet module?
A. Layer 2 switches
B. Firewalls
C. Routers
D. Public services servers
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers
QUESTION 108
Which three key devices are in the SAFE SMR small network corporate Internet module? (Choose three)
A. Servers
B. VPN concentrators
C. Layer 3 switches
D. Firewalls
E. Layer 2 switches
F. NIDS
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices SMTP server DNS server FTP/HTP server Firewall or firewall router Layer2 switch( with private VLAN support) Ref: Safe White papers; Page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 109
How are trust exploitation attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering.
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Trust exploitation-Restrictive trust model and Privat VLAN to limit trust-based attacks Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 11
QUESTION 110
John the security administrator at Certkiller Inc. is working on mitigating all threats to the network. What threats are expected for the SAFE SMR small network campus module? (Choose two)
A. The IP spoofing threat
B. The Packet sniffers threat
C. The Application layer attacks threat
D. The Denial of service threat
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation: Threats Mitigated
1.
Packet sniffers-A switched infrastructure limits the effectiveness of sniffing
2.
Virus and Trojan-horse applications-Host-based virus scanning prevents most viruses and many Trojan horses
3.
Unauthorized access-This type of access is mitigated through the use of host-based intrusion detection and application access control
4.
Application layer attacks-Operating systems, devices, and applications are kept up-to-date with the latest security fixes, and they are protected by HIDS
5.
Trust exploitation-Private VLANs prevent hosts on the same subnet from communicating unless necessary
6.
Port redirection-HIDS prevents port redirection agents from being installed Reference: Safe White papers; 14 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 111
You are the administrator at Certkiller Inc and you are implementing a small filtering router. As an alternative design in the SAFE SRM small network campus module, a small filtering router can be placed between the rest of the network and which devices?
A. The rest of the network and Layer 2 switches
B. The rest of the network and corporate users
C. The rest of the network and management stations
D. The rest of the network and routers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Alternatives Setting a small filtering router or firewall between the management stations and the rest of the network can improve overall security. This setup will allow management traffic to flow only in the specific direction deemed necessary by the administrators. If the level of trust within the organization is high, HIDS can potentially be eliminated, though this is not recommended. Reference: Page 15 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 112
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Select two.)
A. access group
B. ip inspect-name
C. ip route
D. access-list
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
How are packet sniffer attacks mitigated in the SAFE SMR small network campus module?
A. Host based virus scanning.
B. The latest security fixes.
C. The use of HIDS and application access control.
D. Switches infrastructure
E. HIDS
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Packet sniffers-Threats mitigated; Switched infrastructure and host IDS to limit exposure. Ref: Safe White papers; Page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 114
What can be implemented in the SAFE SMR small network campus module to mitigate trust exploitation attacks between devices?
A. Layer 2 switches
B. Firewalls
C. Private VLANs
D. Routers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Threats mitigated Trust exploitation-Restrictive trust model and private VLANs to limit trust-based attacks Ref: Safe White papers; Page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 115
What are three of the key devices in the SAFE SMR small network campus module? (Choose three)
A. Layer 2 switches
B. IOS firewall
C. User workstations
D. PIX firewall
E. Corporate servers
F. NIDS
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices Layer 2 switching Corporate server User workstation Management host Ref: Safe White papers; Page 13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 116
How are port redirection attacks mitigated in the SAFE SMR small network campus module?
A. Switched infrastructure.
B. Host based virus scanning.
C. The use of NIDS and application access control.
D. The latest security fixes and NIDS.
E. Private VLANs
F. HIDS
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation: Port redirection-HIDS prevents port redirection agents from being installed Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 14
QUESTION 117
What three commands are used for RFC 1918 and RFC 2827 filtering on the ISP router in the SAFE SMR small network campus module? (Choose three)
A. ip route 1918
B. access-list
C. access-group
D. enable rfc 1918 filtering
E. rate-limit
F. enable rfc 2827 filtering
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation:
Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 47
QUESTION 118
The security team at Certkiller Inc. is working on implementing IOS firewall in their SAFE SMR small
network design.
What is the primary function of the IOS firewall in the SAFE SMR small network design?
A. The primary function is it provides remote site connectivity and general filtering for sessions initiated through the firewall.
B. The primary function is it provides host DoS mitigation.
C. The primary function is it authenticates IPSec tunnels.
D. The primary function is it provides remote site authentication.
E. The primary function is it provides connection state enforcement and detailed filtering for sessions initiated through the firewall.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe White papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 119
You are the administrator at Certkiller Inc. and you are configuring the PIX Firewall. The ip verify reverse-path command implements which of the following on the PIX Firewall? (Choose two)
A. The ip verify reverse-path command performs a route lookup based on the destination address.
B. The ip verify reverse-path command performs a route lookup based on the source address.
C. The ip verify reverse-path command provides session state information based on source address.
D. The ip verify reverse-path command provides ingress filtering.
E. The ip verify reverse-path command provides session state information based on destination address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. Reference: Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
QUESTION 120
Jason is the security administrator at Certkiller Inc. and wants to know which is true with regard to creating an RPC entry with the NFS program number?
A. The true statement is NFS traffic designated as friendly will be allowed through the firewall.
B. The true statement is no NFS traffic will be allowed through the firewall.
C. The true statement is all NFS traffic will be allowed through the firewall.
D. The true statement is NFS traffic designated as hostile will not be allowed through the firewall.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Remote Procedure Call (RPC) inspection enables the specification of various program numbers. You can define multiple program numbers by creating multiple entries for RPC inspection, each with a different program number. If a program number is specified, all traffic for that program number is permitted. If a program number is not specified, all traffic for that program number is program number, all NFS traffic is allowed through the firewall. Reference: CSI Student Guide v2.0 p. 5-30
QUESTION 121
What is the function of SMTP inspection?
A. Monitors SMTP mail for hostile commands.
B. Monitors SMTP commands for illegal commands.
C. Monitors traffic from and STMP server that is designated as friendly.
D. Monitors traffic that has not been encapsulated.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: SMTP application inspection controls and reduces the commands that the user can use as well as the messages that the server returns. Ref: Cisco Pix Firewall Software (Configuring Application Inspection (Fixup) Cisco PIX Firewall Software – Configuring Application Inspection (Fixup)
QUESTION 122
How does Java applet filtering distinguish between trusted and untrustedapplets?
A. Examines the applet for suspicious code.
B. Relies on a list of applets that you designate as hostile.
C. Relies on a list of applets that you designate as friendly.
D. Relies on a list of external sites that you designate as friendly.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Java inspection enables Java applet filtering at the firewall. Java applet filtering distinguishes between
trusted and untrusted applets by relying on a list of external sites that you designate as “friendly.” If an applet is from a friendly site, the firewall allows the applet through. If the applet is not from a friendly site, the applet will be blocked. Alternately, you could permit applets from all sites except for sites specifically designated as “hostile.” Reference: Context-Based Access Control Commands
QUESTION 123
You are the security administrator at Certkiller Inc. and you are working on filtering network traffic. accesslist 101 deny ip 192.168.8.8 0.0.0.255 anyis an example of an ACL entry to filter what type of addresses?
A. It is an example of RFC 1920
B. It is an example of RFC 2728
C. It is an example of RFC 2827
D. It is an example of RFC 1918
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: ! RFC 1918 filtering. Note network 172.16.x.x was not included in the ! filter here since it is used to simulate the ISP in the lab. ! access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any Reference: Page 47 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 124
What is the function of a crypto map on a PIX Firewall?
A. To configure a pre-shared authentication key and associate the key with an IKE peer address or host name.
B. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.
C. To specify which algorithms to use with the selected security protocol.
D. To filter and classify the traffic to be protected.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Crypto map entries for IPSec set up security association parameters, tying together the various parts configured for IPSec, including the following;
* Which traffic should be protected by IPSec Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 215
QUESTION 125
What causes the default TCP intercept feature of the IOS Firewall to become more aggressive? (Choose two)
A. The number of incomplete connections exceeds 1100.
B. The number of connections arriving in the last 1 minute exceeds 1100.
C. The number of incomplete connections exceeds 100.
D. The number of connections arriving in the last 10 minutes exceeds 1000.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation: If the number of incomplete connections exceeds 1100 or the number of connections arriving
in the last 1minute exceeds 1100, the TCP intercept feature becomes more aggressive.
Ref:
Cisco IOS Software Releases 12.1 Mainline – TCP Intercept Commands
QUESTION 126
Which command implements UnicastRPF IP spoofing protection?
A. access-list
B. access-group
C. ip verify reverse-path interface
D. tcp verify reverse-path interface
E. udp verify reverse-path interface
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. Reference: Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
QUESTION 127
How many transforms can be included in a transform set on a PIX Firewall?
A. 1
B. 2
C. 3
D. 4
E. unlimited number
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Up to three transforms can be in a set. Sets are limited to up to one AH And up to two ESP transforms. Reference: Cisco Secure PIX Firewalls (Ciscopress) Page 212
QUESTION 128
What is the function of a crypto map on a PIX Firewall?
A. To define the policy that will be applied to the traffic.
B. To specify which algorithms will be used with the selected security protocol.
C. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.
D. To map transforms to transform sets.
Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation:
Crypto map entries must be created for IPSec to set up SAs for traffic flows that must be encrypted.
Reference: Cisco Secure PIX Firewalls (Ciscopress) Page 215
QUESTION 129
Which version of PIX introduces support for the VPN accelerator card?
A. Version 4.0
B. Version 4.3
C. Version 5.0
D. Version 5.3
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 130
What version of the Cisco PIX Firewall is required to use the VPN accelerator card?
A. Version 2.3 or higher.
B. Version 3.3 or higher.
C. Version 4.3 or higher.
D. Version 5.3 or higher.
E. Version 6.3 or higher.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 131
John the security administrator at Certkiller is working on mitigating DoS in the network. How are DoS attacks mitigated in the SAFE SMR small network corporate Internet module? (Choose two)
A. Mitigated by CAR at ISP edge.
B. Mitigated by NIDS
C. Mitigated by TCP setup controls at the firewall to limit exposure.
D. Mitigated by HIDS on the public serves.
E. Mitigated by virus scanning at the host level.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: Threat Mitigation Denial of service-Committed access rate (CAR) at ISP edge and TCP setup controls at firewall to limit exposure Reference: Page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 132
You are the administrator at Certkiller Inc. and you need pick a device to help you secure the network. Which device in the SAFE SMR midsize network design corporate Internet module determines when to provide TCP shunning or resets?
A. IDS
B. Firewall
C. Router
D. Public services servers
E. Layer 2 switches
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The NIDS appliance between the private interface of the firewall and the internal router provides a final analysis of attacks. Very few attacks should be detected on this segment because only responses to initiated requests, a few select ports from the public services segment, and traffic from the remote access segment are allowed to the inside. Only sophisticated attacks should be seen on this segment because they could mean that a system on the public services segment has been compromised and the hacker is attempting to take advantage of this foothold to attack the internal network. For example, if the public SMTP server were compromised, a hacker might try to attack the internal mail server over TCP port 25, which is permitted to allow mail transfer between the two hosts. If attacks are seen on this segment, the responses to those attacks should be more severe than those on other segments because they probably indicate that a compromise has already occurred. The use of TCP resets or shunning to thwart, for example, the SMTP attack mentioned above, should be seriously considered. Reference: Safe White papers; Page 19 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 133
You are the leader of the security team at Certkiller Inc and you are working on mitigation trust exploitation attacks. How is trust exploitation attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Mitigated by using restrictive trust model and private VLANs.
B. Mitigated by using OS and IDS detection.
C. Mitigated by using restrictive filtering and host IDS.
D. Mitigated by using IDS at the host and network levels.
E. Mitigated by using filtering at the ISP, edge router, and corporate firewall.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Trust exploitation-Restrictive trust model and private VLANs to limit trust-based attacks Reference: Safe White papers; Page 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 134
Jason the security administrator at Certkiller Inc is working on dial in users for the network. In the SAFE SMR midsize network design, which module does dial-in traffic terminate?
A. It terminates at the campus module
B. It terminates at the WAN module
C. It terminates at the Corporate Internet module
D. It terminates at the ISP edge module
E. It terminates at the PSTN module
F. It terminates at the Frame/ATM module
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The SAFE medium network design consists of three modules: the corporate Internet module, the campus module, and the WAN module. As in the small network design, the corporate Internet module has the connection to the Internet and terminates VPN and public-services (DNS, HTTP, FTP, and SMTP) traffic. Dial-in traffic also terminates at the corporate Internet module. Reference: Safe White papers; Page 16 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 6-3
QUESTION 135
You are the security administrator at Certkiller Inc and you need to authenticate users to the network. After being authenticated, which actions are performed on dial-in access users in the SAFE SMR midsize network design corporate Internet module?
A. After being authenticated, CHAP is used to authenticate the user.
B. After being authenticated, traffic is sent through a Layer 3 switch.
C. After being authenticated, users are provided with IP addresses from an IP pool.
D. After being authenticated, traffic is sent through a router.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Last sentence of the paragraph states: When authenticated, the users are provided with IP addresses from an IP pool. However it also states that CHAP is used to authenticate the user (Answer A) But the keyword is ‘After being authenticated’ not ‘During or When’. Reference: Cisco SAFE Implementation Courseware version
1.1 Page 6-17
QUESTION 136
In which module does VPN traffic terminate in the SAFE SMR midsize network design?
A. WAN module
B. Campus module
C. Corporate Internet module
D. ISP edge module
E. PSTN module
F. Frame/ATM module
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: As in the small network design, the corporate Internet module has the connection to the Internet and terminates VPN and public-services (DNS, HTTP, FTP, and SMTP) traffic. Ref: Safe White papers; 16 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 137
Based on the SAFE Model of Small Networks, which threats can only be mitigated at the corporate Internet module (not at the campus module)? (Choose all that apply)
A. Password attacks
B. Port redirection
C. Virus and Trojan horse
D. IP spoofing
E. Denial of service
F. Network reconnaissance
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: A, B, C, D, E, F
Explanation: Reference: Table 13-3 Page 201 of CCSP CSI Exam Certification Guide AND Page 5-5 and 5-6 of CISCO SAFE Courseware under Expected Treat and Mitigation Roles The following are threats to be expected: 1)Unauthorised Access 2)Application layer attacks 3)Virus and Trojan horse attacks 4)Password attacks 5)DoS 6)IP spoofing 7)Packet sniffers 8)Network reconnaissance 9)Trust Exploitation 10)Port Redirection
QUESTION 138
In the corporate Internet module of SAFE SMR midsize network design, following termination of the VPN tunnel, traffic is sent through:
A. A wireless device.
B. A Layer 3 switch
C. A router
D. A Firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The firewall also acts as a termination point for site-to-site IPSec VPN tunnels for both remote site production and remote site management traffic. Ref: Safe White papers; 19 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 6-13
QUESTION 139
How is denial of service attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. IDS at the host and network levels.
B. E-mail content filtering, HIDS, and host-based virus scanning.
C. OS and IDS detection
D. CAR at the ISP edge and TCP setup controls at the firewall.
E. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Threats Mitigated Denial of service-CAR at ISP edge and TCP setup controls at firewall Ref: Safe White papers 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 140
How are application layer attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Filtering at the ISP, edge router, and corporate firewall.
B. IDS at the host and network levels.
C. E-mail content filtering, HIDS, and host-based virus scanning.
D. OS and IDS detection.
E. CAR at the ISP edge and TCP setup controls at the firewall.
F. RFC 2827 and 1918 filtering at ISP edge and midsize network edge.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Threats mitigated Application layer attacks-Mitigated through IDS at the host and network levels Ref: Safe White papers; Page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Cisco 642-541 practice test are the latest version in the world market. When you go to the testing room to take real Cisco 642-541 exam, you will find all the actual questions are in FLYDUMPS Cisco 642-541 practice test. FLYDUMPS’S experts have years of experience on training IT examinees. Both PDF and test engine are provided by FLYDUMPS’S experts for Cisco 642-541 Certified Specialist training. If you want to print out to read all the Cisco 642-541 questions and answers anywhere, Cisco 642-541 PDF version is your best choice. If you want to practice the Cisco 642-541 exam in a real environment similar to the actual test, try Cisco 642-541 test engine now.
Pass4itsure C2180-374 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/c2180-374.html
Cisco 642-541 Exam Practice PDF, 100% Pass Guarantee Cisco 642-541 Exams Online Shop