Flydumps Cisco 642-542 exam material details are researched and created by the Most Professional Certified Authors who are regularly using current exams experience to create precise and logical dumps.You can get questions and answers from many other websites or books,but logic is the main key of success,and Flydumps will give you this key of success.
QUESTION 76
The security team at Certkiller Inc. is researching the SAFE SMR White papers. According to SAFE SMR, which Cisco router is best suited for a remote office?
A. Cisco router 1700 series
B. Cisco router 800 and 900 series
C. Cisco router 2600 and 3600 series
D. Cisco router 7100 and 7200 series
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 77
The VPN acceleration module (VAM) is available on what series of VPN optimized routers? (Choose two)
A. 1700 Series
B. 2600 Series
C. 3600 Series
D. 7100 Series
E. 7200 Series
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Acceleration Module (VAM) for Cisco 7200 and 7100 Series routers provides high-performance, hardware-assisted encryption, key generation, and compression services suitable for site-to-site virtual private network (VPN) applications. Ref: VPN Acceleration Module for Cisco 7000 Series VPN Routers
QUESTION 78
Which two models of the PIX Firewall make the VPN accelerator card available? (Choose two)
A. Model number 535
B. Model number 515
C. Model number 505
D. Model number 503
E. Model number 501
Correct Answer: AB Section: (none) Explanation Explanation/Reference:
Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 79
You are selling PIX firewalls at Certkiller Inc. What size network is best suited for the PIX Firewall 501?
A. Large enterprise or service provider
B. Midsize enterprise
C. Small office or home office
D. Small business or branch office
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco PIX 501 Security Appliance delivers a multilayered defense for small offices through rich security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security in a single device. The state-of-the-art Cisco Adaptive Security Algorithm (ASA) provides rich stateful inspection firewall services, tracking the state of all authorized network communications and preventing unauthorized network access. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html
QUESTION 80
What size network is best suited for the Cisco PIX Firewall 525 or 535?
A. Small office or home office.
B. Small business or branch office.
C. Midsize enterprise.
D. Large enterprise or service provider.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco PIX Firewall 525 is a large, enterprise perimeter firewall solution. The Cisco PIX firewall 535 delivers carrier-class performance to meet the needs of large enterprise networks as well as service providers. Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 26
QUESTION 81
What does CBAC dynamically create and delete?
A. TCP sessions
B. Crypto maps
C. Access control lists
D. Security control lists
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: CBAC dynamically creates and deletes access control list entries at each router interface,
according to information in the state tables.
Ref:
Cisco IOS Firewall – Cisco IOS Firewall Feature Set
QUESTION 82
You are the administrator at Certkiller Inc. and you are implementing IDS to the network. Which model is recommended for IDS with at least 100 Mbps performance?
A. Model number 4260
B. Model number 4250
C. Model number 4220
D. Model number 4210
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IDS 4250 supports unparalleled performance at 500 Mbps and can be used to protect gigabit
subnets and traffic traversing switches that are being used to aggregate traffic from numerous subnets.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ps4079/index.html
QUESTION 83
What is IP logging, as defined for the Cisco IDS appliance?
A. IDS logs IP address information for hosts being attacked.
B. IDS logs user information from an attacking host.
C. IDS captures packets from an attacking host.
D. IDS logs IP address information from an attacking host.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: In addition to the packet capture that analyzes the traffic to identify malicious activity, the IDSM-2 can perform IP session logging that can be configured as a response action on a per-signature basis. If configured as such, when the signature fires, session logs will be created over a pre-specified time period in a TCP Dump format. Ref: Cisco Services Modules – Cisco Catalyst 6500 IDS (IDSM-2) Services Module
QUESTION 84
An administrator claims he is receiving too many false positives on his IDS system. What is he referencing?
A. Alarms detected and logged by IDS.
B. Alarms detected by IDS and not acted upon.
C. Alarms caused by illegitimate traffic or activities.
D. Alarms caused by legitimate traffic or activities.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: False-positives are defined as alarms caused by legitimate traffic or activity.
False negatives are attacks that the IDS system fails to see. REF;Safe white papers;page 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 85
For the first time you want to set up your IDS Appliance using IDM (IDS Device Manager): Choose the steps that you should take:
A. Specify list of hosts authorized to managed appliance.
B. Communications Infrastructure.
C. Enter network setting.
D. Specify Logging Device.
E. Signatures
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Explanation:
1.
Specify host to manage appliance.
2.
Communication Infrastructure – Refers to names and IDs of the sensor and manager
3.
Network setting: IP address IP Netmask IP Hostname Default route Ref: Cisco Intrusion Detection System – IDS Device Manager Sensor Setup
QUESTION 86
DRAG DROP
Choose the tasks required for initial setup of the Cisco IDS appliance via IDM.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: Choose the task required for initial setup of the Cisco IDS Appliance via IDM Initial setup of Cisco IDS appliance via IDM. Configure network settings Define list of hosts authorized to manage appliance Configure date and time Change password to account used to access IDM Not part of Initial Setup Configure signatures to block. Configure remote management services Set logging to remote device Configure secure shell settings Reference: Cisco Intrusion Detection System – IDS Device Manager Sensor Setup Reference: Cisco IDS Courseware page 7-24
QUESTION 87
Using the default, how does the Cisco IDS appliance log events? (Choose two)
A. Location
B. Type
C. Rule base
D. Effect
E. Severity
F. User option
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure IDS Sensors can be configured to generate log file locally on the sensor. By default, the
sensors are configured to send alarms of severity of medium and higher to CSPM.
Reference:
QUESTION 88
Which model is recommended for an IDSwith at least 100 Mbps performance?
A. 4210
B. 4220
C. 4250
D. 4260
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IDS 4250 supports unparalleled performance at 500 Mbps and can be used to protect gigabit
subnets and traffic traversing switches that are being used to aggregate traffic from numerous subnets.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ps4079/index.html Incorrect Answers
A: Performance: 45 Mbps
B: No such model
D: No such model
QUESTION 89
The security team at Certkiller Inc. is working on securing their network. What is the primary identity component in a Cisco security solution?
A. primary identity component Cisco VPN Concentrators
B. primary identity component Cisco PIX Firewalls
C. primary identity component Cisco IDS Sensors
D. primary identity component Cisco IOS Firewalls
E. primary identity component Cisco Access Control servers
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Identity Based Networking Services (IBNS) is an integrated solution combining several Cisco products that offer authentication, access control, and user policies to secure network connectivity and resources. Cisco IBNS solution enables greater security while simultaneously offering cost-effective management of changes throughout the organization. IBNS and 802.1x are supported on all Cisco Catalyst switches, including Catalyst 6500, 4500, 3550, and 2950 switches, Cisco ACS Server as well as Cisco Aironet Access Points. Reference: http://www.cisco.com/en/US/netsol/ns110/ns170/ns360/ns373/networking_solutions_package.html
QUESTION 90
What is the default port for Cisco’s ACS RADIUS authentication server?
A. 1645
B. 1812
C. 1640
D. 1814
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Enabling EAP on the Access Point
Follow these steps to enable EAP on the Access Point:
1.
Follow the link path to the Authentication Server Setup page.
2.
Enter the name or IP address of the RADIUS server in the Server Name/IP entry field.
3.
Enter the port number your RADIUS server uses for authentication. The default setting, 1812, is the port
setting
for many RAFIUS servers;
1645 is the port setting for Cisco’s RADIUS server, the Cisco Secure Access Control Server (ACS).
Check your server’s product documentation to find the correct port setting.
4.
Enter the shared secret used by your RADIUS server in the Shared Secret entry field. The shared
secret on the
Access Point must match the shared secret on the
RADIUS server.
5.
Enter the number of seconds the Access Point should wait before authentication fails.
6.
Click OK. Returns to the Security Setup page.
7.
On the Security Setup page, click Radio Data
Encryption (WEP) to browse to the AP Radio Data
Encryption
page.
8.
Select Network-EAP for the Authentication Type
setting. You can also enter this setting on the AP Radio Advanced page.
9.
Check that at least one WEP key has been assigned a key size and has been selected as the transmit key. If a WEP key has been set up, skip to Step 13. If no WEP key has been set up, proceed to Step 10.
10.
Enter a WEP key in one of the Encryption Key fields. The Access Point uses this key for multicast data signals (signals sent from the Access Point to several client devices at once). This key does not need to be set on client devices.
11.
Select 128-bit encryption from the Key Size pull-down menu.
12.
Select the key as the transmit key.
13.
Click OK. Return automatically to the Security Setup page. Reference: Cisco Courseware Labguidepage 133
QUESTION 91
Cisco Secure ACS supports with of the following authentication methods? (Choose all that apply)
A. Radius
B. MPPE
C. PAP
D. TACACS+
E. PPP
F. CHAP
Correct Answer: ACDF Section: (none) Explanation
Explanation/Reference:
Ref: Troubleshooting Information for CiscoSecureACS http://www.cisco.com/univercd/cc/td/doc/product/ access/acs_soft/csacs4nt/csnt30/user/aa.htm
QUESTION 92
What three authentication methods are supported by CSACS? (Choose three)
A. PPP
B. RADIUS
C. CHAP
D. TACACS+
E. PAP
F. Static passwords
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Reference: Cisco Secure Access Control Server for Windows – Release Notes for Cisco Secure Access Control Server for Windows Server Version 3.1
QUESTION 93
You are the administrator at Certkiller Inc. working on managing security on the network. Which two Cisco components encompass secure management? (Choose two)
A. Cisco VPN Concentrators
B. CiscoWorks
C. Cisco IDS Sensors
D. Cisco PIX Firewalls
E. Web Device Managers
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
The high availability of network resources in Cisco AVVID Network Infrastructure solutions can be optimized through: (Choose all that apply)
A. Hot swappability
B. Protocol Resiliency
C. Hardware Redundancy
D. Network Capacity Design
E. Fast Network convergence
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Determining how resilient a network is to change or disruption is major concern for network managers. This assessment of network availability is critical. It is essential that every network deployment emphasizes availability as the very first consideration in a baseline network design. Key availability issues to address include:
*
Protocol Resiliency
*
Hardware Redundancy
1. Network Capacity Design REF;Safe white papers;page 23 Cisco AVVID Network Infrastructure Overview – White Paper
QUESTION 95
Which of the dimensions of AVVID resilience themes represent the migration from the traditional place-centric enterprise structures to people-centric organizations?
A. Network Resilience
B. Communications Resilience
C. Business Resilience
D. Routing Resilience
E. Applications Resilience
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Business resilience represents the next phase in the evolution from traditional, place-centric enterprise structures to highly virtualized, people-centric organizations that enable people to work anytime, anywhere. REF;AVCID white papers;2 Cisco AVVID Network Infrastructure Overview – White Paper
We provide Cisco 642-542 help and information on a wide range of issues. Cisco 642-542 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-542 free to send us any questions and we always try our best to keeping our Customers Satisfied.