ATTENTION: Get your Cisco 642-542 certification easily with,Flydumps latest Cisco 642-542 exam dumps. All the up-to-date questions and answers were added to the new version.Go to the site https://www.pass4itsure.com/642-542.html to get more Cisco 642-542 exam
information.
QUESTION 30
If you are using SNMP for network management, you must make sure that?
A. Configure SNMP for write-only community strings.
B. Configure SNMP for read-only community strings.
C. The access to the device you wish to manage is limited to one management host.
D. Turn off logging.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: When the community string is compromised, an attacker could reconfigure the device if read-write access via SNMP is allowed. Therefore, it is recommended that you configure SNMP with only read-only community strings. Ref: Safe White papers 72 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 31
no isakmp enable
What is the use of the above command on a PIX Firewall?
A. This command disables ISAKMP which is enabled by default.
B. The correct format to disable ISAKMP on a PIX Firewall is “crypto isakmp disable”.
C. This is an invalid command.
D. This command disables ISAKMP. ISAKMP is ensabled by default.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 32
How do you mitigate the threats presented when using TFTP?
A. TFTP traffic use peer authentication for each session.
B. TFTP traffic should be encrypted within an IPSec tunnel.
C. IP packet inspection should be enabled on all routers.
D. IP verify reverse path should be enabled on all routers.
Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: Where possible, TFTP traffic should be encrypted within an IPSec tunnel in order to mitigate the chance of its being intercepted. REF;Safe white papers;page 72 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 33
What is the earliest version of NTP that supports a cryptographic authentication mechanism between peers?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Version 3 and above of NTP supports a cryptographic authentication mechanism between peers.
Reference:
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 34
What is the recommended if SNMP is used? (Choose two)
A. Allow only the appropriate management hosts access to the device you wish to manage.
B. Configure SNMP with write-only community strings.
C. Configure SNMP with read-only community strings.
D. Allow only the firewall access to the device you wish to manage.
E. Allow only the router access to the device you wish to manage.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: When the community string is compromised, an attacker could reconfigure the device if read-write access via SNMP is allowed. Therefore, it is recommended that you configure SNMP with only read-only community strings. You can further protect yourself by setting up access control on the device you wish to manage via SNMP to allow only the appropriate management hosts access. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 72
QUESTION 35
Kathy the security administrator at Certkiller Inc. is working on security solutions. Which is a component of Cisco security solutions?
A. Secure connectivity
B. Secure solution
C. Secure availability
D. Secure productivity
Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation: The key components of a SAFE network are fundamental to the success of an implementation. These key components are broken down as follows: 1) Identity – Authentication and digital certificates 2) Perimeter security – ACL firewalls 3) Secure connectivity – VPN tunnelling and encryption 4) Security monitoring – Intrusion detection and scanning 5) Security management – Policy management, device management, and directory services. Reference: Cisco Courseware p.3-4
QUESTION 36
DRAG DROP
What are key components of the SAFE SMR network?
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation: http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/ networking_solutions_design_guidance09186a0
QUESTION 37
The security team at Certkiller Inc. is working on using systems and appliances. What are two advantages of using integrated systems and appliances? (Choose two)
A. An advantage is implement on existing equipment.
B. An advantage is achieve better performance.
C. An advantage is achieve better interoperability.
D. An advantage is increased feature functionality.
E. An advantage is improved manageability.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: The advantages to integrated functionality are as follows: 1) Can be implemented on existing equipment 2) Better interoperability 3) Can reduce overall cost Reference: Cisco SAFE Implementation Courseware version 1.1 Page 3-11
QUESTION 38
Which are the functional areas in SAFE Enterprise Network? (Choose two)
A. Enterprise Network VPN/Remote Access
B. Enterprise Network Campus
C. Enterprise Network Distribution
D. Enterprise Network Edge E. Enterprise Network Corporate Internet
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: The enterprise comprises two functional areas: the Enterprise Network Campus and the Enterprise Network Edge. These two areas are further divided into modules that define the various functions of each area in detail Reference: Cisco Courseware page 8-3
QUESTION 39
Which is a design alternative in the SAFE Enterprise network design server module?
A. Proper aggregation and analysis of the Syslog information.
B. Connection state enforcement and detailed filtering.
C. Combine server module with the core module.
D. A separate router can be used between the server and edge distribution rather than the layer 3 switch.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Combine Server module with the Core module – Combine these modules if performance needs do not dictate separation. For very sensitive high-performance server environments, blades installing more than one NIDS blade and directing policy-matched traffic to specific blades can scale the NIDS capability in the Layer 3 switch. Reference: Cisco Courseware page 8-22
QUESTION 40
If you need to choose between using integrated functionality in a network device versus using a specialized function appliance, first and foremost you must make your decision based on:
A. The capacity and functionality of the appliance.
B. The integration advantage of the device.
C. Ease of implementation, use and the maintenance of the system.
D. Limiting the complexity of the design.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The integrated functionality is often attractive because you can implement it on existing equipment, or because the features can interoperate with the rest of the device to provide a better functional solution. Appliances are often used when the depth of functionality required is very advanced or when performance needs require using specialized hardware. Make your decisions based on the capacity and functionality of the appliance versus the integration advantage of the device. REF; Safe white papers; 4 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 41
What are two advantages of using integrated systems and appliances? (Choose two)
A. Achieve better performance.
B. Implement on existing equipment.
C. Achieve better interoperability.
D. Improved manageability.
E. Increased feature functionality.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: At many points in the network design process, you need to choose between using integrated functionality in a network device versus using a specialized functional appliance. The integrated functionality is often attractive because you can implement it on existing equipment, or because the features can interoperate with the rest of the device to provide a better functional solution. REF;Safe white papers;page 4 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 42
The security team at Certkiller Inc. is working on private VLANs. What are private VLANs?
A. Private VLANs are tools that allow segregating traffic at Layer 3, turning broadcast segments into non-broadcast, multi-access-like segments.
B. Private VLANs are tools that allow segregating traffic at Layer 2, turning non-broadcast, multi-access-like segments into broadcast segments.
C. Private VLANs are tools that allow segregating traffic at Layer 3, turning non-broadcast, multi-access-like segments into broadcast segments.
D. Private VLANs are tools that allow segregating traffic at Layer 2, turning broadcast segments into non-broadcast, multi-access-like segments
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Within an existing VLAN, private VLANs provide some added security to specific network applications. Private VLANs work by limiting which ports within a VLAN can communicate with other ports in the same VLAN. Isolated ports within a VLAN can communicate only with promiscuous ports. Community ports can communicate only with other members of the same community and promiscuous ports. Promiscuous ports can communicate with any port. This is an effective way to mitigate the effects of a single compromised host. Reference: Safe White papers; Page 5 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 43
You are the security administrator at Certkiller Inc. and you are working on installing IDS in the network. What IDS guidelines should be allowed according to SAFE SMR?
A. An IDS guideline is to use TCP shunning as opposed to TCP resets.
B. An IDS guideline is to use shunning no longer than 15 minutes.
C. An IDS guideline is to use shunning on only TCP traffic, as it is more difficult to spoof than UDP.
D. An IDS guideline is to use shunning on only UDP traffic, as it is more difficult to spoof than TCP.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: To mitigate the risks of shunning, you should generally use it only on TCP traffic, which is much more difficult to successfully spoof than UDP. Reference: Safe white papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 44
You are the administrator at Certkiller Inc. and you working on shunning attacks to the network. When shunning, why should the shun length be kept short?
A. You should keep it short to eliminate blocking traffic from an invalid address that was spoofed previously.
B. You should keep it short to prevent unwanted traffic from being routed.
C. You should keep it short to prevent TCP resets from occurring.
D. You should keep it short to eliminate blocking traffic from a valid address that was spoofed previously.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: To mitigate the risks of shunning, you should generally use it only on TCP traffic, which is much more difficult to successfully spoof than UDP. Use it only in cases where the threat is real and the chance that the attack is a false positive is very low. Also consider setting the shun length very short. This setup will block the user long enough to allow the administrator to decide what permanent action (if any) he/she wants to take against that IP address. However, in the interior of a network, many more options exist. With effectively deployed RFC 2827 filtering, spoofed traffic should be very limited. Also, because customers are not generally on the internal network, you can take a more restrictive stance against internally originated attack attempts. Another reason for this is that internal networks do not often have the same level of stateful filtering that edge connections possess. As such, IDS needs to be more heavily relied upon than in the external environment. Reference: Safe white papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 45
You the administrator at Certkiller Inc and you are doing research on the type of attacks that occur in the network. What type of attack typically exploits intrinsic characteristics in the way your network operates?
A. Attacks to the network
B. Attacks to the router
C. Attacks to the switch
D. Attacks to the hosts
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Network attacks are among the most difficult attacks to deal with because they typically take advantage of an intrinsic characteristic in the way your network operates. These attacks include Address Resolution Protocol (ARP) and Media Access Control (MAC)-based Layer 2 attacks, sniffers, and distributed denial-of-service (DDoS) attacks. Ref: Safe White papers 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 46
You are the security administrator at Certkiller Inc. working configuring an IDS. Which IDS guideline should be followed, according to SAFE SMR?
A. According to SAFE SMR, use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.
B. According to SAFE SMR, use TCP resets no longer than 15 minutes.
C. According to SAFE SMR, use UDP resets no longer than 15 minutes.
D. According to SAFE SMR, use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning. Reference: Safe white papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 47
Kathy the security administrator at Certkiller Inc. is working on security management. What type of management provides the highest level of security for devices?
A. The highest level is out of band
B. The highest level is device level
C. The highest level is in-band
D. The highest level is proxy level
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” Reference: REF;Safe white papers;page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 48
Which IDS guideline should be followed, according to SAFE SMR?
A. use UDP resets more often than shunning, because UDP traffic is more difficult to spoof
B. use TCP resets more often than shunning, because TCP traffic is more difficult to spoof
C. use TCP resets no longer than 15 minutes
D. use UDP resets no longer than 15 minutes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning – TCP resets operate only on TCP traffic and terminate an active attack by sending a TCP reset to both the attacker and the attacked host. Reference: Cisco Courseware p.3-27
QUESTION 49
You have hired a new security administrator for your organization. He calls you in the middle of the night and says “I am receiving too many positives” What is talking about?
A. Alarms from the Intrusion Sensor are detected by illegitimate traffic.
B. Alarms from the Intrusion Sensor are detected by legitimate traffic.
C. Alarms from the Intrusion Sensor are detected-without any further action.
D. Alarms from the Intrusion Sensor are detected and logged.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Positives – are alarms that are detected and logged. False-positives are defined as alarms caused by legitimate traffic or activity. False negatives are attacks that the IDS system fails to see.
QUESTION 50
What is the most likely target during an attack?
A. Router
B. Switch
C. Host
D. Firewall
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The most likely target during an attack, the host presents some of the most difficult challenges from a security perspective. There are numerous hardware platforms, operating systems, and applications, all of which have updates, patches, and fixes available at different times. REF;Safe white papers;page 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 51
When shunning, why should the shun length be kept short?
A. To eliminate blocking traffic from an invalid address that as spoofed previously.
B. To eliminate blocking traffic from a valid address that was spoofed previously.
C. To prevent unwanted traffic from being routed.
D. To prevent TCP resets from occurring.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: This setup will block the user long enough to allow the administrator to decide what permanent action (if any) he/she wants to take against that IP address. REF;Safe white papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 52
Which IDS guideline should be followed according to SAFE SMR?
A. Use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.
B. Use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.
C. Use TCP resets no longer than 15 minutes.
D. Use UDP resets no longer than 15 minutes.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning. REF;Safe white papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 53
What type of attack typically exploits an intrinsic characteristic in the way your network operates?
A. Route attacks
B. Switch attacks
C. Network attacks
D. Host attacks
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Network attacks are among the most difficult attacks to deal with because they typically take advantage of an intrinsic characteristic in the way your network operates. These attacks include Address Resolution Protocol (ARP) and Media Access Control (MAC)-based Layer 2 attacks, sniffers, and distributed denial-of-service (DDoS) attacks. Ref: Safe White papers 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 54
Which type of management architecture described in SAFE Enterprise offers the best level of security?
A. In-band
B. Out-of-band
C. Proxy
D. All answers are incorrect.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” REF;Safe white papers;page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 55
accesslist 101 deny ip 10.0.0.0 0.255.255.255 any is an example of an ACL entry to filter what type of addresses?
A. RFC 1918
B. RFC 1920
C. RFC 2728
D. RFC 2827
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: ! RFC 1918 filtering. Note network 172.16.x.x was not included in the ! filter here since it is used to simulate the ISP in the lab. ! access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page
QUESTION 56
What type of management provides the highest level of security for devices?
A. Device level
B. In-band
C. Out of band
D. Proxy level
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” REF;Safe white papers;page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 57
The security wheel starts with Secure. What are the initials of the other 3 steps?
A. LMR
B. RTM
C. MTI
D. TIT
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Step 1. – Secure Step 2. – Monitor Step 3. – Test Step 4. – Improve Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 10
QUESTION 58
Which three statements about the monitoring stage of the Security Wheel are true? (Choose three)
A. It detects violations to the security policy.
B. New security policies are created during this stage.
C. It involved system auditing and real-time intrusion detection.
D. It involves the use of security assessments and vulnerability scanning.
E. Adjustments are made to the security policy as security vulnerabilities and risks are identified.
F. It validates the security implementation in step 1.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Explanation: Detecting violations in your security policy involves monitoring hosts and network traffic to determine when violations occur. Manual monitoring is usually accomplished by utilizing the audit logging capabilities provided by the host operating system. Automatic monitoring involves watching network traffic to determine whether unauthorized activities are occurring on the network. This level of monitoring can be accomplished through the use of Cisco Secure IDS. Reference: Cisco Secure Intrusion Detection System (Ciscopress) Page 42 Reference: Cisco Courseware page 2-9
QUESTION 59
What are three steps of the Security Wheel? (Choose three)
A. Improve
B. Log
C. Maintain
D. Test
E. Secure
F. Report
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Security Wheel breaks network security into four separate phases:
*
Securing
*
Monitoring
*
Testing
*
Improving Reference: Cisco Secure Intrusion Detection System (Ciscopress) Page 35
QUESTION 60
You are the administrator at Certkiller Inc. and you are working on extranet VPNs. What service do extranet VPNs provide?
A. Extranet VPNs provide link network resources with third-party vendors and business partners.
B. Extranet VPNs provide link corporate headquarters to remote offices.
C. Extranet VPNs provide link telecommuters and mobile users to corporate network resources.
D. Extranet VPNs provide link private networks to public networks.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Extranet VPNs refer to connections between a company and its business partners. Access between sites should be tightly controlled by both entities at their respective sites. Reference:REF;Safe white papers;page 76 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 61
The security team at Certkiller Inc. is working on the SAFE SMR. What is an assumption of SAFE SMR?
A. SAFE SMR does not assume applications and OS security.
B. Implementing SAFE SMR guarantees a secure environment.
C. The security policy is already in place.
D. Network contains only Cisco devices.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: SAFE SMR makes the following assumptions: 1) The security policy is already in place 2) SAFE does not guarantee a secure environment 3) Application and operating system vulnerabilities are not comprehensively covered Reference: Cisco SAFE Implementation Courseware version 1.1 Page 3-6 Note: If select two then answer would be: A, C
QUESTION 62
Which is a component of Cisco security solutions?
A. Secure connectivity
B. Secure solution
C. Secure availability
D. Secure productivity
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Reference: Cisco Courseware p.3-4
QUESTION 63
Which three Cisco components encompass secure connectivity? (Choose three)
A. Cisco IDS Sensors
B. Cisco PIX Firewalls
C. Cisco IDS Sensors
D. Cisco VPN Connectors
E. Cisco IOS IDS
F. Cisco IOS VPN
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
Explanation: Secure connectivity – Virtual private network (VPN) 1) Cisco VPN Concentrators 2) Cisco PIX Firewalls 3) Cisco IOS VPN Reference: Cisco Courseware p.4-3
QUESTION 64
Which two Cisco components encompass secure management? (Choose two)
A. Cisco VPN Concentrators
B. CiscoWorks
C. Cisco IDS Sensors
D. Cisco PIX Firewalls
E. Web Device Managers
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which statement about SAFE SMR principles is true?
A. SAFE SMR principles are based on Cisco products and features.
B. SAFE SMR principles are not necessarily device specific.
C. SAFE SMR principles are device specific.
D. SAFE SMR principles allow you to guarantee network security.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco SAFE SMR principles tries to go away from the usual Device Specific design templates out there but it is still based on cisco and partner products. To quote: SAFE “Its not a device!” SAFE was created by Cisco to help designers of network secutity; its a design philosophy that utilizes Cisco and Cisco partner products. SAFE SMR takes a threat-mitigation-centric approach to security design instead of the more common device-centric design approach. I would go with on this one; could one.could have been B but i know how cisco think;they like to promote their own products in their tests.
QUESTION 66
Which two Cisco components encompass intrusion protection? (Choose two)
A. Cisco VPN Concentrators
B. Cisco IDS Sensors
C. Cisco IDS Access Point
D. Cisco IOS IDS
E. Cisco Wireless IDS
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco routers with IOS IDS features Cisco Secure IDS Sensors Reference: Cisco Threat Response User Guide
QUESTION 67
What services does remote access VPNs provide?
A. Link corporate headquarters to remote offices.
B. Link network resources with third-party vendors and business partners.
C. Link telecommuters and mobile users to corporate network resources.
D. Link private networks to public networks.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The primary function of the remote access VPN concentrator is to provide secure connectivity to the medium network for remote users REF;Safe white papers;page20 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 68
What services do intranet VPNsprovide?
A. Link corporate headquarters to remote offices.
B. Link network resources with third-party vendors and business partners.
C. Link telecommuters and mobile users to corporate network resources.
D. Link private networks to public networks.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Intranet VPNs refer to connections between sites that are all part of the same company. As such, access between sites is generally less restrictive. Reference: SAFE VPN: IPSec Virtual Private Networks in Depth page 76
QUESTION 69
John the security administrator at Certkiller Inc. is working on purchasing three Cisco 3000 series concentrators. Which three models of the Cisco 3000 Series Concentrator can have redundant power supplies? (Choose three)
A. Model number 3090
B. Model number 3080
C. Model number 3060
D. Model number 3030
E. Model number 3020
F. Model number 3005
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Redundant SEP modules (optional), power supplies, and fans (Cisco VPN 3015-3080) Reference: Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Data Sheet Reference: Cisco Courseware page 4-10
QUESTION 70
What type of authentication does the Cisco 3000 Series Concentrator use?
A. RADIUS
B. TACACS+
C. CHAP
D. PAP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Full support of current and emerging security standards, including RADIUS, NT Domain Authentication, RSA SecurID, and digital certificates, allows for integration of external authentication systems and interoperability with third-party products Ref: Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Overview
QUESTION 71
Which three models of the Cisco 3000 Series Concentrator can provide redundancy? (Choose three)
A. 3005
B. 3010
C. 3015
D. 3030
E. 3060
F. 3080
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
Explanation: Redundant 3000 series concentrators are: Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Ref Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Data Sheet
QUESTION 72
What does the Cisco Unified Client framework provide?
A. Distributed push policy technology.
B. Centralized push policy technology.
C. Centralized pull policy technology.
D. Multi-tiered policy technology.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Utilizing “push policy” capabilities, the unified VPN client framework allows customers to centrally manage security policies, while easily delivering large-scale VPN connectivity to remote users. All of Cisco’s IPsec-based VPN products for the enterprise and service providers will support the unified VPN client framework. Reference: Cisco Extends VPN Leadership – Announces Unified VPN Client Framework and Multi-protocol VPN Solution at Cisco Partner Summit 2001
QUESTION 73
According to SAFE SMR guidelines, where do you implement the Cisco VPN 3000 Series Concentrator?
A. In front of the Internet access router.
B. Behind the PIX Firewall and parallel to the Internet access router.
C. Behind the Internet access router and parallel to the PIX Firewall.
D. Behind the corporate network module.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 59
QUESTION 74
When configuring an IKE proposal on a VPN 3000 Concentrator, which of the following proposal names are valid?
A. Proposal Name: IKE-3DES
B. Proposal Name: IKE-3DES-MD5-DH7
C. Proposal Name: IKE-DH7-3DES-MD5
D. Proposal Name: IKE-3DES-DH7-MD5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: Cisco VPN 3000 Series Concentrators – Tunneling Protocols Reference: Cisco Courseware page 6-59
QUESTION 75
James the security administrator at Certkiller Inc. is working on VPNs. According to SAFE SMR guidelines, what type of VPN uses primarily Cisco VPN optimized routers?
A. Intranet to extranet type of VPN.
B. Extranet to remote user type of VPN.
C. Intranet to remote user type of VPN.
D. Site-to-site type of VPN.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Acceleration Module (VAM) for Cisco 7200 and 7100 Series routers provides high-performance, hardware-assisted encryption, key generation, and compression services suitable for site-to-site virtual private network (VPN) applications. Ref: VPN Acceleration Module for Cisco 7000 Series VPN Routers
We provide Cisco 642-542 help and information on a wide range of issues.Cisco 642-542 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-542 free to send us any questions and we always try our best to keeping our Customers Satisfied.