Fully Updated Do not hesitate to choose Certadept Cisco 642-371 VCE Exam Dumps, all are updated timely by SAP expert professionals. Visit the site Certadept.com to get the free Cisco 642-371 pdf dumps and free vce player.
Exam A
QUESTION 1
You work in the Certkiller .com support staff. You need to explain the security appliance feature for Certkiller .com. Match the feature with the appropriate description.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two of these items best describe the benefits of RF management for the wireless core feature set using autonomous access points? (Choose two.)
A. Rogue AP detection extends only to the boundaries of the Basic Service Set.
B. Access points can monitor RF while passing client data.
C. Radio management information is aggregated at the WLSE and graphically displayed at the Location Manager appliance.
D. RF management can detect, isolate, and mitigate root access points.
E. Access points must be in sensor scanning mode and with no client data traffic.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 3
Deploying ISRs with integrated security services can help lower the total cost of ownership. Which of these Cisco ISR Routers features illustrate this point?
A. using built-in on-board VPN acceleration to reduce the amount of VPN configuration tasks
B. using the USB port to perform fast Cisco IOS image upgrade
C. using the security audit feature to implement inline Intrusion Prevention System
D. using the SDM configuration tool to reduce training costs
E. using the high performance AIM to increase the Cisco IOS Firewall performance
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Which of these is the Cisco IOS Firewall feature that provides secure, per-application access control across network perimeters?
A. DDoS Mitigation
B. Cisco Security Agent
C. Intrusion Prevention System
D. Authentication Proxy
E. Context-based Access Control
F. Monitoring, Analysis and Response System
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Exhibit: A client must provide wireless coverage for a square courtyard. Each side of the courtyard measures 350 feet (106 meters). The height of the walls is 25 feet (7.6 meters). The only available mounting point for the antenna is in the center of one of the courtyard walls, which is about 12 feet (3.5 meters) from the ground. What is the best antenna to use for maximum courtyard coverage?
A. 2.2 dBi omni
B. 6 dBi patch
C. 13.5 dBi Yagi
D. 21 dBi dish
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which three of these features are supported on the Cisco VPN software client release 4.0.5? (Choose three.)
A. application programming interface which allows you to control operation of the VPN client from another application
B. integrated personal firewall
C. transparent tunneling-IPSec over UDP and IPSec over TCP
D. provides automatic software updates for Windows 2000 and Windows XP
E. load balancing and backup server support
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
How does the Cisco IOS IPS feature set monitor the network for malicious activity?
A. passive “bird-on-a-wire” packet inspection
B. deep inline packet inspection
C. Security Device Event Exchange (SDEE) packet inspection
D. out-of-band (OOB) packet inspection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Certkiller .com has a basic stateful firewall setup that only permits incoming traffic from the Internet to an internal web server. What are the security risks if the firewall being used does not perform advanced application inspection and control like the ASA Security Appliance does? (Choose two.)
A. Allowing all return traffic from the internal web server back out to the Internet may increase the risk of worm propagation.
B. Peer-to-peer or instant messaging traffic using port 80 may exhaust the network capacity.
C. Not validating port 80 traffic content may increase the risk of malware infection.
D. Denial of service attacks launched against port 80 of the internal web server can bring down the web server.
E. If the firewall cannot perform deep packet inspection, the firewall cannot properly classify the HTTP and HTTPS traffic. This may lead to connectivity issues from the Internet to the internal web server.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which Cisco security tool can determine if a Cisco ISR Router is properly secured?
A. Cisco Security MARS
B. SDM security audit
C. CSA
D. CSA MC
E. VMS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which two of these statements best describe the benefits of Cisco’s wireless IDS functionality? (Choose two.)
A. AirDefense for wireless IDS is required by autonomous APs.
B. 2.4GHz RF management can monitor both 802.11 and non-802.11 RF interference.
C. APs only monitor the RF channels that are servicing the clients.
D. Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
E. Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which Cisco Catalyst Series switch is designed for enterprise LAN access, branch offices, Layer 3 distribution points, small- and medium-sized businesses, and metropolitan Ethernet deployments?
A. 2900
B. 3550
C. 4500
D. 6500
E. 8800
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which statement concerning the Active/Active failover feature is correct?
A. ASA Security Appliance failover pair must have either an Unrestricted and UR license or a UR and FO-A/A license to be able to support Active/Active failover.
B. If an active security context within the primary security appliance “fails”, the status of the primary security appliance unit changes to “failed” while the secondary failover security appliance unit transitions to “active.”
C. Active/Active failover is supported in “multiple mode” configuration only.
D. Active/Active failover supports site-to-site IPSec VPN stateful failover.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which tools on Cisco.com could you use to plan for correct Cisco IOS images to support Certkiller .com’s security design and requirements? (Choose two.)
A. Cisco IOS Matrix Navigator
B. Cisco Feature Navigator
C. Cisco IOS Package Planner
D. Cisco IOS Security Planner
E. Cisco Dynamic Configuration Tool
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 14
What is the benefit of using the Cisco Easy VPN Server feature along with the Cisco software VPN client for implementing remote-access VPNs?
A. The Cisco Easy VPN Server feature and the Cisco software VPN client use the same GUI configuration tool to simplify remote-access VPN configurations.
B. The Cisco Easy VPN Server feature allows the Cisco software VPN client to receive its security policies from the central site VPN device. This minimizes the configuration requirements at the remote location for large remote access VPN deployments.
C. The Cisco Easy VPN Server feature and the Cisco software VPN client use hardware-based encryption to reduce the CPU overhead of the central site VPN router.
D. The Cisco Easy VPN Server feature and the Cisco software VPN client enable scalable remote-access VPNs deployment by using a thick client/thin server model where the central site VPN router can handle thousands of incoming VPN connections.
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 15
Regarding the USB eToken module supported on the Cisco ISR series of routers, which three of these are correct? (Choose three.)
A. The storage size is 32KB.
B. The storage size is 128MB.
C. It is used for Cisco IOS image storage.
D. Files can be encrypted and accessed via a PIN.
E. The USB eToken feature is a Cisco proprietary feature.
F. A bootstrap configuration can be stored in its unprotected space.
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which of these is a benefit of an integrated security management system?
A. It provides configuration, monitoring, and troubleshooting capabilities across a wide range of security products.
B. It integrates security device management products and collects events on an “as needed” basis to reduce management overhead.
C. It integrates security management capabilities into the router or switch.
D. It provides a single point of contact for all security configuration tasks thereby enhancing the return on investment.
E. It leverages existing network management systems such as HP OpenView to lower the cost of implementation.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which two of these statements best describe the benefits of WPAv1? (Choose two.)
A. SSID broadcast prevention
B. improved mutual authentication
C. improved encryption through AES
D. improved protection against sniffing initialization vectors
E. RF jamming prevention
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Your Certkiller Trainee Sandra is curious about Cisco security features. You are required to match the
security feature with the appropriate function.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 19
What are three advantages of the Cisco Integrated Services Router product family? (Choose three.)
A. provides advanced security such as hardware encryption acceleration
B. provides investment protection through increased modularity
C. comes equipped with at least one 1000-based TX interface
D. contains integrated wireless access using the 802.11 g/b standard
E. contains integrated web-based management tools for easy configuration and maintenance
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Exhibit:
Deploying integrated services on the Cisco ISR Router can help reduce network cost and complexity by integrating which four of these features on the ISR? (Choose four.)
A. firewall and VPN
B. IP telephony and voice mail
C. Secure Access Control Server
D. LAN switching and Wireless LAN
E. IPS
F. Anomaly Guard and Detection
Correct Answer: ABCE Section: (none) Explanation Explanation/Reference:
QUESTION 21
What are three benefits of the Cisco Adaptive Threat Defense strategy? (Choose three.)
A. using QoS techniques such as Traffic Policing to rate limit suspected traffic to prevent DoS attacks
B. automatic reconfigurations of the security devices based on current security threats
C. containment and control of security threats
D. application security
E. anti-x defense
F. virtual firewall
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
This volume is part of the Exam Certification Guide Series from Cisco 642-371.Cisco 642-371 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-371 Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as Cisco 642-371 exam day nears.