Issuu on Google+

Exam 642-566 study material Made available by Examsexpert.com

Free 642-566 Exam Preparation Questions Exam 642-566: Security Solutions for Systems Engineers

For Latest 642-566 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-566.html


Question: 1 You are the network consultant from Company.com. Please point out two most appropriate test parameters for the acceptance test plan of a secure connectivity solution. A. Public key exchange B. Privacy of key exchange C. High availability D. Certificate enrollment and revocation Answer: C, D Question: 2 Which function can be implemented by the Cisco Security Agent data access control feature? A. Enables trusted QoS marking at the end host B. Detects changes to system files by examining the file signature C. Detects attempts to modify the file registry D. Detects malformed HTTP requests by examining the URI in the HTTP request Answer: D Question: 3 Which two Cisco products/features provide the best security controls for a web server having applications running on it that perform inadequate input data validation? (Choose two.) A. Cisco Security Agent data access controls B. Cisco Application Velocity System (AVS) C. Cisco IOS Flexible Packet Matching (FPM) D. Cisco ACE XML Gateway Answer: A, D Question: 4 The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash). What is the objective of the Cisco IOS resilient configuration? A. Improve the speed of Cisco IOS image or configuration recovery process B. Allow a compromise of the router C. Enable redundant Cisco IOS images for fault tolerance router operations D. Enable primary and backup operations of two Cisco IOS routers Answer: A Question: 5 Which typical design choices should be taken into consideration while designing Cisco solution-based enterprise remote-access solutions? A. Traffic protection: IPsec versus SSL B. Endpoint security: managed endpoints versus unmanaged endpoints protection (Cisco security Agent, Cisco NAC Agent, Cisco Secure Desktop) C. Central site aggregation device: ISR versus Cisco ASA, high-availability options D. Authentication: one-time passwords, digital certificates Answer: A, B, C, D Question: 6 Which series of steps correctly describes how a challenge-and-response authentication protocol functions? A. 1. The authenticator sends a random challenge string to the subject being authenticated. The subject being authenticated hashes the challenge using a shared secret password to form a response back to the authenticator. The authenticator performs the same hash method with the same shared secret password to calculate a local response and compare it with the received response. If these match, the subject is authenticated. B. 1. The subject being authenticated sends a random challenge string to the authenticator. The authenticator encrypts the challenge string with a private key and sends the encrypted random challenge string back to the subject being authenticated. For Latest 642-566 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-566.html


The subject being authenticated decrypts the random challenge string with the public key and compare it to the original random challenge. If these match, the subject is authenticated. C. 1. The subject being authenticated sends a random challenge string to the authenticator. The authenticator encrypts the challenge string with a shared secret password and sends the encrypted random challenge string back to the subject being authenticated. The subject being authenticated decrypts the random challenge string using the same shared secret key and compare it to the original random challenge. If these match, the subject is authenticated. Answer: A Question: 7 Cisco Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements.Which three of these items are features of the Cisco Secure Access Control Server? A. RSA certificates B. NDS C. Kerberos D. LDAP Answer: A, B, D Question: 8 Which attack method is typically used by Pharming attacks that are used to fool users into submitting sensitive information to malicious servers? A. DHCP exhaustion B. DNS cache poisoning C. DHCP server spoofing D. IP spoofing Answer: B Question: 9 Can you tell me which authentication protocol can provide single sign-on (SSO) services? A. EAP B. RADIUS C. TACACS+ D. Kerberos Answer: D Question: 10 You are the network consultant from Company.com. Please point out two requirements call for the deployment of 802.1X. A. Allow network access during the quiet period B. Verify security posture using TACACS+ C. Grant or deny network access, at the port level, based on configured authorization policies D. Authenticate users on switch or wireless ports Answer: C, D

Question: 11 Which one of the following Cisco Security Management products supports both Cisco and third-party security products? A. Cisco Configuration Professional B. Cisco SDM C. Cisco IME D. Cisco Security MARS Answer: D Question: 12 For Latest 642-566 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-566.html


Which primary security design components should be addressed while implementing secure WAN solutions?(Not all design components are required.) 1. authentication and transmission protection 2. network infrastructure device hardening 3. boundary access control 4. topology 5. high availability 6. performance and scalability 7. resource separation A. 1, 2, 4, 5, 6 B. 1, 2, 3, 4, 5 C. 1, 2, 3, 5, 6 D. 2, 3, 4, 5, 6 Answer: A Question: 13 You are the network consultant from Company.com. Please point out two features are integrated security components of the Cisco Adaptive Security Appliance. A. VTI B. VRF C. Cisco ASA AIP SSM D. Anti-X Answer: C, D Question: 14 Which three security controls can be provided by digital signatures? (Choose three.) A. Anti-replay B. Integrity C. Authenticity D. Nonrepudiation Answer: B, C, D

For Latest 642-566 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-566.html


For complete Exam 642-566 Training kits and Self-Paced Study Material

Visit: http://www.examsexpert.com/642-566.html

www.Examsexpert.com

For Latest 642-566 Exam Questions and study guides- visit- http://www.Examsexpert.com/ 642-566.html


Exam 642-566 Preparation Questions