Cisco 642-541 Exams, 50% OFF Cisco 642-541 Certification Material With High Quality

[New Updated Questions ] Where to find the newest Cisco 642-541 exam dumps? if you want to pass exam Cisco 642-541 without the second try, you should download the latest updated Cisco 642-541 braindump for preparing. Now visit Flydumps.com to get free pdf study guide with valid Cisco 642-541 exam dumps and free vce dumps, which will help you passing quickly!

QUESTION 40
If you need to choose between using integrated functionality in a network device versus using a specialized function appliance, first and foremost you must make your decision based on:
A. The capacity and functionality of the appliance.
B. The integration advantage of the device.
C. Ease of implementation, use and the maintenance of the system.
D. Limiting the complexity of the design.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The integrated functionality is often attractive because you can implement it on existing equipment, or because the features can interoperate with the rest of the device to provide a better functional solution. Appliances are often used when the depth of functionality required is very advanced or when performance needs require using specialized hardware. Make your decisions based on the capacity and functionality of the appliance versus the integration advantage of the device. Ref: Safe White papers; 4 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 41
What are two advantages of using integrated systems and appliances? (Choose two)
A. Achieve better performance.
B. Implement on existing equipment.
C. Achieve better interoperability.
D. Improved manageability.
E. Increased feature functionality.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: At many points in the network design process, you need to choose between using integrated functionality in a network device versus using a specialized functional appliance. The integrated functionality is often attractive because you can implement it on existing equipment, or because the features can interoperate with the rest of the device to provide a better functional solution. Ref: Safe White papers; Page 4 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 42
The security team at Certkiller Inc. is working on private VLANs. What are private VLANs?
A. Private VLANs are tools that allow segregating traffic at Layer 3, turning broadcast segments into non-broadcast, multi-access-like segments.
B. Private VLANs are tools that allow segregating traffic at Layer 2, turning non-broadcast, multi-access-like segments into broadcast segments.
C. Private VLANs are tools that allow segregating traffic at Layer 3, turning non-broadcast, multi-access-like segments into broadcast segments.
D. Private VLANs are tools that allow segregating traffic at Layer 2, turning broadcast segments into non-broadcast, multi-access-like segments

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Within an existing VLAN, private VLANs provide some added security to specific network applications. Private VLANs work by limiting which ports within a VLAN can communicate with other ports in the same VLAN. Isolated ports within a VLAN can communicate only with promiscuous ports. Community ports can communicate only with other members of the same community and promiscuous ports. Promiscuous ports can communicate with any port. This is an effective way to mitigate the effects of a single compromised host. Reference: Safe White papers; Page 5 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 43
You are the security administrator at Certkiller Inc. and you are working on installing IDS in the network. What IDS guidelines should be allowed according to SAFE SMR?
A. An IDS guideline is to use TCP shunning as opposed to TCP resets.
B. An IDS guideline is to use shunning no longer than 15 minutes.
C. An IDS guideline is to use shunning on only TCP traffic, as it is more difficult to spoof than UDP.
D. An IDS guideline is to use shunning on only UDP traffic, as it is more difficult to spoof than TCP.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
To mitigate the risks of shunning, you should generally use it only on TCP traffic, which is much more

difficult to successfully spoof than UDP. Reference: Safe White papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 44
You are the administrator at Certkiller Inc. and you working on shunning attacks to the network. When shunning, why should the shun length be kept short?
A. You should keep it short to eliminate blocking traffic from an invalid address that was spoofed previously.
B. You should keep it short to prevent unwanted traffic from being routed.
C. You should keep it short to prevent TCP resets from occurring.
D. You should keep it short to eliminate blocking traffic from a valid address that was spoofed previously.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: To mitigate the risks of shunning, you should generally use it only on TCP traffic, which is much more difficult to successfully spoof than UDP. Use it only in cases where the threat is real and the chance that the attack is a false positive is very low. Also consider setting the shun length very short. This setup will block the user long enough to allow the administrator to decide what permanent action (if any) he/she wants to take against that IP address. However, in the interior of a network, many more options exist. With effectively deployed RFC 2827 filtering, spoofed traffic should be very limited. Also, because customers are not generally on the internal network, you can take a more restrictive stance against internally originated attack attempts. Another reason for this is that internal networks do not often have the same level of stateful filtering that edge connections possess. As such, IDS needs to be more heavily relied upon than in the external environment. Reference: Safe White papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 45
You the administrator at Certkiller Inc and you are doing research on the type of attacks that occur in the network. What type of attack typically exploits intrinsic characteristics in the way your network operates?
A. Attacks to the network
B. Attacks to the router
C. Attacks to the switch
D. Attacks to the hosts

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Network attacks are among the most difficult attacks to deal with because they typically take advantage of an intrinsic characteristic in the way your network operates. These attacks include Address Resolution Protocol (ARP) and Media Access Control (MAC)-based Layer 2 attacks, sniffers, and distributed denial-of-service (DDoS) attacks. Ref: Safe White papers 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 46
You are the security administrator at Certkiller Inc. working configuring an IDS. Which IDS guideline should be followed, according to SAFE SMR?
A. According to SAFE SMR, use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.
B. According to SAFE SMR, use TCP resets no longer than 15 minutes.
C. According to SAFE SMR, use UDP resets no longer than 15 minutes.
D. According to SAFE SMR, use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning. Reference: Safe White papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 47
Kathy the security administrator at Certkiller Inc. is working on security management. What type of management provides the highest level of security for devices?
A. The highest level is out of band
B. The highest level is device level
C. The highest level is in-band
D. The highest level is proxy level

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” Reference: Safe White papers; Page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 48
Which IDS guideline should be followed, according to SAFE SMR?
A. use UDP resets more often than shunning, because UDP traffic is more difficult to spoof
B. use TCP resets more often than shunning, because TCP traffic is more difficult to spoof
C. use TCP resets no longer than 15 minutes
D. use UDP resets no longer than 15 minutes

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning – TCP resets operate only on TCP traffic and terminate an active attack by sending a TCP reset to both the attacker and the attacked host. Reference: Cisco Courseware p.3-27
QUESTION 49
You have hired a new security administrator for your organization. He calls you in the middle of the night and says “I am receiving too many positives” What is talking about?
A. Alarms from the Intrusion Sensor are detected by illegitimate traffic.
B. Alarms from the Intrusion Sensor are detected by legitimate traffic.
C. Alarms from the Intrusion Sensor are detected-without any further action.
D. Alarms from the Intrusion Sensor are detected and logged.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Positives – are alarms that are detected and logged. False-positives are defined as alarms caused by legitimate traffic or activity. False negatives are attacks that the IDS system fails to see.
QUESTION 50
What is the most likely target during an attack?
A. Router
B. Switch
C. Host
D. Firewall

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The most likely target during an attack, the host presents some of the most difficult challenges from a security perspective. There are numerous hardware platforms, operating systems, and applications, all of which have updates, patches, and fixes available at different times. Ref: Safe White papers; Page 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 51
When shunning, why should the shun length be kept short?
A. To eliminate blocking traffic from an invalid address that as spoofed previously.
B. To eliminate blocking traffic from a valid address that was spoofed previously.
C. To prevent unwanted traffic from being routed.
D. To prevent TCP resets from occurring.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: This setup will block the user long enough to allow the administrator to decide what permanent action (if any) he/she wants to take against that IP address. Ref: Safe White papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 52
Which IDS guideline should be followed according to SAFE SMR?
A. Use UDP resets more often than shunning, because UDP traffic is more difficult to spoof.
B. Use TCP resets more often than shunning, because TCP traffic is more difficult to spoof.
C. Use TCP resets no longer than 15 minutes.
D. Use UDP resets no longer than 15 minutes.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: As the name implies, TCP resets operate only on TCP traffic and terminate an active attack by sending TCP reset messages to the attacking and attacked host. Because TCP traffic is more difficult to spoof, you should consider using TCP resets more often than shunning. Ref: Safe White papers; 8 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 53
What type of attack typically exploits an intrinsic characteristic in the way your network operates?
A. Route attacks
B. Switch attacks
C. Network attacks
D. Host attacks

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Network attacks are among the most difficult attacks to deal with because they typically take advantage of an intrinsic characteristic in the way your network operates. These attacks include Address Resolution Protocol (ARP) and Media Access Control (MAC)-based Layer 2 attacks, sniffers, and distributed denial-of-service (DDoS) attacks. Ref: Safe White papers 6 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 54
Which type of management architecture described in SAFE Enterprise offers the best level of security?
A. In-band
B. Out-of-band
C. Proxy
D. All answers are incorrect.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” Ref: Safe White papers; Page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 55
accesslist 101 deny ip 10.0.0.0 0.255.255.255 any is an example of an ACL entry to filter what type of addresses?
A. RFC 1918
B. RFC 1920
C. RFC 2728
D. RFC 2827

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
! RFC 1918 filtering. Note network 172.16.x.x was not included in the ! filter here since it is used to

simulate the ISP in the lab. ! access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 47
QUESTION 56
What type of management provides the highest level of security for devices?
A. Device level
B. In-band
C. Out of band
D. Proxy level

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: “the “out-of-band” (OOB) management architecture described in SAFE Enterprise provides the highest levels of security” Ref: Safe White papers; Page 9 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 57
The security wheel starts with Secure. What are the initials of the other 3 steps?
A. LMR
B. RTM
C. MTI
D. TIT

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Step 1. – Secure Step 2. – Monitor Step 3. – Test Step 4. – Improve Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 10
QUESTION 58
Which three statements about the monitoring stage of the Security Wheel are true? (Choose three)
A. It detects violations to the security policy.
B. New security policies are created during this stage.
C. It involved system auditing and real-time intrusion detection.
D. It involves the use of security assessments and vulnerability scanning.
E. Adjustments are made to the security policy as security vulnerabilities and risks are identified.
F. It validates the security implementation in step 1.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
Explanation: Detecting violations in your security policy involves monitoring hosts and network traffic to determine when violations occur. Manual monitoring is usually accomplished by utilizing the audit logging capabilities provided by the host operating system. Automatic monitoring involves watching network traffic to determine whether unauthorized activities are occurring on the network. This level of monitoring can be accomplished through the use of Cisco Secure IDS. Reference: Cisco Secure Intrusion Detection System (Ciscopress) Page 42 Reference: Cisco Courseware page 2-9
QUESTION 59
What are three steps of the Security Wheel? (Choose three)
A. Improve
B. Log
C. Maintain
D. Test
E. Secure
F. Report

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Security Wheel breaks network security into four separate phases:

*
Securing

*
Monitoring

*
Testing

*
Improving Reference: Cisco Secure Intrusion Detection System (Ciscopress) Page 35
QUESTION 60
You are the administrator at Certkiller Inc. and you are working on extranet VPNs. What service do extranet VPNs provide?
A. Extranet VPNs provide link network resources with third-party vendors and business partners.
B. Extranet VPNs provide link corporate headquarters to remote offices.
C. Extranet VPNs provide link telecommuters and mobile users to corporate network resources.
D. Extranet VPNs provide link private networks to public networks.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Extranet VPNs refer to connections between a company and its business partners. Access between sites should be tightly controlled by both entities at their respective sites. Reference: Safe White papers; Page 76 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 61
The security team at Certkiller Inc. is working on the SAFE SMR. What is an assumption of SAFE SMR?
A. SAFE SMR does not assume applications and OS security.
B. Implementing SAFE SMR guarantees a secure environment.
C. The security policy is already in place.
D. Network contains only Cisco devices.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
Explanation: SAFE SMR makes the following assumptions: 1) The security policy is already in place 2) SAFE does not guarantee a secure environment 3) Application and operating system vulnerabilities are not comprehensively covered Reference: Cisco SAFE Implementation Courseware version 1.1 Page 3-6 Note: If select two then answer would be: A, C
QUESTION 62
Which is a component of Cisco security solutions?
A. Secure connectivity
B. Secure solution
C. Secure availability
D. Secure productivity

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Reference: Cisco Courseware p.3-4

QUESTION 63
Which three Cisco components encompass secure connectivity? (Choose three)
A. Cisco IDS Sensors
B. Cisco PIX Firewalls
C. Cisco IDS Sensors
D. Cisco VPN Connectors
E. Cisco IOS IDS
F. Cisco IOS VPN

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
Explanation: Secure connectivity – Virtual private network (VPN) 1) Cisco VPN Concentrators 2) Cisco PIX Firewalls 3) Cisco IOS VPN Reference: Cisco Courseware p.4-3
QUESTION 64
Which two Cisco components encompass secure management? (Choose two)
A. Cisco VPN Concentrators
B. CiscoWorks
C. Cisco IDS Sensors
D. Cisco PIX Firewalls
E. Web Device Managers
Correct Answer: BE Section: (none) Explanation

Explanation/Reference:
QUESTION 65
Which statement about SAFE SMR principles is true?
A. SAFE SMR principles are based on Cisco products and features.
B. SAFE SMR principles are not necessarily device specific.
C. SAFE SMR principles are device specific.
D. SAFE SMR principles allow you to guarantee network security.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco SAFE SMR principles tries to go away from the usual Device Specific design templates out there but it is still based on cisco and partner products. To quote: SAFE “Its not a device!” SAFE was created by Cisco to help designers of network security; its a design philosophy that utilizes Cisco and Cisco partner products. SAFE SMR takes a threat-mitigation-centric approach to security design instead of the more common device-centric design approach. I would go with A on this one. Could have been B, but i know how Cisco think; they like to promote their own products in their tests.
QUESTION 66
Which two Cisco components encompass intrusion protection? (Choose two)
A. Cisco VPN Concentrators
B. Cisco IDS Sensors
C. Cisco IDS Access Point
D. Cisco IOS IDS
E. Cisco Wireless IDS

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco routers with IOS IDS features Cisco Secure IDS Sensors Reference: Cisco Threat Response User Guide

This volume is part of the Exam Certification Guide Series from Cisco 642-541. Cisco 642-541 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-541 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Cisco 642-541 exam day nears.