Cisco 642-541 Real Exam, Discount Cisco 642-541 Exam Materials Online Shop
Attention Please: Professional new version Cisco 642-541 PDF and VCE dumps can now free download on Flydumps.com all are updated timely by our experts covering all new questions and questions.100 percent pass your Cisco 642-541 exam.
QUESTION 65
Which command implements Unicast RPF IP spoofing protection?
A. access-list
B. access-group
C. ip verify reverse-path interface
D. tcp verify reverse-path interface
E. udp verify reverse-path interface
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 66
When allowing syslog access from devices outside a firewall, what filtering at the perimeter router should you implement?
A. no filtering should be implemented since it will block the syslog traffic
B. RFC 1918
C. RFC 2827
D. RFC 1281
E. RFC 1642
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
How many modules exist in the SAFE Enterprise Network Campus?
A. 3
B. 4
C. 5
D. 6
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which are key devices in the SAFE SMR remote user network? Choose three.
A. Layer 2 switch
B. router with firewall and VPN support
C. Layer 3 switch
D. firewall with VPN support
E. NIDS
F. personal firewall software
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which IDS guidelines should be followed, according to SAFE SMR?
A. use TCP shunning as opposed to TCP resets
B. use shunning no longer than 15 minutes
C. use shunning on only UDP traffic, as it is more difficult to spoof than TCP
D. use shunning on only TCP traffic, as it is more difficult to spoof than UDP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 70
What is the primary identity component in a Cisco security solution?
A. Cisco VPN Concentrators
B. Cisco PIX Firewalls
C. Cisco IDS Sensors
D. Cisco Access Control servers
E. Cisco IOS Firewalls
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What IKE proposal should be chosen on the VPN Concentrator for the Unity Client?
A. any proposal that ends with DH7
B. any IKE proposal, except the IKE proposal that ends with DH7
C. any proposal that starts with Cisco VPN Client
D. any proposal that starts with DH7
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which of the following is true about CSA?
A. CSA is a signature-based intrusion prevention system and creates significantly fewer true positives than NIDS
B. CSA is a behavior-based intrusion prevention system and creates significantly fewer false positives than NIDS.
C. CSA is signature-based intrusion prevention system and creates significantly fewer true negatives than NIDS.
D. CSA is a behavior-based intrusion prevention system and creates significantly fewer false negatives than NIDS.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
CSA is a behavior-based intrusion prevention system and creates significantly fewer false negatives than NIDS.
A. All uninfected systems are patched with the appropriate vendor patch for the vulnerability.
B. The spread of a worm infection is limited to areas of the network that are already affected.
C. An actively infected system is disinfected of the worm.
D. Infected machines are identified, contained, and blocked.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 74
What does the Cisco Unified Client framework provide?
A. distributed push policy technology
B. centralized push policy technology
C. centralized pull policy technology
D. multi-tiered policy technology
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 76
Which command implements Unicast RPF IP spoofing protection?
A. access-list
B. access-group
C. ip verify reverse-path interface
D. tcp verify reverse-path interface
E. udp verify reverse-path interface
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which model is recommended for an IDS with at least 100 Mbps performance?
A. 4210
B. 4220
C. 4250
D. 4260
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 78
How are application layer attacks mitigated in the SAFE SMR small network corporate Internet module?
A. NIDS
B. virus scanning at the host level
C. HIDS on the public servers
D. filtering at the firewall
E. CAR at ISP edge
F. TCP setup controls at the firewall to limit exposure
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 79
When allowing syslog access from devices outside a firewall, what filtering at the perimeter router should you implement?
A. no filtering should be implemented since it will block the syslog traffic
B. RFC 1918
C. RFC 2827
D. RFC 1281
E. RFC 1642
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 80
What method helps mitigate the threat of IP spoofing?
A. access control
B. logging
C. SNMP polling
D. Layer 2 switching
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
LAB
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 82
What are the two options in the SAFE SMR midsize network design for WAN connections? Choose two.
A. IPSec VPN tunnel connections
B. only frame relay connections
C. private WAN connections
D. ATM connections
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 83
In the SAFE SMR midsize network design, which module does dial-in traffic terminate?
A. campus module
B. WAN module
C. ISP edge module
D. corporate Internet module
E. PSTN module
F. frame/ATM module
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Which is true with regard to creating an RPC entry with the NFS program number?
A. NFS traffic designated as friendly will be allowed through the firewall
B. no NFS traffic will be allowed through the firewall
C. all NFS traffic will be allowed through the firewall
D. NFS traffic designated as hostile will not be allowed through the firewall
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 85
What is IP logging, as defined for the Cisco IDS appliance?
A. IDS logs IP address information for hosts being attacked
B. IDS logs user information from an attacking host
C. IDS captures packets from an attacking host
D. IDS logs IP address information from an attacking host
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 86
What causes the default TCP intercept feature of the IOS Firewall to become more aggressive? Choose two.
A. the number of incomplete connections exceeds 1100
B. the number of connections arriving in the last 1 minute exceeds 1100
C. the number of incomplete connections exceeds 100
D. the number of connections arriving in the last 10 minutes exceeds 1000
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 87
How is unauthorized access mitigated in the SAFE SMR midsize network design corporate Internet module?
A. CAR at the ISP edge and TCP setup controls at the firewall
B. OS and IDS detection
C. filtering at the ISP, edge router, and corporate firewall
D. IDS at the host and network levels
E. e-mail content filtering, HIDS, and host-based virus scanning
F. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which three Cisco components encompass secure connectivity? Choose three.
A. Cisco IDS Sensors
B. Cisco PIX Firewalls
C. Cisco IDS Sensors
D. Cisco VPN Concentrators
E. Cisco IOS IDS
F. Cisco IOS VPN
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Which threats are expected in the SAFE Enterprise Network Campus Building module? Choose two.
A. IP spoofing
B. packet sniffers
C. unauthorized access
D. virus and trojan horse applications
E. port redirection attacks
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 90
What are two advantages of using integrated systems and appliances? Choose two.
A. achieve better performance
B. implement on existing equipment
C. achieve better interoperability
D. improved manageability
E. increased feature functionality
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Wired Equivalent Privacy (WEP) operates at what layer of the OSI model?
A. physical
B. network
C. transport
D. data link
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 92
What type of authentication does the Cisco 3000 Series Concentrator use?
A. RADIUS
B. TACACS+
C. CHAP
D. PAP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
How are password attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. filtering at the ISP, edge router, and corporate firewall
B. e-mail content filtering, HIDS, and host-based virus scanning
C. OS and IDS detection
D. CAR at the ISP edge and TCP setup controls at the firewall
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Which are key devices in the SAFE SMR midsize network design midsize network campus module? Choose three.
A. WAN router
B. VPN Concentrator
C. firewalls
D. NIDS host
E. corporate servers
F. layer 2 switches
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 95
According to SAFE SMR, which Cisco router is best suited for a remote office?
A. 800 and 900 series
B. 1700 series
C. 2600 and 3600 series
D. 7100 and 7200 series
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 96
How are denial of service attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. filtering at the ISP, edge router, and corporate firewall
B. IDS at the host and network levels
C. e-mail content filtering, HIDS, and host-based virus scanning
D. OS and IDS detection
E. CAR at the ISP edge and TCP setup controls at the firewall
F. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router
Correct Answer: E Section: (none) Explanation Explanation/Reference:
QUESTION 97
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 98
What options can be chosen for TCP session reassembly on the IDS Sensor in the SAFE SMR medium network design? Choose two.
A. IP reassembly
B. no reassembly
C. loose reassembly
D. total reassembly
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 99
What is a feature of SIP?
A. SIP is a transport-layer control protocol that uses IP addresses for transporting multimedia traffic and call management
B. SIP is a session-layer control protocol that uses SIP addresses for signal and session management
C. SIP is an application-layer control protocol that uses SIP addresses for signal and session management.
D. SIP is a session-layer control protocol that uses IP addresses for transporting multimedia traffic and session management.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 100
How many modules exist in the SAFE Enterprise Network Campus?
A. 3
B. 4
C. 5
D. 6
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 102
Which are key devices in the SAFE SMR midsize network design midsize network campus module? Choose three.
A. firewalls
B. NIDS host
C. Layer 3 switches
D. VPN Concentrator
E. corporate servers
F. WAN router
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 103
What service is provided by CSA Profiler?
A. Profiler analyzes applications to help in generating useful policies.
B. Profiler monitors and logs security events that occur on CSA protected hosts.
C. Profiler provides a COM component utility that installs with each CSA.
D. Profiler configures agent kits that are deployed on CSA protected hosts.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which three authentication methods are supported by CSACS? Choose three.
A. PPP
B. RADIUS
C. CHAP
D. TACACS+
E. PAP
F. static passwords
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 105
In which module does the firewall exist in the SAFE SMR small network design?
A. Internet
B. campus
C. corporate Internet
D. edge
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 106
The VPN acceleration module (VAM) is available on what series of VPN optimized routers? Choose two.
A. 1700 Series
B. 2600 Series
C. 3600 Series
D. 7100 Series
E. 7200 Series
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 107
When using PC-based IP phones, which threat is expected between data and voice segments if not protected by a stateful firewall?
A. TCP flood DoS attack
B. IP spoofing attack
C. UDP flood DoS attack
D. application layer attack
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 108
What is the primary function of the inside router in the SAFE SMR midsize network design corporate Internet module?
A. detect attacks on ports that the firewall is configured to permit
B. provide connection state enforcement and detailed filtering for sessions initiated through the firewall
C. provide connectivity to the LAN Module
D. provide Layer 3 separation
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Which of the following is not a critical element of Cisco Self Defending Network strategy?
A. SAFE
B. threat defense system
C. secure connectivity
D. trust and identity management
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 110
What is an example of a trust model?
A. NTFS
B. NFS
C. NTP
D. NOS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 111
What two modules are in the SAFE SMR small network design? Choose two.
A. edge
B. Internet
C. corporate Internet
D. campus
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Which are key devices in the SAFE SMR midsize network design midsize network campus module? Choose three.
A. Syslog hosts
B. corporate servers
C. Layer 3 switches
D. firewalls
E. VPN Concentrator
F. WAN router
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: QUESTION 113
What services does EAP provide?
A. EAP provides wireless gateway and complementary code keying.
B. EAP provides centralized authentication and dynamic key distribution.
C. EAP provides open authentication and shared key distribution
D. EAP provides message integrity check and wireless domain service
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 114
According to SAFE SMR guidelines, what type of VPN uses primarily Cisco VPN optimized routers?
A. intranet to extranet
B. site-to-site
C. extranet to remote users
D. intranet to remote users
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 115
LAB
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 116
What is the difference in implementation between the edge router and the ISP router in the SAFE SMR medium network design?
A. The ISP router is configured for rate limiting.
B. The edge router is configured for rate limiting.
C. The ISP router is configured for more aggressive rate limiting.
D. The edge router is configured for more aggressive rate limiting.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 117
What is the primary function of the VPN Concentrator in the SAFE SMR midsize network design corporate Internet module?
A. provide connection state enforcement and detailed filtering for sessions initiated through the firewall
B. provide secure connectivity to the LAN Module
C. provide secure connectivity to the midsize network for remote users
D. provide secure connectivity to the campus module
E. provide secure connectivity to the Internet or ISP network
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which are attack mitigation roles for the software access option in the SAFE SMR remote user network environment? Choose two.
A. basic Layer 7 filtering
B. authenticate remote site
C. host DoS mitigation
D. terminate IPSec
E. stateful packet filtering
Correct Answer: AC Section: (none) Explanation
Explanation/Reference: QUESTION 119
Which version of PIX introduced support for the VPN accelerator card?
A. version 4.0
B. version 4.3
C. version 5.0
D. version 5.3
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 120
How many transform sets can be included in a crypto map on a PIX Firewall?
A. 1
B. 2
C. 3
D. 4
E. unlimited number
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
CCNA Cisco 642-541 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from CCNA Cisco 642-541.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 642-541 to the text and laying out a complete study plan for review.CCNA Cisco 642-541 also includes a wealth of hands-on practice exercises and a copy of the CCNA Cisco 642-541 network simulation software that allows you to practice your CCNA Cisco 642-541 hands-on skills in a virtual lab environment.The CCNA Cisco 642-541 supporting website keeps you fully informed of any exam changes