Cisco 642-542 Dumps, Provides Cisco 642-542 Exam 100% Pass With A High Score
Each Answers in Cisco 642-542 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.
QUESTION 150
How are IP spoofing attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Filtering at the ISP, edge router, and corporate firewall.
B. IDS as the host and network levels.
C. E-mail content filtering, HIDS, and host-based virus scanning.
D. OS and ISD detection.
E. CAR at the ISP edge and TCP setup controls at the firewall.
F. RFC 2827 and 1918 filtering at ESP edge and midsize network edge router.
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation:
At the egress of the ISP router, RFC 1918 and RFC 2827 filtering is configured to mitigate against source-
address spoofing of local networks and private address ranges.
Reference: Cisco Courseware pages 6-8, 6-9
QUESTION 151
How many modules exist in the SAFE SMR midsize network design?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The SAFE medium network design consists of three modules: the corporate Internet module, the campus module, and the WAN module. SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 152
What are the two options for the remote sites connecting into the SAFE SMR medium design? (Choose two)
A. ATM Connection only.
B. IPSec VPN into the corporate Internet module.
C. ISDN
D. Frame Relay Connection only.
E. Private WAN connection using the WAN module.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: From a WAN perspective, there are two options for the remote sites connecting into the medium design. The first is a private WAN connection using the WAN module;the second is an IPSec VPN into corporate internet module.? REF;Safe white papers;page 16 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 153
Which threats are expected in the SAFE SMR midsize network design midsize network campus module? (Choose three)
A. Port redirection
B. Application layer attacks
C. IP spoofing
D. Packet sniffers
E. Virus and Trojan Horse applications
F. Password attacks
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
Explanation: At the top of the list of expected threats are:
1.
Packet sniffers-A switched infrastructure limits the effectiveness of sniffing
2.
Virus and Trojan horse applications-Host-based virus scanning prevents most viruses and many Trojan horses
3.
Password Attacks-The access control server allows for strong two-factor authentication for key applications REF;Safe white papers;22 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 154
What can mitigate the chance of a department accessing confidential information on another department’s server through the use of access control in the SAFE SMR midsize network design midsize network campus module?
A. Layer 2 switch
B. Layer 3 switch
C. General Layer 4 through 7 analysis
D. General Layer 1 through 3 analysis
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Layer 3 switch provides a line of defense and prevention against internally originated attacks. It can mitigate the chance of a department accessing confidential information on another department’s server through the use of access control. For example, a network that contains marketing and research and development might segment off the R&D server to a specific VLAN and filter access to it, ensuring that only R&D staff have access to it. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page
QUESTION 155
Which are key devices in the SAFE SMR midsize network design midsize network campus module? (Choose three)
A. Firewalls
B. NIDS host
C. Layer 2 switches
D. VPN Concentrator
E. Corporate servers
F. WAN router
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices Layer 3 switch-Route and switch production and management traffic within the campus module, provide distribution layer services to the building switches, and support advanced services such as traffic filtering Layer 2 switches (with private VLAN support)-Provides Layer 2 services to user workstations Corporate servers-Provides e-mail (SMTP and POP3) services to internal users, as well as delivering file, print, and DNS services to workstations User workstations-Provide data services to authorized users on the network SNMP management host-Provides SNMP management for devices NIDS host-Provides alarm aggregation for all NIDS devices in the network Syslog host(s)-Aggregates log information for firewall and NIDS hosts Access control server-Delivers authentication services to the network devices One-time password (OTP)server-Authorizes one-time password information relayed from the access control server System admin host-Provides configuration, software, and content changes on devices NIDS appliance-Provides Layer 4-to-Layer 7 monitoring of key network segments in the module REF;Safe white papers;page 21 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 156
The security team at Certkiller Inc is working on securing the network using select key devices. What are key devices in SAFE SMR midsize network design midsize network campus module? (Choose three)
A. A key device is a NIDS host
B. A key device is a VPN Concentrator
C. A key device is a Firewall
D. A key device is a Syslog host
E. A key device is a WAN router
F. A key device is a Layer 3 switch
Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
Explanation: Campus Network: Key Devices
1.
Layer 3 switch-Route and switch production and management traffic within the campus module, provide distribution layer services to the building switches, and support advanced services such as traffic filtering
2.
Layer 2 switches (with private VLAN support)-Provides Layer 2 services to user workstations
3.
Corporate servers-Provides e-mail (SMTP and POP3) services to internal users, as well as delivering file, print, and DNS services to workstations
4.
User workstations-Provide data services to authorized users on the network
5.
SNMP management host-Provides SNMP management for devices
6.
NIDS host-Provides alarm aggregation for all NIDS devices in the network
7.
Sysloghost(s)-Aggregates log information for firewall and NIDS hosts
8.
Access control server-Delivers authentication services to the network devices
9.
One-time Password (OTP) Server-Authorizes one-time password information relayed from the access control server
10.
System admin host-Provides configuration, software, and content changes on devices
11.
NIDS appliance -Provides Layer 4-to-Layer 7 monitoring of key network segments in the module Reference: Safe white papers;page 21 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 157
The security team at Certkiller Inc is working on securing the network using select key devices. Which are the key devices in SAFE SMR midsize network design midsize network campus module? (Choose three)
A. A key device are Firewalls
B. A key device are VPN Concentrator
C. A key device are WAN router
D. A key device are Syslog hosts
E. A key device are Corporate servers
F. A key device are Layer 3 switches
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
Campus Network: Key Devices
1.
Layer 3 switch-Route and switch production and management traffic within the campus module, provide distribution layer services to the building switches, and support advanced services such as traffic filtering
2.
Layer 2 switches (with private VLAN support)-Provides Layer 2 services to user workstations
3.
Corporate servers-Provides e-mail (SMTP and POP3) services to internal users, as well as delivering file, print, and DNS services to workstations
4.
User workstations-Provide data services to authorized users on the network
5.
SNMP management host-Provides SNMP management for devices
6.
NIDS host-Provides alarm aggregation for all NIDS devices in the network
7.
Sysloghost(s)-Aggregates log information for firewall and NIDS hosts
8.
Access control server-Delivers authentication services to the network devices
9.
One-time Password (OTP) Server-Authorizes one-time password information relayed from the access control server
10.
System admin host-Provides configuration, software, and content changes on devices
11.
NIDS appliance-Provides Layer 4-to-Layer 7 monitoring of key network segments in the module Reference: Safe white papers;page 21 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 158
The security team at Certkiller Inc is working on securing the network using select key devices. Which are key devices in the SAFE SMR midsize network design midsize network campus module? (Choose three)
A. A key device are WAN router
B. A key device are VPN Concentrator
C. A key device are Firewalls
D. A key device are NIDS hosts
E. A key device are Corporate servers
F. A key device are Layer 2 switches
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
Campus Network: Key Devices
1.
Layer 3 switch-Route and switch production and management traffic within the campus module, provide distribution layer services to the building switches, and support advanced services such as traffic filtering
2.
Layer 2 switches (with private VLAN support)-Provides Layer 2 services to user workstations
3.
Corporate servers-Provides e-mail (SMTP and POP3) services to internal users, as well as delivering file, print, and DNS services to workstations
4.
User workstations-Provide data services to authorized users on the network
5.
SNMP management host-Provides SNMP management for devices
6.
NIDS host-Provides alarm aggregation for all NIDS devices in the network
7.
Sysloghost(s)-Aggregates log information for firewall and NIDS hosts
8.
Access control server-Delivers authentication services to the network devices
9.
One-time Password (OTP) Server-Authorizes one-time password information relayed from the access control server
10.
System admin host-Provides configuration, software, and content changes on devices
11.
NIDS appliance-Provides Layer 4-to-Layer 7 monitoring of key network segments in the module Reference: Safe white papers;page 21 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 159
The security team at Certkiller Inc is working on alternative designs aspects for the network. Which design alternative in the SAFE SMR midsize network design campus module?
A. An alternative design is a separate router and Layer 2 switch can be used for the core and distribution rather than the higher-performing Layer 3 switch.
B. An alternative design is a NIDS appliance can be placed in front of the firewall.
C. An alternative design is a URL filtering server can be placed on the public services segment to filter the types of Web pages employees can access.
D. An alternative design is a router between the firewall and the campus module can be eliminated.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Alternatives If the medium network is small enough, the functionality of the building switches can be rolled into the core switch, and the building switches can be eliminated. In this case, the end-user workstations would be connected directly to the core switch. Private VLAN functionality would be implemented on the core switch in order to mitigate against trust-exploitation attacks. If the performance requirements of the internal network are not high, a separate router and Layer 2 switch could be used for the core and distribution instead of the higher-performing Layer 3 switch. If desired, the separate NIDS appliance can be replaced with an integrated IDS module that fits into the core switch. This setup provides higher traffic throughput into the IDS module because it sits on the backplane of the switch, rather than being connected via a single 10/100-Mbps Ethernet port. ACLs on the switch can be used to control what traffic is sent to the IDS module. Reference: Safe white papers;page 23 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 160
The structure of Campus module in SAFE medium architecture may be altered. Choose the correct statement.
A. Both alternatives are allowed.
B. The functions of the layer 2 switch, can be integrated into the core switch.
C. If the performance requirements are not too high, the core switch can be replaced by a layer 2 switch and a router.
D. None of these alternatives are allowed.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: If the medium network is small enough, the functionality of the building switches can be rolled into the core switch, and the building switches can be eliminated. If the performance requirements of the internal network are not high, a separate router and Layer 2 switch could be used for the core and distribution instead of the higher-performing Layer 3 switch. Reference: Safe white papers;page 23 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 161
What does RFC 2827 filtering prevent in the SAFE SMR midsize network design campus module?
A. Port redirection attacks.
B. Port mapping through the firewall.
C. Source-address spoofing.
D. Packet sniffers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: RFC 2827 filtering at the ingress router should also be implemented to mitigate the chance of an attacker from outside the network spoofing the addresses of the management hosts. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 71
QUESTION 162
What is a design alternative in the SAFE SMR midsize network design campus module?
A. A NIDS appliance can be placed in front of the firewall.
B. The end-user workstations can be connected directly to the core switch.
C. The router between the firewall and the campus module can be eliminated.
D. A URL filtering can be placed on the public services segment to filter the types of Web pages employees can access.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: If the medium network is small enough, the functionality of the building switches can be rolled into the core switch, and the building switches can be eliminated. In this case, the end-user workstations would be connected directly to the core switch. Private VLAN functionality would be implemented on the core switch in order to mitigate against trust-exploitation attacks. If the performance requirements of the internal network are not high, a separate router and Layer 2 switch could be used for the core and distribution instead of the higher-performing Layer 3 switch. If desired, the separate NIDS appliance can be replaced with an integrated IDS module that fits into the core switch. This setup provides higher traffic throughput into the IDS module because it sits on the backplane of the switch, rather than being connected via a single 10/100-Mbps Ethernet port. ACLs on the switch can be used to control what traffic is sent to the IDS module. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 23
QUESTION 163
NO: 1 Which options can be chosen for TCP session reassembly on the IDS Sensor in the SAFE SMR medium network design? (Choose two)
A. IP Reassembly
B. No reassembly
C. Loose reassembly
D. Total reassembly
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
You can choose three options for TCP session reassembly.
*
No Reassembly
*
Loose Reassembly
*
Strict Reassembly Reference: Cisco Secure Intrusion Detection System (Ciscopress) Page 418
QUESTION 164
What are the two options in the SAFE SMR midsize network design for WAN connections? (Choose two)
A. IPSec VPN tunnel connections.
B. Only frame relay connections.
C. Private WAN connections.
D. ATM connections.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: From a WAN perspective, there are two options for the remote sites connecting into the midium design .The first is a private WAN connection using the WAn module; the second is an IPSec VPN into the corporate Internet module. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 16
Cisco 642-542 study materials is a product you can trust for timely, prompt and successful preparation of IT Certifications. Once you go through the Pass4itSure Microsoft certification exam Cisco 642-542 study materials thoroughly, it’s guaranteed that you will pass your Cisco 642-542 exam at the first shot. The Pass4itSure Cisco 642-542 study materials have designed and prepared the training kit for Cisco 642-542 test. It’s designed to be relevant in today’s rapidly changing IT marketplace, Cisco 642-542 study materials help you utilize evolving technologies, Cisco 642-542 study materials you’re troubleshooting skills, and improve your job satisfaction.
Welcome to download the newest Examwind PHR dumps: https://www.pass4itsure.com/phr.html