Cisco 642-591 Exam Practice Questions From Flydumps
Flydumps presents the highest quality of Cisco 642-591 practice material which helps candidates to pass the Cisco 642-591 exams in the first attempt.The brain dumps are the latest,authenticated by expert and covering each and every aspect of Cisco 642-591 exam.
QUESTION 51
Which Cisco NAC appliance out-of-band solution statement is correct?
A. Access switch to Cisco NAM configuration and status change messages are communicated via a proprietary protocol
B. The Swichport Access and authentication VLAN information is sent to the access switch from the Cisco NAM
C. As a laptop device accesses the Cisco NAC Appliance network, the access switch sends the device MAC address to the Cisco NAS
D. All client traffic flows through the CAS while access switch VLAN management is performed out of band
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
In an edge deployment of an in-band virtual-gateway Cisco NAC Appliance solution, how does the Cisco NAS ensure that authenticated client traffic arrives at the correct default gateway?
A. Managed subnets ensure that devices on different untrusted VLANs arrive at the correct default gateways on the trusted side
B. After authentication, the Cisco NAA using its cached IP Addresses, supplies the IP Address of the Correct gateway to the Cisco NAS
C. VLAN trunks are used to aggregate the traffic form the managed subnets to the Cisco NAS before forwarded to their respective gateways on the Layer 3 switch or router
D. Cisco NAS interface are connected to trunked ports to provide VLAN passthrough to the correct gateway
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Why are managed subnets configure in out-of-band virtual gateway mode?
A. Configures the Cisco NAS to map the managed subnet to the proper access VLAN
B. Configure the Cisco NAS with an IP Address in the untrusted VLAN that Cisco NAS can use to send ARP request in that particular VLAN
C. Configure the Cisco NAM management subnet so that all the Cisco NAM initiated traffic will be sent out on the proper management subnet
D. Configure the Cisco NAS management subnet so that all the Cisco NAS initiated traffic will sent out of the proper management subnet
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
A CA-signed certificate is returned from the CA authority and the private key on which the CA certificate is based no longer matches the one in the Cisco NAS. What should the administrator do?
A. Regenerate the certificates based on the FQDN rather than using the service ip address of the NAM
B. Import the single root CA or intermediate CA to .chain.crt in the admin console
C. Edit the Certificate files directly in the file system
D. Reimport the old private key and then install the CA-signed certificate
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
In a Cisco NAC Appliance Windows Active Directory SSO Deployment, what are the cached credentials and Kerberos TGT from the client-machine Windows login used for?
A. They are used to validate the user authentication and access with the Cisco NAM
B. They are used to validate the user with the Cisco NAS
C. They are used to validate user access with the Cisco NAA
D. They are used to validate the user authentication with eh backend Windows Active Directory Server
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
A college network administrator wants to restrict access to specific; targeted subnets by role such as student, administration, faculty and guest roles. How would this be accomplished using the Cisco NAM?
A. Define a bandwidth policy for each role that specifies the target subnets
B. Define extended Access-Control-list templates and apply each template to a specific user role
C. Define a host-based traffic control policy for each role that specifies the target subnets
D. Define an IP-Based traffic Control Policy for each role that specifies the target subnets
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When trying to restrict a guest role to a specific library server using a specific protocol, such as HTTP, the administrator would create which type of policy?
A. Application-based Access Policy
B. IP-Based Traffic Control Policy
C. Role-Based Access Policy
D. Host-Based Control Policy
E. Host-Based Traffic Policy
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 58
In a Layer 3 out-of-band deployment, which Cisco NAC Appliance component provides the Client-Machie IP Address to MAC address mapping?
A. Cisco NAS
B. Cisco Trust Agent
C. Cisco NAM
D. Cisco Security Agent
E. Cisco NAA
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 59
The NAS is configured to autogenerate an IP Address pool of 30 subnets with a netmask of /30, beginning at address 192.168.10.0. Which IP Address is leased to the end-user host on the second subnet?
A. 192.168.10.6
B. 192.168.10.5
C. 192.168.10.4
D. 192.168.10.7
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Our material on our site Cisco 642-591 is exam-oriented,keeping in view the candidates requirements and level of understanding.Cisco 642-591 materials are in the most popular and easy-to-use PDF version. You can use it on any devices with you anywhere.