Cisco 642-591 Test Engine, Real Cisco 642-591 Practice Test Latest Version PDF&VCE

Hi,I just took CCNA Cisco 642-591 test and passed with a great score.All examcollection and securitytut dump are no longer valid anymore.I recommend studying Exampass Premium VCE.I can confirm that all Cisco 642-591 new questions appear on my test. Keep up the good work and good luck!

QUESTION 40
In an edge deployment of an in-band virtual-gateway Cisco NAC Appliance solution, how does the Cisco NAS ensure that authenticated client traffic arrives at the correct default gateway?
A. VLAN trunks are used to aggregate the traffic from the managed subnets to the Cisco NAS before being forwarded to their respective gateways on the Layer 3 switch or router.
B. Managed subnets ensure that devices on different untrusted VLANs arrive at the correct default gateways on the trusted side.
C. Cisco NAS interfaces are connected to trunked ports to provide VLAN passthrough to the correct gateway.
D. After authentication, the Cisco NAA, using its cached IP addresses, supplies the IP address of the correct gateway to the Cisco NAS.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 41
What must be done to upgrade a Cisco NAC Appliance implementation to take advantage of a major release of NAC Appliance?
A. Upgrade the Cisco NAM servers. When the Cisco NAM servers come on line, Cisco NAS upgrades will occur automatically.
B. First upgrade the Cisco NAM servers, bring the Cisco NAM servers on line, and then upgrade the Cisco NAS servers.
C. Upgrade the Cisco NAM servers and Cisco NAS servers concurrently.
D. First upgrade the Cisco NAS servers, bring the Cisco NAS on line, and then upgrade the Cisco NAM servers.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 42
In a Cisco NAM high-availability configuration, when does the secondary Cisco NAM take over?
A. when the UDP heartbeat signal is not transmitted and received within a certain time period
B. when the timeout value is exceeded during data-mirroring activities
C. when the IP-based heartbeat signal fails to be transmitted and received within a certain time period
D. when the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failover peers

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 43
When trying to restrict a guest role to a specific library server using a specific protocol, such as HTTP, the administrator would create which type of policy?
A. application-based access policy
B. IP-based traffic control policy
C. host-based control policy
D. role-based access policy
E. host-based traffic policy

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 44
What is the local user account primarily used for?
A. for users who acquire temporary access or the normal login role
B. for users who acquire the quarantine access role
C. for testing or for guest user accounts
D. for administrator access

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit. In a real IP out-of-band solution, what are the correct VLAN numbers for callouts A and B? (Choose two.)

A. A=(VLAN)2
B. A=(VLAN)10
C. A=(VLAN)31
D. B=(VLAN)2
E. B=(VLAN)10
F. B=(VLAN)31

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 46
What method is used to pass traffic from the client to the Cisco NAS in an in-band central virtual-gateway L2 deployment?
A. use the Cisco NAM downloadable ACLs to allow or block traffic at the access switch
B. use different DHCP addressing and port bouncing to allow or block client traffic
C. use VLAN trunks to aggregate the traffic from the client subnets and configure VLAN mapping between the Auth and Access VLANs
D. use static routes
E. use policy-based routing

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 47
When trying to restrict a guest-role end user to a host that has multiple or dynamic IP addresses, the administrator would create which type of policy?
A. IP-based access policy
B. server-based exemption policy
C. address-based inclusion policy
D. host-based traffic control policy

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Where is a local user validated?
A. at the Cisco NAA
B. at the Cisco NAM
C. at the Cisco NAS
D. at the authentication server

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Which interface is always used by Cisco NAM failover peers to support inter-peer connections?
A. the serial connection
B. the eth0 interface
C. the second Ethernet port
D. the eth1 interface

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
When the Cisco NAS is configured for Windows Active Directory SSO, to which component in a Cisco NAC Appliance solution does the client make a request for a Kerberos service ticket?
A. Cisco NAA
B. Microsoft Windows Active Directory server
C. Cisco NAS
D. Cisco NAM

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 51
In the Cisco NAM, under Administration > User Pages > Login Page, custom login pages can be created based on which three things? (Choose three.)
A. VLAN
B. Cisco NAS
C. subnet
D. user role
E. operating system
F. Cisco NAM

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 52
What does the secondary Cisco NAM do after it reboots from its initial configuration?
A. takes over as the active Cisco NAM if the secondary Cisco NAM has a higher priority
B. switches to active mode, enabling load sharing with the primary Cisco NAM
C. automatically sends a message to all Cisco NAS servers, identifying itself as the secondary Cisco NAM
D. automatically synchronizes its database with the primary Cisco NAM
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 53
In an out-of-band Cisco NAC Appliance high-availability deployment, why must port security be disabled between the switch interfaces to which the Cisco NAS and Cisco NAM are connected?
A. Port security can interfere with Cisco NAS high availability and DHCP delivery.
B. Port security creates time-based latency, causing erratic SSL communication.
C. Port security interferes with SNMP message delivery between Cisco NAM failover peers.
D. Port security interferes with UDP heartbeat signals.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
If an administrator configures interfaces E0, E1, and S0 to support NAM high-availability failover, what information is exchanged over these interfaces?
A. NAM run-time data activities and UDP heartbeat signals
B. NAM run-time data activities, UDP heartbeat signals and backup and recover database snapshots
C. NAM run-time data activities and IP-based heartbeat signals
D. NAM run-time data activities, UDP heartbeat signals, redundant heartbeat signals

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
In Cisco NAC Appliance solutions, which statement is correct regarding devices on the certified list?
A. Devices that pass the Cisco NAA requirements are automatically added to the exempt device list.
B. Devices manually added to the certified device list are automatically deleted when the device list-clearing timer expires.
C. A device is not required to be rescanned at the next login as long as its MAC address is in the certified list.
D. To remove an exempt device from the certified list, click the Clear Certified Device button.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Refer to the exhibit. From a drop-down menu, profiles are applied to each managed port. Before a profile can be applied, where are the client access and authentication VLAN profile parameters configured?

A. controlled VLAN profile
B. access control profile
C. port profile
D. switch profile
E. VLAN mapping profile

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 57
What are the two pairs of key attributes of traffic policies? (Choose two.)
A. directional and hierarchical
B. global and local
C. standard and extensible
D. stateful and stateless
E. rule- and requirement-based

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 58
In an out-of-band real IP gateway deployment, how can you limit access to the network for certain types of users after they have been authenticated?
A. by using traffic policy to restrict the network access
B. by assigning ports to specific VLANs and then assigning users to specific roles that map to those VLANs
C. by using SNMP to control client devices directly from the Cisco NAM
D. by limiting the amount of bandwidth that is assigned to their user role

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
In a Layer 3 out-of-band deployment, which Cisco NAC Appliance component provides the client-machine IP address to MAC address mapping?
A. Cisco NAM
B. Cisco NAA
C. Cisco Security Agent
D. Cisco Trust Agent
E. Cisco NAS

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 60
What is an advantage of a Layer 2 out-of-band virtual gateway deployment using port-based VLAN assignment?
A. improves security as the client IP address must change when the port is changed from the authentication VLAN to the access VLAN
B. supports IP telephony for end users who are multi-hops away
C. supports wireless LAN networks providing bandwidth throttling
D. simplifies implementation as client IP addresses are not changed
E. manages bandwidth and session time for users during authentication

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Ensure that you are provided with only the best and most updated Cisco 642-591 Certification training materials, we also want you to be able to access Cisco 642-591 easily, whenever you want.We provide all our Cisco 642-591 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest Cisco 642-591 content and to print and share content.