Free Flydumps New Updated Cisco 642-591 Exam Questions 100% New Questions
The 100% valid latest Cisco 642-591 question answers ensure you 100% pass! And now we are offering the free Cisco 642-591 new version along with the VCE format Cisco 642-591 practice test. Free download more new Cisco 642-591 PDF and VCE on Flydumps.com.
Exam A
QUESTION 1
How does the Cisco NAM determine the presence of vulnerability without using the Cisco NAA on the client machine?
A. The end-user Cisco Trust Agent capability summary message does not match the defined role-based security policy requirement on the Cisco NAM.
B. The Cisco NAM receives a Cisco Security Agent vulnerability alert from the Cisco NAS
C. The Nessus network scan report matches a defined role-based or OS-based vulnerability on the Cisco NAM
D. The Cisco NAM will perform an agentless scan and interpret the results to determine if the client machines is vulnerable
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Exhibit:
Your work as an network engineer at Certkiller .com. Please study the exhibit carefully. From a Drop-Down menu, profiles are applied to each managed port. Before a profile can be applied, where are the client access and authentication VLAN profile parameters to configured?
A. Controlled VLAN profile
B. Access Control profile
C. Switch Profile
D. VLAN Mapping Profile
E. Port Profile
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 3
What is the local user account primarily used for?
A. For users who acquire temporary access or the normal login role
B. For users who acquire the quarantine access role
C. For Administrator access D. For testing or for guest user accounts
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Which high-availability option is supported by a Cisco NAC Appliance Solution?
A. Cisco NAA Backup Server
B. Cisco NAS Backup Network Scanning
C. Cisco NAM and Cisco NAS redundancy
D. Cisco NAM and Cisco NAS load Balancing
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which features must be configured to ensure that users can perform update and remediation?
A. Temporary Roles and Quarantines roles
B. Nessus Plug-ins and Antivirus Rules
C. Temporary and Quarantine network Remediation timer
D. Session timeouts and traffic controls policies
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
What is the local user account primarily used for?
A. For testing or for guest user accounts
B. For users who acquire temporary access or the normal login role
C. For users who acquire the quarantine access role
D. For Administrator access
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
DRAG DROP
You work as a network administrator at Certkiller .com. Your boss, Mrs. Certkiller, is interested in Cisco
roles.
Match the descriptions with the appropriate roles.
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 8
What is an exempt device?
A. A device that does not require posture assessment each time it logs in to the network
B. A device that does not have to go through certification while its MAC address remains on the certified list
C. A multiuser device that is configured as a floating device so that recertification is not required at each login
D. A single or multiuser device that is only recertified when another user of the device logs out and accesses the network
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which two functions can a Cisco NAC Appliance Agent be configured to perform? (Choose two.)
A. Check for up-to-date antivirus and antispam files
B. Detect the presence of worms and viruses before permitting network access to an end user
C. Perform registry, service and application checks
D. Initiate periodic Virus Scans
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 10
In a Cisco NAM high-availability configuration, when does the secondary Cisco NAM take over?
A. When the timeout value is exceeded during data-mirroring activities
B. When the IP-based heartbeat signal fails to be transmitted and received within a certain time period
C. When the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failover peers
D. When the UDP heartbeat signal is not transmitted and received within a certain time period
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Where is a local user validated?
A. At the authentication Server
B. At the Cisco NAA
C. At the Cisco NAS
D. At the Cisco NAM
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 12
In Cisco NAC Appliance Solutions, which statements is correct regarding devices on the certified list?
A. Device manually added to the certified device list are automatically deleted when the device list-clearing timer expires
B. Devices that pass the Cisco NAA requirements are automatically added to the exempt device list
C. To remove an exempt device from the certified list, click the clear Certified Device Button
D. A device is not required to be rescanned at the next login as long as it MAC address is in the certified list
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
How do you ensure that the Cisco NAS has the most recent version of the Cisco NAA to install on user devices?
A. From the Cisco NAS web Admin Console, enable Cisco NAA autoupdate on the Administration->Software Update Form
B. The Cisco NAA is upgraded directly to each Cisco NAS using the upgrade server form available on the Cisco NAM web console GUI
C. Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form
D. Each Time the Cisco NAA is upgraded, the Cisco NAM automatically download the new version of Cisco NAA to all Cisco NAS Servers
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
When trying to restrict a guest-role end user to a host that has multiple or dynamic IP Addresses; the administrator would create which type of policy?
A. Address-based inclusion Policy
B. Server-based exemption Policy
C. Host-based traffic Control Policy
D. IP-based Access Policy
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Custom login pages can be targeted to specific groups of end users. Which three target methods are supported by Cisco NAC Appliance? (Choose three.)
A. Operating System
B. Subnet
C. Network Access Method
D. End-user Role
E. VLAN ID
F. Device Type
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 16
When configuring an in-band central-deployment virtual gateway on the Cisco NAS, what must be configured to ensure that the interface traffic on the same Layer 2 switch does not create a loop?
A. In the network form, select the passthrough VLAN ID option for the untrusted and trusted management VLAN
B. Configure the first switch downstream of the Cisco NAS with Spanning Tree
C. In the managed subnet form, enter the IP address that is assigned to the Cisco NAS to route the subnet, not the calculated network address
D. In the VLAN mapping form, map the untrusted interface VLAN ID to a trusted network VLAN ID
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 17
In an out-of-band Cisco NAC Appliance high-availability deployment, why must port security be disabled between the switch interfaces to which the Cisco NAS and Cisco NAM are connected?
A. Port Security interfaces with SNMP message delivery between Cisco NAM failover peers
B. Port Security interfaces with UDP heartbeat signals
C. Port Security creates time-based latency, causing erratic SSL communication
D. Port Security can interface with Cisco NAS high availability and DHCP delivery
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which interface is always used by Cisco NAM failover peers to support inter-peer connections?
A. The eth1 interface
B. The Serial Connection
C. The Second Ethernet Port
D. The eth0 Interface
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What does the secondary Cisco NAM do after it reboots from its initial configuration?
A. Switches to active mode, enabling load sharing with the primary Cisco NAM
B. Automatically sends a message to all Cisco NAS Servers, identifying itself as the secondary Cisco NAM
C. Automatically Synchronizes its database with the primary Cisco NAM
D. Takes over as the active Cisco NAM if the secondary Cisco NAM has a higher priority
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which NAC Appliance Component performs network scanning?
A. Cisco NAC Appliance Agent
B. Cisco NAC Appliance Server
C. Cisco NAC Appliance Manager D. Cisco NAC Trust Agent
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Cisco 642-591 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-591 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-591 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-591 exercises help you think about exam objectives in real-world situations, thus increasing recall during exam time.