Welcome to download the newest Pass4itsure C2180-374 VCE dumps: https://www.pass4itsure.com/c2180-374.html
Your worries about Cisco 642-542 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the exam.All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-542 exam.It 100% ensure you pass the Cisco 642-542 exam without any doubt.
QUESTION 96
According to SAFE, small network design has how many modules?
B. 3
C. As many as the Enterprise architecture.
D. 5
E. 4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. REF;Safe white papers;10 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 97
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Choose two)
A. Access-group
B. Ip inspect-name
C. Ip route
D. Access-list
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
REF;Safe white papers;
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 98
How many modules are in the SAFE SMR small network design?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The small network design has two modules: the corporate Internet module and the campus module.
REF;Safe white papers;10
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 99
Which two devices in the SAFE SMR small network campus module should have HIDS installed? (Choose two)
A. Layer 2 switches
B. Firewalls
C. Management hosts
D. Desktop workstations
E. Corporate servers
F. Lab workstations
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: Because there are no Layer 3 services within the campus module, it is important to note that this design places an increased emphasis on application and host security because of the open nature of the internal network. Therefore, HIDS was also installed on key systems within the campus, including the corporate servers and management systems. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 15
QUESTION 100
What two modules are in the SAFE SMR small network design? (Choose two)
A. Edge
B. Internet
C. Corporate Internet
D. Campus
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. The corporate Internet module has connections to the Internet and also terminates VPN and public services (DNS, HTTP, FTP, SMTP) traffic. The campus module contains the Layer 2 switching and all the users, as well as the management and intranet servers. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 10
QUESTION 101
You are the administrator at Certkiller Inc. and you need to implement a firewall in the SAFE SMR small
network design.
In which module does the firewall exist in the SAFE SMR small network design?
A. The Internet module
B. The Corporate Internet module
C. The Campus module
D. The Edge module
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Corporate Internet Module
Key Devices:
1.
SMTP server-Acts as a relay between the Internet and the intranet mail servers
2.
DNS server – servers as authoritative external DNS server for the enterprise;relays internal requests to the Internet
3.
FTP/HTTP server-Provides public information about the organization
4.
Firewall or firewall router-Provides network-level protection of resources, stateful filtering of traffic, and VPN termination for remote sites and users
5.
Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe white papers;11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 102
Kathy the security administrator at Certkiller Inc. is implementing HIDS in the SAFE SMR small network
corporate Internet module.
On what device within the SAFE SMR small network corporate Internet module should Kathy perform
HIDS local attack mitigation?
A. HIDS is performed on Public services servers
B. HIDS is performed on Layer 2 switch
C. HIDS is performed on Firewall
D. HIDS is performed on Routers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers Reference: Safe white papers;11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 9-46
QUESTION 103
According to SAFE SMR, what type of VPN connectivity is typically used with the Cisco PIX Firewall?
A. Remote access
B. Site-to-site
C. Mobile user
D. Corporate
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN connectivity is provided through the firewall or firewall/router. Remote sites authenticate each other with pre-shared keys and remote users are authenticated through the access control server in the campus module. REF;Safe white papers;page 13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 104
Which method will always compute the password if it is made up of the character set you selected to test?
A. Brute force computation
B. Strong password computation
C. Password reassemble
D. Brute force mechanism
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 105
How are application layer attacks mitigated in the SAFE SMR small network corporate Internet module?
A. NIDS
B. Virus scanning at the host level.
C. HIDS on the public servers.
D. Filtering at the firewall.
E. CAR at ISP edge.
F. TCP setup controls at the firewall to limit exposure.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks – Mitigated through HIDS on the public servers REF;Safe white papers;page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 106
How are packet sniffers attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Mitigated Threats Packet sniffers-Switched infrastructure and host IDS to limit exposure REF;Safe white papers;page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 107
HIDS local attack mitigation is performed on what devices within the SAFE SMR small network corporate Internet module?
A. Layer 2 switches
B. Firewalls
C. Routers
D. Public services servers
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers
QUESTION 108
Which three key devices are in the SAFE SMR small network corporate Internet module? (Choose three)
A. Servers
B. VPN concentrators
C. Layer 3 switches
D. Firewalls
E. Layer 2 switches
F. NIDS
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices SMTP server DNS server FTP/HTTP server Firewall or Firewall router Layer 2 switch(with private VLAN support) REF;Safe white papers;page11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 109
How are trust exploitation attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering.
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Trust exploitation-Restrictive trust model private VLANs to limit trust-based attacks Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 11
QUESTION 110
John the security administrator at Certkiller Inc. is working on mitigating all threats to the network. What threats are expected for the SAFE SMR small network campus module? (Choose two)
A. The IP spoofing threat
B. The Packet sniffers threat
C. The Application layer attacks threat
D. The Denial of service threat
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation: Threats Mitigated
1.
Packet sniffers-A switched infrastructure limits the effectiveness of sniffing
2.
Virus and Trojan-horse applications-Host-based virus scanning prevents most viruses and many Trojan horses
3.
Unauthorized access-This type of access is mitigated through the use of host-based intrusion detection and application access control
4.
Application layer attacks-Operating systems, devices, and applications are kept up-to-date with the
latest security fixes, and they are protected by HIDS
5.
Trust exploitation-Private VLANs prevent hosts on the same subnet from communicating unless necessary
6.
Port redirection-HIDS prevents port redirection agents from being installed Reference: Safe white papers:14 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 111
You are the administrator at Certkiller Inc and you are implementing a small filtering router. As an alternative design in the SAFE SRM small network campus module, a small filtering router can be placed between the rest of the network and which devices?
A. The rest of the network and Layer 2 switches
B. The rest of the network and corporate users
C. The rest of the network and management stations
D. The rest of the network and routers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Alternatives Setting a small filtering router or firewall between the management stations and the rest of the network can improve overall security. This setup will allow management traffic to flow only in the specific direction deemed necessary by the administrators. If the level of trust within the organization is high, HIDS can potentially be eliminated, though this is not recommended. Reference: Page 15 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 112
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Select two.)
A. access group
B. ip inspect-name
C. ip route
D. access-list
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
How are packet sniffer attacks mitigated in the SAFE SMR small network campus module?
A. Host based virus scanning.
B. The latest security fixes.
C. The use of HIDS and application access control.
D. Switches infrastructure
E. HIDS
Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation: Packet snuffers-Threats mitigated; switched infrastructure and host IDS to limit exposure. REF;Safe white papers;page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 114
What can be implemented in the SAFE SMR small network campus module to mitigate trust exploitation attacks between devices?
A. Layer 2 switches
B. Firewalls
C. Private VLANs
D. Routers
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Threats mitigated Trust exploitation-Restrictive trust model and private VLANs to limit trust-based attacks REF;Safe white papers;page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 115
What are three of the key devices in the SAFE SMR small network campus module? (Choose three)
A. Layer 2 switches
B. IOS firewall
C. User workstations
D. PIX firewall
E. Corporate servers
F. NIDS
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices Layer 2 switching Corporate server user workstation Management host REF;Safe white papers;page13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 116
How are port redirection attacks mitigated in the SAFE SMR small network campus module?
A. Switched infrastructure.
B. Host based virus scanning.
C. The use of NIDS and application access control.
D. The latest security fixes and NIDS.
E. Private VLANs
F. HIDS
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation: Port redirection-HIDS prevents port redirection agents from being installed Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 14
QUESTION 117
What three commands are used for RFC 1918 and RFC 2827 filtering on the ISP router in the SAFE SMR small network campus module? (Choose three)
A. ip route 1918
B. access-list
C. access-group
D. enable rfc 1918 filtering
E. rate-limit
F. enable rfc 2827 filtering
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation: Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 47
QUESTION 118
The security team at Certkiller Inc. is working on implementing IOS firewall in their SAFE SMR small
network design.
What is the primary function of the IOS firewall in the SAFE SMR small network design?
A. The primary function is it provides remote site connectivity and general filtering for sessions initiated through the firewall.
B. The primary function is it provides host DoS mitigation.
C. The primary function is it authenticates IPSec tunnels.
D. The primary function is it provides remote site authentication.
E. The primary function is it provides connection state enforcement and detailed filtering for sessions initiated through the firewall.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe white papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 119
You are the administrator at Certkiller Inc. and you are configuring the PIX Firewall. The ip verify reverse-path command implements which of the following on the PIX Firewall? (Choose two)
A. The ip verify reverse-path command performs a route lookup based on the destination address.
B. The ip verify reverse-path command performs a route lookup based on the source address.
C. The ip verify reverse-path command provides session state information based on source address.
D. The ip verify reverse-path command provides ingress filtering.
E. The ip verify reverse-path command provides session state information based on destination address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Use the ipverify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. Reference: Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
QUESTION 120
Jason is the security administrator at Certkiller Inc. and wants to know which is true with regard to creating an RPC entry with the NFS program number?
A. The true statement is NFS traffic designated as friendly will be allowed through the firewall.
B. The true statement is no NFS traffic will be allowed through the firewall.
C. The true statement is all NFS traffic will be allowed through the firewall.
D. The true statement is NFS traffic designated as hostile will not be allowed through the firewall.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Remote Procedure Call (RPC) inspection enables the specification of various program numbers. You can define multiple program numbers by creating multiple entries for RPC inspection, each with a different program number. If a program number is specified, all traffic for that program number is permitted. If a program number is not specified, all traffic for that program number is program number, all NFS traffic is allowed through the firewall. Reference: CSI Student Guide v2.0 p. 5-30
QUESTION 121
What is the function of SMTP inspection?
A. Monitors SMTP mail for hostile commands.
B. Monitors SMTP commands for illegal commands.
C. Monitors traffic from and STMP server that is designated as friendly.
D. Monitors traffic that has not been encapsulated.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: SMTP application inspection controls and reduces the commands that the user can use as well as the messages that the server returns. Ref: Cisco Pix Firewall Software (Configuring Application Inspection (Fixup) Cisco PIX Firewall Software – Configuring Application Inspection (Fixup)
QUESTION 122
How does Java applet filtering distinguish between trusted and untrustedapplets?
A. Examines the applet for suspicious code.
B. Relies on a list of applets that you designate as hostile.
C. Relies on a list of applets that you designate as friendly.
D. Relies on a list of external sites that you designate as friendly.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Java inspection enables Java applet filtering at the firewall. Java applet filtering distinguishes between trusted and untrusted applets by relying on a list of external sites that you designate as “friendly.” If an applet is from a friendly site, the firewall allows the applet through. If the applet is not from a friendly site, the applet will be blocked. Alternately, you could permit applets from all sites except for sites specifically designated as “hostile.” Reference: Context-Based Access Control Commands
QUESTION 123
You are the security administrator at Certkiller Inc. and you are working on filtering network traffic. accesslist 101 deny ip 192.168.8.8 0.0.0.255 anyis an example of an ACL entry to filter what type of addresses?
A. It is an example of RFC 1920
B. It is an example of RFC 2728
C. It is an example of RFC 2827
D. It is an example of RFC 1918
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: ! RFC 1918 filtering. Note network 172.16.x.x was not included in the ! filter here since it is used to simulate the ISP in the lab. ! access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any Reference: Page 47 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 124
What is the function of a crypto map on a PIX Firewall?
A. To configure a pre-shared authentication key and associate the key with an IKE peer address or host name.
B. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.
C. To specify which algorithms to use with the selected security protocol.
D. To filter and classify the traffic to be protected.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Crypto map entries for IPSec set up security association parameters, tying toghter the various parts configured for IPSec,including the following;
* Which traffic should be protected by IPSec Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 215
QUESTION 125
What causes the default TCP intercept feature of the IOS Firewall to become more aggressive? (Choose two)
A. The number of incomplete connections exceeds 1100.
B. The number of connections arriving in the last 1 minute exceeds 1100.
C. The number of incomplete connections exceeds 100.
D. The number of connections arriving in the last 10 minutes exceeds 1000.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation: If the number of incomplete connections exceeds 1100 or the number of connections arriving
in the last 1minute exceeds 1100, the TCP intercept feature becomes more aggressive.
Ref:
Cisco IOS Software Releases 12.1 Mainline – TCP Intercept Commands
Flydumps.com New Cisco 642-542 exam materials provided eliminates the tacky and laborious process of studying and memorization as it provides direct Cisco 642-542 questions and answers that will help you feel confident.
Pass4itsure C2180-374 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/c2180-374.html
Cisco 642-542 Exam questions, High Pass Rate Cisco 642-542 PDF Dumps Sale