Welcome to Leader of IT Certifications. Best Practice, Certify for Sure!

Index

Content published at Leader of IT Certifications. Best Practice, Certify for Sure!More then 370 posts found
Apple

Apple 9L0-625 Material Provider, Best Quality Apple 9L0-625 PDF Download Online Shop

Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html

The first class Practicing for Microsoft Certification qualifications commence you will come to Flydumps. Prepare for your qualifications the same manner thousands every year carry out, employing the Accreditation teaching solutions, sources plus boot camp tools. Fuse this particular using an additional component Interactive Labs, whilst your Teaching is finished, plus GUARANTEED. Many internet suppliers have planning stuff for Apple 9L0-625 exam sample questions. That may be invaluable for any candidates which obvious Apple 9L0-625 test as well as end up being professional on their subject. The particular Apple 9L0-625 exam sample questions apply test could be the only way that will would ensure the success of nominee inside first attempt.

QUESTION 61
A group of people are testing a beta version of a new iPhone application. In addition to the application itself, what must they install on their iPhones in order to run the application?
A. Xcode
B. A provisioning profile
C. A configuration profile
D. An application keychain

Correct Answer: B QUESTION 62
Static NAT maps ________.
A. a private IP address to one and only one public IP address
B. a private IP address to the first available address from a list of public IP addresses
C. a public IP address to the first available address from a list of private IP addresses
D. multiple private IP addresses to a single public IP address by associating a different network port with each private IP address

Correct Answer: A QUESTION 63
In Mac OS X Server, what does an ACK entry in the DHCP service log indicate?
A. The DHCP service has acknowledged that it is providing IP addresses for the network. http://www.testkiller.com 25 http://www.troytec.com 9L0-625
B. The DHCP service has acknowledged a client computer’s request for a specific IP address.
C. A client computer has acknowledged that it has received an IP address from the DHCP service.
D. A client computer has acknowledged that it has established communication with the DHCP service.

Correct Answer: B
QUESTION 64
Using Server Admin on a Mac OS X Server v10.6 computer, you create and save zone files for the pretendco.com domain on the 192.168.1/24 subnet. Which file contains the entry that the name server will use to resolve an IP address to a hostname in the pretendco.com domain?
A. db.pretendco.com.zone
B. db.pretendco.com.zone.apple
C. db.1.168.192.in-addr.arpa.zone
D. db.1.168.192.in-addr.arpa.zone.apple

Correct Answer: D
QUESTION 65
Which tool can you use to create an iPhone configuration profi le?
A. iTunes
B. iPhone Manager
C. Workgroup Manager
D. iPhone Configuration Utility

Correct Answer: D
QUESTION 66
You are using the Certificate Assistant to create a certificate for SSL connections on your web server. What should you enter in the Common Name field to ensure that web browsers on client computers will accept your certificate by default?
http://www.testkiller.com 26 http://www.troytec.com 9L0-625
A. The DNS name of your website
B. The website administrator’s email address
C. Your organization’s legally registered name
D. The Bonjour hostname of your web server

Correct Answer: A
QUESTION 67
Which DNS record must reside in a Mac OS X Server v10.6 zone file in order for you to perform a valid reverse lookup for an IP address that is defined in a primary zone?
A. A
B. AAAA
C. CNAME
D. HINFO
E. MX
F. PTR
G. SRV

Correct Answer: F QUESTION 68
Which statement presents an important constraint on the choice of what authentication mechanism to use with Mobile Access service?
A. All SSL certificates must be signed by a Certificate Authority.
B. The VPN service and Mobile Access service must use the same authentication mechanism.
C. All services accessed through the Mobile Access service must use the same authentication mechanism.
D. Only Basic and Digest authentication are supported ove r an SSL connection between an origin iCal server and the Mobile Access service.

Correct Answer: A QUESTION 69
Which DNS record must reside in a Mac OS X Server v10.6 zone file in order for you to perform a valid forward lookup for a domain name that is def ined in a primary zone?
A. A
B. PTR
C. SRV
D. CNAME

Correct Answer: D QUESTION 70
Which statement presents a valid reason for developing web apps for the iPhone rather than native iPhone apps?
A. Web apps can use the full suite of iPhone APIs .
B. Web apps can be distributed through the iTunes Store.
C. Web apps provide better performance for graphics- or processor-intensive applications.
D. Web apps allow users to access new features and bug fixes without having to download a new application.

Correct Answer: D QUESTION 71
What role does the Certificate Authority (CA) play in a server/client computing environment?
A. The CA establishes trust between two computers.
B. The CA must be present on a server before SSL can be enabled.
C. The CA determines what ciphers are available for symmetric encryption.
D. SSL routes traffic through the CA to verify the identity of server and client. Correct Answer: B

Whenever Cisco candidates take a tour of sample questions of Apple 9L0-625 exam they find their training to be matchless to great extent.Passing the Apple 9L0-625 on your own can be a difficult task,but with Apple 9L0-625 preparation products,many candidates who appeared online passed Apple 9L0-625 easily.

Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html

Apple 9L0-625 Material Provider, Best Quality Apple 9L0-625 PDF Download Online Shop

Cisco

Cisco 640-722 Exam, Most Important Cisco 640-722 Study Guide With 100% Pass Rate

Welcome to download the newest Examwind 642-647 VCE dumps: http://www.examwind.com/642-647.html

Cisco 640-722 exam sample questions can be used to FLYDUMPS help identify new market opportunities and potential collaboration partners. In fact, most HP HP2-T25 exam sample questions are design specifically for intended Microsoft exams with the help Microsoft experts and professionals.

QUESTION 26
Refer to the exhibit.

Which GUI item do you click to configure maps with APs in Cisco WCS?
A. Configure
B. Client
C. CleanAir
D. Services E. Administration
F. Monitor
Correct Answer: F Explanation Explanation/Reference:
QUESTION 27
Refer to the exhibit.

Which two options does this icon represent about the status of the respective AP on a Cisco WCS version 7.0 map? (Choose two.)
A. The 802.11a/n radio is administratively disabled.
B. The 802.11a/n radio has a minor fault.
C. The 802.11a/n radio has a major fault.
D. The 802.11b/g/n radio is administratively disabled.
E. The 802.11b/g/n radio has a minor fault.
F. The 802.11b/g/n radio has a major fault.
Correct Answer: CD Explanation
Explanation/Reference:
QUESTION 28
What is the difference between the IEEE, the WiFi Alliance, and the FCC, ETSI, and TELEC?
A. The IEEE and FCC are responsible for the standards that apply to wireless networks. The WiFi Alliance, ETSI, and TELEC are the governmental agencies that regulate compliance with local standards.
B. The IEEE is responsible for Layer 1 and Layer 2 protocols. The WiFi Alliance is responsible for interoperability testing. The FCC, ETSI, and TELEC are responsible for radio frequency and transmission power-level regulations and standards in the U.S., Europe, and Japan.
C. The IEEE is responsible for Layer 1 and Layer 2 protocols. The FCC, ETSI, and TELEC are responsible for interoperability testing and compliance. The WiFi Alliance is responsible for radio frequency and transmission power-level regulations and standards on a global basis.
D. The IEEE and FCC are responsible for the Layer 3 protocol support and frequency and power-level regulations in the United States. ETSI and TELEC are responsible for frequency and power-level regulations in Europe and Japan. The WiFi Alliance is responsible to interoperability testing.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 29
What is an MBSSID?
A. a virtual AP configured on a physical AP that share a single physical device, which is one half-duplex radio
B. a set of physical APs configured in a BSA to form cells that are controlled by a single controller
C. the group of clients that are allowed to gain access to one or more SSIDs configured in an AP
D. the identified overlap area between two cells, which identifies the clients that are operating in that area at any given time
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 30
You are testing a new autonomous Cisco Aironet 1260 AP that has booted for the first time on the existing corporate network, which includes voice, data, and
location services.
How do you reach the GUI of the AP?

A. HTTP to 10.0.0.1.
B. HTTP to 192.168.1.1.
C. HTTP to the DHCP address.
D. HTTPS to 10.0.0.1.
E. HTTPS to the 192.168.1.1.
F. HTTPS to the DHCP address.
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 31
A WLAN deployment uses a combination of Cisco Aironet 1260 APs and multiple Cisco 5500 Wireless LAN Controllers to provide wireless LAN access to end-users. The network administrator has decided to use DHCP Option 43 to enable the APs to discover the wireless LAN controllers.
When configuring the DHCP scope, which format should be used for the Cisco WLC addresses?
A. a comma-separated ASCII string of Cisco WLC AP-manager addresses
B. a comma-separated ASCII string of Cisco WLC management addresses
C. a comma-separated ASCII string of Cisco WLC virtual IP addresses
D. a hexadecimal string of Cisco WLC AP-manager addresses
E. a hexadecimal string of Cisco WLC management addresses
F. a hexadecimal string of Cisco WLC virtual IP addresses
Correct Answer: E Explanation
Explanation/Reference:
QUESTION 32
Which interface is considered a dynamic interface?
A. the virtual interface
B. the AP manager interface
C. the LAG interface
D. the management interface
E. the service port interface
F. a WLAN client data interface
Correct Answer: F Explanation
Explanation/Reference:
QUESTION 33
Which three items do you need to establish a wireless connection to an enterprise wireless network? (Choose three.)
A. SSID name
B. RF channel
C. RF signal
D. 802.1X/EAP credentials
E. pre-shared key
F. web page
G. WPA/WPA2 settings
Correct Answer: ACD Explanation
Explanation/Reference:
QUESTION 34
You have brought your MacBook Pro running OS 10.6 to work and intend use the enterprise wireless network. This network is using EAP-FAST and 2.4 GHz for data and 5 GHz for VoWLAN.
Which statement about the laptop configuration and wireless connection is true?
A. Install a USB wireless adapter and configure
B. Install Apple EAP-Fast plug-in and configure
C. Install Cisco AnyConnect v2.4 and configure
D. Configure Apple network preferences for EAP-FAST
E. The laptop does not support EAP-FAST and will be unable to connect
F. The laptop only supports 5 GHz and will be unable to connect
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 35
Which Cisco AnyConnect module allows troubleshooting for core Cisco AnyConnect problems?
A. telemetry
B. web security
C. VPN
D. NAM

E. DART
F. posture
G. CSSC
Correct Answer: E Explanation
Explanation/Reference:
QUESTION 36
Which Cisco AnyConnect module provides wireless connectivity?
A. telemetry
B. web security
C. VPN
D. NAM

E. DART
F. posture
G. CSSC
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 37
Which option is needed to earn the Cisco Compatible credential for Cisco Compatible Extensions Lite?
A. Foundation and Management are required.
B. Location and Management are required.
C. Foundation and Location are required.
D. Foundation and Voice are required.
E. Voice is required.
F. Foundation is required.
G. Location is required.
H. Management is required.
Correct Answer: F Explanation
Explanation/Reference:
QUESTION 38
In a typical wireless network using WPA, WPA2 or VPN, why is it still possible for a rogue client to launch a DOS attack?
A. WPA and WPA2 are not considered strong encryption algorithms and are easily cracked.
B. 802.11 management frames are easily compromised.
C. Cisco Compatible Extensions v5 are required with WPA, WPA2, or VPN to keep rogues from launching attacks in the wireless network.
D. The message integrity check frames are never encrypted or authenticated, which allows rogues to spoof clients.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 39
Strong security is required, but a centralized RADIUS authenticator has not been implemented. Which two steps must you take to provide maximum security when using a pre-shared key? (Choose two.)
A. Change the TKIP on a weekly basis.
B. Use a key that includes mixed-case letters, numbers, and symbols with a length greater than 10 characters.
C. Use only with WPA and WPA2, following proper strong key guidelines.
D. Use the longest possible WEP key in your security policy.
Correct Answer: BC Explanation
Explanation/Reference:
QUESTION 40
What is the impact of configuring a single SSID to support TKIP and AES encryption simultaneously?
A. The overhead associated with supporting both encryption methods degrades client throughput significantly.
B. Some wireless client drivers might not handle complex SSID settings and may be unable to associate to the WLAN.
C. This configuration is unsupported and the Cisco Wireless Control System generates alarms continuously until the configuration is corrected.
D. This configuration is common for migrating from WPA to WPA2. No problem is associated with using this configuration.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 41
Which key is established using the four-way handshake during the WPA authentication process?
A. Pairwise Master Key
B. Pairwise Multiple Key
C. Pairwise Session Key
D. Pairwise Transient Key
E. Pairwise Transverse Key
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 42
What are four features of WPA? (Choose four.)
A. a larger initialization vector, increased to 48 bits
B. a message integrity check protocol to prevent forgeries
C. authenticated key management using 802.1X
D. support for a key caching mechanism
E. unicast and broadcast key management
F. requires AES-CCMP
Correct Answer: ABCE Explanation
Explanation/Reference:
QUESTION 43
When the enterprise-based authentication method is used for WPA2, a bidirectional handshake exchange occurs between the client and the authenticator. Which five options are results of that exchange being used on a controller-based network? (Choose five.)
A. a bidirectional exchange of a nonce used for key generation
B. binding of a Pairwise Master Key at the client and the controller
C. creation of the Pairwise Transient Key
D. distribution of the Group Transient Key
E. distribution of the Pairwise Master key for caching at the access point
F. proof that each side is alive
Correct Answer: ABCDF Explanation
Explanation/Reference:
QUESTION 44
When a guest client is authenticated, which type of connection is created between the controller- based AP and the client?
A. as SSL connection
B. a TLS encrypted tunnel
C. an unsecured connection
D. a 802.1x/EAP tunnel
E. an IPsec tunnel
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit.

Which GUI item do you click to configure authentication and authorization in Cisco WCS?
A. Security
B. Monitor
C. Configure
D. Services
E. Administration
F. Tools
Correct Answer: E Explanation
Explanation/Reference:
QUESTION 46
When adding a controller to manage through Cisco WCS, which address type is used and which SNMP function does the Cisco WCS perform?
A. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP TRAP authenticator.
B. The IP address of the controller is used and the Cisco WCS acts as a SNMP TRAP receiver.
C. The controller is managed through its MAC address and the Cisco WCS acts as a SNMP agent.
D. The controller connects through its MAC address to the Cisco WCS and the Cisco WCS uses the SNMP to manage the controller for all configured SNMP parameters.
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 47
Which three severity levels are in the Cisco WCS alarm dashboard? (Choose three.)
A. Critical
B. Flash
C. Major
D. Minor
E. Trivial
F. Urgent
Correct Answer: ACD Explanation
Explanation/Reference:
QUESTION 48
The existing Cisco Unified Wireless Controller is running version 7.0 code for both the controllers and the Cisco WCS. A controller has been configured with an appropriate rogue rule condition to report discovered APs to the Cisco WCS.
Which default alarm level is used to display all rogue APs in the Alarm Summary?
A. Critical
B. Flash
C. Urgent
D. Major
E. Minor
Correct Answer: E Explanation
Explanation/Reference:
QUESTION 49
Which Cisco WCS tool allows you to view current reports, open specific types of reports, create and save new reports, and manage scheduled runs?
A. Reports menu
B. Reports launch page
C. Scheduled Run results
D. saved reports
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 50
Which path do you take to manage the results of a report that had been run on network utilization?
A. Reports > Report Launch Pad > Device > Utilization
B. Reports > Report Launch Pad > Scheduled Run Results
C. Reports > Saved Reports > Scheduled Run Results
D. Reports > Scheduled Run Results
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 51
Which CLI command is used on a Cisco WLC to troubleshoot mobility, rogue detection, and load-balancing events?
A. debug dot11
B. debug capwap all
C. show dot11 details
D. show capwap details
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 52
Which three WLC debug commands are appropriate to troubleshoot a wireless client that is associated to an AP? (Choose three.)
A. debug capwap
B. debug mac addr
C. debug dot11
D. debug dhcp
E. debug ap
F. debug dtls
Correct Answer: BCD Explanation
Explanation/Reference:
QUESTION 53
Which command path correctly describes how to access and troubleshoot clients with Cisco WCS version 7.0?
A. Tools > Clients > select displayed client’s MAC address
B. Tools > Clients > enter client’s MAC address
C. Monitor > Clients > click displayed client’s MAC address
D. Monitor > Clients > enter client’s MAC address
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 54
Which single tool helps to troubleshoot client-related issues in a WLAN?
A. The show and debug commands on the controller.
B. The show commands on the AP.
C. Client templates on the Cisco WCS.
D. Client troubleshooting on the Cisco WCS.
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 55
Which option best describes the limitation of a client that is attempting to manage a WLC while using the client wireless adapter connection to the wireless infrastructure?
A. Controllers must be managed using only secure protocols (that is, SSH and HTTPS), not nonsecure protocols (that is, HTTP and Telnet).
B. Read-write access is not available; only read-only access is supported.
C. Uploads and downloads from the controller are not allowed.
D. Wireless clients can manage other controllers, but not the same controller and the AP to which the client is associated.
Correct Answer: C Explanation
Explanation/Reference:
QUESTION 56
Refer to the exhibit.

With the current Cisco WLC version 7.0 syslog level settings set the way they are, which log levels are captured by the Syslog server?
A. syslog level errors only
B. all syslog levels
C. only the syslog severity level number of error and greater
D. only the syslog severity level number of error and less
Correct Answer: D Explanation Explanation/Reference:
QUESTION 57
Which type of management tasks can be completed on a Cisco WLC remotely from a wireless client?
A. All management and configuration tasks can be performed from a wireless client except for using debug commands.
B. In the default configuration, no management or configuration is possible through the GUI or CLI on the Cisco WLC.
C. The default configuration of the Cisco WLC allows only CLI access and then only the use of show commands, so no configuration is possible.
D. All management and configuration tasks, except uploads from and downloads to the Cisco WLC, are permitted.
Correct Answer: B Explanation Explanation/Reference:
QUESTION 58
When using a Cisco WLC version 7.0 with a default configuration, how is a remote management HTTPS access connection secured?
A. The Cisco WLC uses a pre-shared key to authenticate the user, which limits the number of potential users that can access the controller.
B. The Cisco WLC generates its own local web administration SSL certificate and automatically applies it to the GUI.
C. The Cisco WLC uses a CA certificate for SSL access.
D. The Cisco WLC uses HTTPS to secure the HTTP session via a preconfigured password that generates a certificate for each session.
Correct Answer: B Explanation Explanation/Reference:
QUESTION 59
You have an organization that has a growing number of standalone APs. You would like to migrate to lightweight APs and manage them through Cisco WCS. Which software platform allows you to make this migration?
A. The enterprise version of Cisco WCS allows this migration and provides the most flexibility in the number of APs supported.
B. CiscoWorks WLSE is the only management platform that allows this migration, but it is limited to 500 APs.
C. You can migrate your network to Cisco WCS single server with the CiscoWorks WLSE upgrade software upgrade.
D. You can migrate the network by using either the single server or enterprise software platforms, both using the CiscoWorks WLSE upgrade software upgrade.
Correct Answer: C Explanation Explanation/Reference: QUESTION 60
Which statement best describes the ability of a wireless client to access and transmit a data frame to an AP?
A. The client listens to the media until polled by the AP using PCF to send its data.
B. The client listens to the media until a data frame is finished, at which time it transmits, unless a collision of data frames has occurred.
C. The client uses random countdown timers to start the transmission of a data frame.
D. The client listens to the media and countdown timers to start the transmission of a data frame.
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 61
Which statement about ZigBee technology is true?
A. It has low power consumption.
B. It is designed only for point-to-point communications.
C. It ranges up to 250 meters.
D. It supports data rates up to 1 and 2 Mb/s.
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 62
Which four options are the characteristics of the original 802.11 protocol? (Choose four.)
A. Defined DSSS and FHSS as possible methods for modulation
B. Designed to operate in the 5 GHz ISM frequency spectrum
C. The most common deployment is three non-overlapping channels that are 20 MHz wide
D. The protocol sets the maximum throughput at 1 Mb/s or 2 Mb/s
E. Defined FHSS and OFDM as possible methods for modulation
F. The most common deployment is three non-overlapping channels that are 22 MHz wide
G. Designed to operate in the 2.4 GHz ISM frequency spectrum
H. The protocol sets the maximum throughput at 1 Mb/s
Correct Answer: ACDG Explanation
Explanation/Reference:
FHSS is still described in the original 802.11 protocol, but another technique was preferred and adopted by all 802.11 networks: Direct Sequence Spread Spectrum. Instead of small channels and a jumping sequence, the information is sent over a wider channel. This channel is 22 MHz wide (if the center frequency is 2.412, this channel spans from 2.401 GHz to 2.423 GHz) and does not move (no hopping, which is why the sequence is said to be direct instead of hopping). Then, over this 22 MHz channel, several bits of information are sent in parallel. If a source of interference affects part of the channel, it will prevent only the bits sent in that frequency from reaching the receiver.
QUESTION 63
The network administrator receives complaints of slow wireless network performance and performs a sniffer trace of the wireless network in preparation for migration to 802.11n. The sample capture shows frames that contains AP beacons with NonERP_Present bit set to 1 and frames with RTS/CTS.
Which two conclusions can be interpreted from these frames? (Choose two.)
A. The network is performing slowly because 802.11n clients are already mixed with 802.11g clients.
B. The network is performing slowly because 802.11b clients still exist in the network.
C. The network is performing slowly because a wireless client is incorrectly configured, which results in RF interference.
D. Possible 802.11b wireless clients are located only in the AP cell radius where the sniffer capture was performed.
E. Possible 802.11b wireless clients could be located anywhere in the wireless network.
Correct Answer: BE Explanation
Explanation/Reference:
QUESTION 64
How many dBm is 40 mW?
A. 10 dBm
B. 16 dBm
C. 20 dBm
D. 22 dBm
E. 40 dBm
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 65
If an antenna has a dBd of 8.6, what is the dBi value?
A. 6.2
B. 6.46
C. 8.6
D. 10.74
E. 12.88
Correct Answer: D Explanation
Explanation/Reference:
Antenna performance Antenna performance is measured in dBi (the antennas gain/loss over a theoretical isotropic antenna) dBd (the antennas gain/loss over a dipole antenna) dBi = dBd + 2.15 dBd = dBi 2.15
QUESTION 66
Which calculation computes the EIRP of an antenna?
A. EIRP = Tx power (dBm) + Antenna Gain (dBi) – Cable Loss (dB)
B. EIRP= Cable Loss (dB)+ Antenna Gain (dBi) – Tx power (dBm)
C. EIRP = Cable Loss (dB)+ Antenna Gain (dBi) / Tx power (dBm)
D. EIRP = Tx power (dBm) + Antenna Gain (dBi) / Cable Loss (dB)
E. EIRP = Antenna Gain (dBi) – Cable Loss (dB) * Tx power (dBm)
F. EIRP = Tx power (dBm) * Antenna Gain (dBi) / Cable Loss (dB)
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 67
Which three items are allowed on an Ethernet trunk port? (Choose three.)
A. autonomous AP
B. FlexConnect AP
C. local AP
D. monitor AP
E. rogue detector AP
F. sniffer AP
G. SE-Connect AP
H. Cisco WLC
Correct Answer: BEH Explanation
Explanation/Reference:
QUESTION 68
Which option describes computer-to-computer wireless communication?
A. BSS and BSA
B. IBSS and ad hoc network
C. ad hoc network and BSA
D. IBSS and ESS
E. ESS and BSA
F. BSS and ad hoc network
Correct Answer: B Explanation
Explanation/Reference:
QUESTION 69
Which two statements about AES-CCMP are true? (Choose two.)
A. It is an encryption algorithm used in the 802.11i security protocol.
B. It is defined in 802.1X.
C. It is the encryption algorithm used in TKIP implementations.
D. It is required in WPA.
E. It is required in WPA2.
Correct Answer: AE Explanation
Explanation/Reference:
QUESTION 70
Which two statements about beacon frames used by access points are true? (Choose two.)
A. They contain SSIDs if this feature is enabled.
B. They provide vendor proprietary information.
C. They are another name for an associated request.
D. They are sent in response to a probe frame.
E. They include ATIM window information for power save operations.
Correct Answer: AB Explanation
Explanation/Reference:
QUESTION 71
Which two actions are best for deploying VoWLAN on a wireless network? (Choose two.)
A. Minimize the use of Class 3 Bluetooth devices.
B. Minimize the use of analog cameras.
C. Minimize the use of IP cameras.
D. Maximize client access by enabling all data rates used by clients.
E. Maximize client access by enabling only a few high data rates used by clients.
Correct Answer: BE Explanation
Explanation/Reference:
QUESTION 72
What is the equivalent of 26 dBm in milliwatts?
A. 4 mW
B. 40 mW
C. 100 mW
D. 400 mW
E. 1000 mW
Correct Answer: D Explanation
Explanation/Reference:
QUESTION 73
What is the EIRP value for a transmitter that has a transmitter capable of 15 dBm, an antenna that has a gain of 12 dBi, and a cable that connects the transmitter to the antenna that has 1 db loss?
A. 26 dBm
B. 100 mW
C. .86 dBm
D. 165 dBm
E. 1000 mW
Correct Answer: A Explanation
Explanation/Reference:
QUESTION 74
What are three primary components that describe TKIP? (Choose three.)
A. broadcast key rotation
B. dynamic WEP
C. message integrity check
D. per-packet key hashing
E. symmetric key cipher
F. WPA2 enterprise mode
Correct Answer: ACD Explanation
Explanation/Reference:
QUESTION 75
When an AP, in its default configuration mode, connects to a Cisco WLC, which methods are available for remote management access to an AP?
A. SSL and SSH are available only after configuration by a Cisco WLC version 7.0.
B. SSH only
C. HTTPS, and SSH
D. SSH and Telnet
E. SSH and Telnet are available only after configuration by a Cisco WLC version 7.0.
Correct Answer: D Explanation
Explanation/Reference: QUESTION 76
Which three options are limitations when configuring basic security on an autonomous AP when using the express security page setup? (Choose three.)
A. You need multiple SSIDs.
B. Delete all the SSIDs.
C. Edit the SSIDs.
D. Use multiple authentication servers.
E. Use the same SSID on both radios.
F. Use a single SSID on a single radio.
Correct Answer: CDE Explanation
Explanation/Reference:

Flydumps is ready to provide Cisco 640-722 candidates with Cisco 640-722 training materials which can be very much helpful for getting Cisco 640-722 certification, which means that candidates.Cisco 640-722 can easily get access to the services of Cisco 640-722 for practice exam,which will assure them 100% Cisco 640-722 success rate.Though Cisco 640-722 tests are not easy at all, but they do not make Cisco 640-722 things complicated.

Welcome to download the newest Examwind 642-647 VCE dumps: http://www.examwind.com/642-647.html

Cisco 640-722 Exam, Most Important Cisco 640-722 Study Guide With 100% Pass Rate

Cisco

Cisco 642-542 Self Study, High Pass Rate Cisco 642-542 Demos Covers All Key Points

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

Flydumps Cisco 642-542 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco 642-542 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Cisco 642-542 exam content is regularly updated and has been checked for accuracy by our team of SAP expert professionals.

QUESTION 126
Which command implements UnicastRPF IP spoofing protection?
A. access-list
B. access-group
C. ip verify reverse-path interface
D. tcp verify reverse-path interface
E. udp verify reverse-path interface

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Use the ipverify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. Reference: Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
QUESTION 127
How many transforms can be included in a transform set on a PIX Firewall?
A. 1
B. 2
C. 3
D. 4
E. unlimited number

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Up to three transforms can be in a set. Sets are limited to up to one AH And up to two ESP transforms. Reference: Cisco Secure PIX Firewalls (Ciscopress) Page 212
QUESTION 128
What is the function of a crypto map on a PIX Firewall?
A. To define the policy that will be applied to the traffic.
B. To specify which algorithms will be used with the selected security protocol.
C. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.
D. To map transforms to transform sets.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Crypto map entries must be created for IPSec to set up SAs for traffic flows that must be encrypted.
Reference: Cisco Secure PIX Firewalls (Ciscopress) Page 215

QUESTION 129
Which version of PIX introduces support for the VPN accelerator card?
A. Version 4.0
B. Version 4.3
C. Version 5.0
D. Version 5.3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 130
What version of the Cisco PIX Firewall is required to use the VPN accelerator card?
A. Version 2.3 or higher.
B. Version 3.3 or higher.
C. Version 4.3 or higher.
D. Version 5.3 or higher.
E. Version 6.3 or higher.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 131
John the security administrator at Certkiller is working on mitigating DoS in the network. How are DoS attacks mitigated in the SAFE SMR small network corporate Internet module? (Choose two)
A. Mitigated by CAR at ISP edge.
B. Mitigated by NIDS
C. Mitigated by TCP setup controls at the firewall to limit exposure.
D. Mitigated by HIDS on the public serves.
E. Mitigated by virus scanning at the host level.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: Threat Mitigation Denial of service-Committed access rate (CAR) at ISP edge and TCP setup controls at firewall to limit exposure Reference: Page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 132
You are the administrator at Certkiller Inc. and you need pick a device to help you secure the network. Which device in the SAFE SMR midsize network design corporate Internet module determines when to provide TCP shunning or resets?
A. IDS
B. Firewall
C. Router
D. Public services servers
E. Layer 2 switches

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The NIDS appliance between the private interface of the firewall and the internal router provides a final analysis of attacks. Very few attacks should be detected on this segment because only responses to initiated requests, a few select ports from the public services segment, and traffic from the remote access segment are allowed to the inside. Only sophisticated attacks should be seen on this segment because they could mean that a system on the public services segment has been compromised and the hacker is attempting to take advantage of this foothold to attack the internal network. For example, if the public SMTP server were compromised, a hacker might try to attack the internal mail server over TCP port 25, which is permitted to allow mail transfer between the two hosts. If attacks are seen on this segment, the responses to those attacks should be more severe than those on other segments because they probably indicate that a compromise has already occurred. The use of TCP resets or shunning to thwart, for example, the SMTP attack mentioned above, should be seriously considered. Reference: Safe white papers;page 19 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 133
You are the leader of the security team at Certkiller Inc and you are working on mitigation trust exploitation attacks. How is trust exploitation attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Mitigated by using restrictive trust model and private VLANs.
B. Mitigated by using OS and IDS detection.
C. Mitigated by using restrictive filtering and host IDS.
D. Mitigated by using IDS at the host and network levels.
E. Mitigated by using filtering at the ISP, edge router, and corporate firewall.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
Explanation: Trust exploitation-Restrictive trust model and private VLANs to limit trust-based attacks Reference: Safe white papers;page 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 134
Jason the security administrator at Certkiller Inc is working on dial in users for the network. In the SAFE SMR midsize network design, which module does dial-in traffic terminate?
A. It terminates at the campus module
B. It terminates at the WAN module
C. It terminates at the Corporate Internet module
D. It terminates at the ISP edge module
E. It terminates at the PSTN module
F. It terminates at the Frame/ATM module

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The SAFE medium network design consists of three modules: the corporate Internet module, the campus module, and the WAN module. As in the small network design, the corporate Internet module has the connection to the Internet and terminates VPN and public-services (DNS, HTTP, FTP, and SMTP) traffic. Dial-in traffic also terminates at the corporate Internet module. Reference: Safe white papers;page 16 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 6-3
QUESTION 135
You are the security administrator at Certkiller Inc and you need to authenticate users to the network. After being authenticated, which actions are performed on dial-in access users in the SAFE SMR midsize network design corporate Internet module?
A. After being authenticated, CHAP is used to authenticate the user.
B. After being authenticated, traffic is sent through a Layer 3 switch.
C. After being authenticated, users are provided with IP addresses from an IP pool.
D. After being authenticated, traffic is sent through a router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Last sentence of the paragraph states: When authenticated, the users are provided with IP addresses from an IP pool. However it also states that CHAP is used to authenticate the user (Answer A) But the keyword is ‘After being authenticated’ not ‘During or When’. Reference: Cisco SAFE Implementation Courseware version
1.1 Page 6-17
QUESTION 136
In which module does VPN traffic terminate in the SAFE SMR midsize network design?
A. WAN module
B. Campus module
C. Corporate Internet module
D. ISP edge module
E. PSTN module
F. Frame/ATM module

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: As in the small network design, the corporate Internet module has the connection to the Internet and terminates VPN and public-services (DNS, HTTP, FTP, and SMTP) traffic. REf;Safe white papers;page 16 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 137
Based on the SAFE Model of Small Networks, which threats can only be mitigated at the corporate Internet module (not at the campus module)? (Choose all that apply)
A. Password attacks
B. Port redirection
C. Virus and Trojan horse
D. IP spoofing
E. Denial of service
F. Network reconnaissance

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: A, B, C, D, E, F
Explanation: Reference: Table 13-3 Page 201 of CCSP CSI Exam Certification Guide AND Page 5-5 and 5-6 of CISCO SAFE Courseware under Expected Treat and Mitigation Roles The following are threats to be expected: 1)Unauthorised Access 2)Application layer attacks 3)Virus and Trojan horse attacks 4)Password attacks 5)DoS 6)IP spoofing 7)Packet sniffers 8)Network reconnaissance 9)Trust Exploitation 10)Port Redirection
QUESTION 138
In the corporate Internet module of SAFE SMR midsize network design, following termination of the VPN tunnel, traffic is sent through:
A. A wireless device.
B. A Layer 3 switch
C. A router
D. A Firewall

Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation: The firewall also acts as a termination point for site-to-site IPSec VPN tunnels for both remote site production and remote site management traffic. Ref;Safe white papers;page 19 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 6-13
QUESTION 139
How is denial of service attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. IDS at the host and network levels.
B. E-mail content filtering, HIDS, and host-based virus scanning.
C. OS and IDS detection
D. CAR at the ISP edge and TCP setup controls at the firewall.
E. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router.
F. filtering at the ISP, edge router, and corporate firewall

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Threats Mitigated Denial of service-CAR at ISP edge and TCP setup controls at firewall Ref: Safe White papers 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 140
How are application layer attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Filtering at the ISP, edge router, and corporate firewall.
B. IDS at the host and network levels.
C. E-mail content filtering, HIDS, and host-based virus scanning.
D. OS and IDS detection.
E. CAR at the ISP edge and TCP setup controls at the firewall.
F. RFC 2827 and 1918 filtering at ISP edge and midsize network edge.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Threats mitigated Application layer attacks-Mitigated through IDS at the host and network levels REF;Safe white papers;page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 141
What is the primary function of the firewall in the SAFE SMR midsize network design corporate Internet module?
A. Provide connectivity to the Internet or ISP network.
B. Provide connectivity to the campus module.
C. Provide connectivity to the WAN module.
D. Provide connectivity to the LAN module.
E. Provide the demarcation point between the ISP and the midsize network.
F. Provide connection state enforcement and detailed filtering for sessions initiated through the firewall.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
Explanation: The primary function of the firewall is to provide connection-state enforcement and detailed filtering for sessions initiated through the firewall. REF;Safe white papers;page 19 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 142
What is the primary function of the inside router in the SAFE SMR midsize network design corporate Internet module?
A. Detect attacks on ports that the firewall is configured to permit.
B. Provide connection state enforcement and detailed filtering for session initiated through the firewall.
C. Provide connectivity to the LAN Module.
D. Provide Layer 3 separation

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The primary function of the inside router is to provide Layer 3 separation and routing between the corporate Internet module and the campus module. REF;Safe white papers;page 20 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 143
Following termination of the VPN tunnel, what action is performed on remote user traffic in the SAFE SMR midsize network design corporate Internet module?
A. Traffic is sent through a Layer 2 switch.
B. Traffic is sent through a Layer 3 switch.
C. Traffic is sent through a firewall.
D. Traffic is sent through a router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Following termination of the VPN tunnel, traffic is sent through a firewall to ensure that VPN users are appropriately filtered. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 20
QUESTION 144
Which two are design alternatives in the SAFE SMR midsize network design corporate Internet module? (Choose two)
A. Place a URL filtering server on the public services segment.
B. Eliminate the router between the firewall and the campus module.
C. Set up a small filtering router between the management stations and the rest of the network.
D. Eliminate HIDS.
Correct Answer: AB Section: (none) Explanation

Explanation/Reference:
Explanation: Two other alternatives are available. First is the elimination of the router between the firewall and the campus module. Although its functions can be integrated into the campus module Layer 3 switch, this setup would eliminate the ability of the corporate Internet module to function without relying on Layer 3 services from another area of the network. Second is the addition of content inspection beyond the mail-content inspection already specified. For example, a URL filtering server could be placed on the public services segment to filter the types of Web pages that employees can access. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 21
QUESTION 145
What is the NIDS primary function in the SAFE SMR midsize network design corporate Internet module?
A. Provide connectivity to the campus module.
B. Provide connectivity to the WAN module.
C. Provide connectivity to the LAN module.
D. Provides detection of attacks on ports that the firewall is configured to permit.
E. Provide the demarcation point between the ISP and the medium network.
F. Provide connection state enforcement and detailed filtering for session initiated through the firewall.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The public services segment includes a NIDS appliance. Its primary function is to detect attacks on ports that the firewall is configured to permit. These most often are application layer attacks against specific services. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 19
QUESTION 146
How are virus and Trojan Horse attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Filtering at the ISP, edge router, and corporate firewall.
B. IDS at the host and networks levels.
C. E-mail content filtering, HIDS, and host-based virus scanning.
D. OS and IDS detection.
E. CAR and the ISP edge and TCP setup controls at the firewall.
F. RFC 2827 and 1918 filtering at ISP edge and midsize network edge.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Virus and Trojan horse attacks-Mitigated through e-mail content filtering, HIDS, and host-based virus scanning Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 17
QUESTION 147
John the security administrator at Certkiller Inc. is working on the securing the network. How is unauthorized access mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Mitigated by CAR at the ISP edge and TCP setup controls at the firewall.
B. Mitigated by filtering at the ISP, edge router, and corporate firewall.
C. Mitigated by IDS at the host and network levels.
D. Mitigated by OS and IDS detection.
E. Mitigated by e-mail content filtering, HIDS, and host-based virus scanning.
F. Mitigated by RFC 2827 and 1918 filtering at ISP edge and midsize network edge.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Unauthorized access-Mitigated through filtering at the ISP, edge router, and corporate firewall Reference: Safe white papers;page 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 148
You are the administrator at Certkiller Inc. and you are working on securing the network. How are password attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. Mitigated by filtering at the ISP, edge router, and corporate firewall.
B. Mitigated by RFC 2827 and 1918 filtering at ISP edge and midsize network edge router.
C. Mitigated by OS and IDS detection.
D. Mitigated by e-mail content filtering, HIDS, and host-based virus scanning-
E. Mitigated by CAR at the ISP edge and TCP setup controls at the firewall.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Password attacks -Limited services avalibale to brute force;OS and IDS can detect the threat Reference: Safe white papers;page 17 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 149
You the security administrator at Certkiller Inc are working on design alternatives to the network. Which two are design alternatives in the SAFE SMR midsize network design corporate Internet module? (Choose two)
A. A design alternative is to set up a small filtering router between the management stations and the rest of the network.
B. A design alternative is to eliminate HIDS.
C. A design alternative is to place a URL filtering server on the public services segment.
D. A design alternative is to eliminate the router between the firewall and the campus module.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: Alternatives This module has several alternative designs. Rather than implementing basic filtering on the edge router to the medium network, a network administrator may choose to implement a stateful firewall on this device as well. Having two stateful firewalls provides more of a defense in depth approach to security within the module. Depending on the network administrator’s attitude toward attack awareness, a NIDS appliance might be required in front of the firewall. With the appropriate basic filters, the IDS outside the firewall can provide important alarm information that would otherwise be dropped by the firewall Because the amount of alarms generated on this segment is probably large, alarms generated here should have a lower severity than alarms generated behind a firewall. Also, consider logging alarms from this segment to a separate management station to ensure that legitimate alarms from other segments get the appropriate attention. With the visibility that NIDS outside the firewall provides, evaluation of the attack types your organization is attracting can be better seen. In addition, evaluation of the effectiveness of ISP and enterprise edge filters can be performed. Two other alternatives are available. First is the elimination of the router between the firewall and the campus module. Although its functions can be integrated into the campus module Layer 3 switch, this setup would eliminate the ability of the corporate Internet module to function without relying on Layer 3 services from another area of the network. Second is the addition of content inspection beyond the mail-content inspection already specified. For example, a URL filtering server could be placed on the public services segment to filter the types of Web pages that employees can access. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks

Cisco 642-542 exam is a challenging Certification Exam. Besides the books, internet is considered to be a treasure house of knowledge. In Flydumps you can find your treasure house of knowledge. This is a site of great help to you. You will encounter the complex questions in the exam, but Passcert can help you to pass the exam easily. Flydumps Latest Cisco 642-542 dumps includes all the knowledge that must be mastered for the purpose of passing the Cisco 642-542 exam.

Welcome to download the newest Pass4itsure 412-79 VCE dumps: http://www.pass4itsure.com/412-79.html

CheckPoint Certification

CheckPoint 156-310 Exam Guide, Provide New CheckPoint 156-310 Certification On Sale

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

You can prepare for CheckPoint 156-310 with little effort because Flydumps is now at your service to act as a guide in Flydumps you pass CheckPoint 156-310 exam. Now get that necessary competitive edge that comes with preparing with the help of Flydumps.

QUESTION 96
In VPN-1/FireWall-1, Security Administrators can define URI Resource Properties to strip which of the following from HTML? (Choose three)
A. Java applets
B. Invalid mime types
C. Java scripts
D. ActiveX code
E. Any content of a Web page

Correct Answer: ACD
QUESTION 97
Which VPN-1/FireWall-1 Security Server does NOT perform authentication?
A. SMTP
B. FTP
C. RLOGIN
D. TELNET
E. HTTP

Correct Answer: A
QUESTION 98
Encryption is the transformation of readable data into an unreadable form called:
A. One Way Hash
B. Keyed Text
C. Secret Text
D. Ciphertext
E. Cleartext

Correct Answer: D
QUESTION 99
Choose three. The Check Point SecureClient Packaging Tool allows System Administrators to:
A. Install a package on a client machine.
B. Create customized SecuRemote/SeucreClient installation packages to distribute to users.
C. Customize the flow of end-user installation processes, before SecureRemote/SecureClient is installed.
D. Configure SecuRemote properties for users, before installation.
E. Automatically update SecureClient installation at regular intervals.

Correct Answer: BCD
QUESTION 100
Which of the following is TRUE of the relationship between the RemoteAccess VPN Community and the Security Policy Rule Base?
A. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections. The Security Policy Rule Base is used to allow access to protected resources.
B. The RemoteAccess VPN Community is used to allow access to protected resources. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections.
C. The Security Policy Rule Base is used to define VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. The RemoteAccess VPN Community applies only SecureClient.
D. The RemoteAccess VPN Community defines VPN connection parameters for SecuRemote connections and is used to allow access to protected resources. Security Policy Rules are not defined for SecuRemote.
Correct Answer: A
QUESTION 101
Which of the following statements, about Hybrid Ike, are FALSE? Choose two.
A. The final packet size is increased after it is encrypted
B. Only pre-shared secrets or certificates may be used.
C. SecureClient and Hybrid Ike are incompatible
D. TCP/IP headers are encrypted along with the payload.
E. Any authentication mechanism supported by VPN-1/Firewall-1 is supported.

Correct Answer: BC QUESTION 102
Users must enter a username and a password on the first attempt while using Secure Client Authentication window to connect to a site. Passwords are shared in memory instead if being written to disk, and are erased upon reboot.
A. True
B. False

Correct Answer: A QUESTION 103
The IKE encryption scheme encrypts the original TCP and IP headers along with the packet data.
A. True
B. False

Correct Answer: A QUESTION 104
When licensing a VPN-1/Firewall-1 Management Server, for central licensing you must provide:
A. A host IP address, license expiration date, product feature string and license key.
B. A host IP address, license purchase date, product feature string and license key.
C. A host IP address, license expiration date, product feature string and Certificate Authority Key.
D. A host IP address, license purchase date, validation code and license key.
E. A host IP address, number of firewall nodes, validation code and license key.

Correct Answer: A QUESTION 105
You are developing secure communications for a virtual corporation. There is a main office with a variety of shared resources, but mist employees work either from home, or on the road. The most common interface between these employees and the central database is a modem-equipped Laptop. Reliability and quality are major issues for your users, and security requirements include the need for strong authentication of the remote and mobile users. You are expected to provide centralized management, and to anticipate significant growth in the workforce.

The type of VPN you would choose is the:
A. Intranet VPN.
B. Extranet VPN.
C. Client-to-Firewall VPN.
D. Server to Server VPN.
E. None of the above.

Correct Answer: C
QUESTION 106
You are setting up an IKE VPN between the VPN-1/Firewall-1 modules protecting two networks. One network is using a RFC 1918 compliant address range of 10.15.0.0 and the other network is using a RFC1 818 compliant address range 192.168.9.0. What method of address translation would you use?

A. Static Source.
B. Static destination.
C. Dynamic source.
D. Dynamic
E. None

Correct Answer: E
QUESTION 107
Secure Client supports desktop policies.
A. True
B. False

Correct Answer: A
QUESTION 108
You are the VPN-1/Firewall-1 administrator for a company who’s extranet requires encryption. You must an encryption scheme with the following features: Portability Standard Key Management Automatic, external PKI Session Keys Change at configured times during a connection’s life time Which encryption scheme do you choose?
A. Rj indal
B. FWZ
C. IKE
D. IKE
E. Triple DES.
F. Manual IPSec.

Correct Answer: C QUESTION 109
When adding users to firewall, an administrator can install just the User Database without re-installing the entire Security Policy.
A. True
B. False

Correct Answer: A QUESTION 110
Both, RSA and Diffie-Hellman are asymmetric encryption techniques generating a one-way trust model for encryption and decryption messages.
A. True
B. False

Correct Answer: B QUESTION 111
VPN-1/Firewall-1 gateway products (other than the GUI) are supported on Windows NT Workstation.
A. True
B. False

Correct Answer: B QUESTION 112
For each connection that is established through a VPN-1/Firewall-1 Security Server, security administrators control specific access according to information defined in the Resource field.
A. True
B. False

Correct Answer: A QUESTION 113
When a SecuRemote Client and Server key exchange occurs, the user will be re-authenticated if the password has been erased.
A. True
B. False

Correct Answer: A QUESTION 114
There are certain general recommendations for improving the performance of Check Point VPN-1/Firewall-1, Choose all that apply.
1.
Use Domain objects when possible.

2.
User Network instead of Address Ranges.

3.
Combine similar rules to reduce the number of rules.

4.
Enable VPN-1/Firewall-1 control connections.

5.
Keep Rule Base small and simple.
A. 1, 2, 3.
B. 1, 2, 4.
C. 2, 3, 5.
D. 1, 2, 3, 4, 5.
E. 1, 3, 5.

Correct Answer: C
QUESTION 115
The AES algorithm (Rjindal) is used with IKE encryption, VPN-1/Firewall-1 supports which version of AES?
A. 256-bit.
B. 168 and 256-bit.
C. 112-, 168- and 256-bit.
D. 40- and 56-bits.
E. 25- and 112-bit.

Correct Answer:
QUESTION 116
The Check Point Secure Client packaging tool enables system administrators:
A. To create customized SecuRemote/Secure Client installation packages to distribute to users.
B. To configure SecuRemote properties for users before installation.
C. To customize the flow of end users’ installation processes before SecuRemote/Secure Client installation.
D. A and B.
E. All of the above.

Correct Answer: E
QUESTION 117
If you have modified your network configuration by removing the firewall adapters, you can reinstall these adapters by re-installing Secure Client.
A. True
B. False

Correct Answer: B
QUESTION 118
Which of the following selections lists the three security components essential to guaranteeing the security of network connections?
A. Encryption, inspection, routing.
B. NAT, traffic control, topology.
C. Static addressing, cryptosystems, spoofing.
D. Encryption, authentication, integrity.
E. DHCP, quality of service, IP pools.
Correct Answer: D
QUESTION 119
How do you enable connection logging to the Policy Server when using Secure Client?
A. Go to the registry and add key EnableLogging=1.
B. Create the file st.log in the log directory.
C. Set logging to Alert in the Tracking field of the Rule Base.
D. Enable logging in the Policy server.
E. Select 碋nable Logging?under options in the tool menu of the Secure Client GUI.

Correct Answer: A
QUESTION 120
The encryption key for SecuRemote connections, for two phase exchange, remains valid by default for ________.
A. About 15 minutes.
B. About 30 minutes.
C. About 45 minutes.
D. About 60 minutes.
E. The entire remote user operating session.

Correct Answer: D
QUESTION 121
What is the purpose of HTML weeding when a defining a URI resource?
A. A HTML weeding changes specified code from an HTML page containing a reference to JAVA or ActiveX code.
B. HTML weeding strips JAVA code from incoming HTTP, and blocks JAVA applets.
C. HTML wedding stops applets when JAVA code is incorporated in a HTML document.
D. HTML weeding fetches JAVA code directly.
E. HTML weeding prompts users when a JAVA or ACTIVEX is available from an HTML page being viewed.

Correct Answer: B
QUESTION 122
When using IKE in a Firewall-to-Firewall VPN, ____________ is used to manage session keys, encryption method and data integrity.
A. UDP
B. RDP
C. ICMP
D. FTP
E. RWS
Correct Answer: A
QUESTION 123
Before installing VPN-1/Firewall-1 on Windows NT, you MUST confirm that:
A. Your network is properly configured, with special emphasis on routing.
B. The host and the gateway can see each other.
C. X/Motif client is installed.
D. You can log on and TELNET to each of the hosts in the internal networks.
E. You have completed hardening your operating system.

Correct Answer: A
QUESTION 124
CRL lookups from VPN-1/Firewall-1 modules, or the SecuRemote Server, to the LDAP Server. When problems occur with CRL verification, how would you verify that the IP addresses and port numbers are correctly referencing the CA and LDAP Servers?
A. Check the ca.ini file.
B. Check the CA object configuration.
C. Check the CRL timeout.
D. Run fw checkcaintegrity -f -n from a command-line prompt.
E. Run cpconfig.

Correct Answer: B
QUESTION 125
What are the disadvantages of Shared Secret Key encryption?
A. A secure channel is required by which correspondents can agree on a key before their first encrypted communication.
B. Correspondents may have to agree on a key by some other fairly secure method, such as by mail or telephone.
C. The number of keys required can quickly become unmanageable since there must be a different key pair fir each pair of possible correspondents.
D. B and C.
E. A, B and C.

Correct Answer: D
QUESTION 126
An external UFP server, can perform which if the following?
A. Find out java, JavaScript, Active X.
B. Deny or allow access to URLs using categories.
C. Integrate Firewall-1 with an external user database.
D. Check for viruses and malicious contents.
E. All of the above.

Correct Answer: B
QUESTION 127
Which of the following statements best describe the purpose of the Transparent Connection method shown below in the URI Resources Properties window?

A. Matches all connections that are not in proxy or Tunneling Mode.
B. Matches connections in proxy mode only.
C. Matches connections using HTTP > CONNECT method.
D. Disables all content security options in the URI specification.
E. Takes an action as a result of a logged resource definition.

Correct Answer: A QUESTION 128
When SecuRemote Client and Server key exchange occurs, the user will NOT be re-authenticated even if the Password Expires After timer on the SecuRemote Server has not expired.
A. True
B. False

Correct Answer: A QUESTION 129
In the following graphic, the remote Secure Client machine does not have an installed Desktop Policy. The Secure Client user tries to connect to a host in Detroit’s domain. Because Detroit is a Policy Server.

A. It will initiate explicit login and attempt to install a Desktop Policy on the Secure Client machine, before it allows a connection to its domain.
B. It will initiate implicit login and attempt to install a Desktop Policy on the Secure Client machine, before it allows a connection to its domain.
C. It will initiate implicit login only, before it allows a connection to its domain.
D. It will initiate explicit login only, before it allows a connection to its domain.
E. It will initiate implicit login and attempt to install a Desktop Policy on the SecuRemote machine, before it allows a connection to its domain.

Correct Answer:
QUESTION 130
In the event that an unauthorized user attempts to compromise a valid Secure Client connection, the Secure Client machine can remain protected by?
A. The VPN module in the enterprise firewall.
B. Enforcing a desktop policy blocking incoming connections to the Secure Client.
C. The organization’s internal firewall.
D. Network address translation performed by the gateway.
E. Using FWZ encapsulation.

Correct Answer: B

A Microsoft certification exam can be a milestone in your professional career. Flydumps is the pioneer in Microsoft certification exam preparation. With a highly competent and professional team, Latest CheckPoint 156-310 dumps in Flydumps has come up with a great, thorough exam material which will be a treasure for you.you will get certified easily with the help of Flydumps latest Latest CheckPoint 156-310 dumps.

Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html

CheckPoint 156-310 Exam Guide, Provide New CheckPoint 156-310 Certification On Sale

Cisco

Cisco 642-618 Cert Exam, Free Cisco 642-618 Free Dumps With 100% Pass Rate

Welcome to download the newest Pass4itsure hp0-m52 VCE dumps: http://www.pass4itsure.com/hp0-m52.html

Your worries about Cisco 642-618 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the Cisco 642-618 exam. All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-618 exam.It 100% ensure you pass the exam without any doubt.

QUESTION 111
Refer to the exhibit.
***Exhibit is Missing***
Which command options represent the inside local address, inside global address, outside local address, and outside global address?
A. 1 = outside local, 2 = outside global, 3 = inside global, 4 = inside local
B. 1 = outside local, 2 = outside global, 3 = inside local, 4 = inside global
C. 1 = outside global, 2 = outside local, 3 = inside global, 4 = inside local
D. 1 = inside local, 2 = inside global, 3 = outside global, 4 = outside local
E. 1 = inside local, 2 = inside global, 3 = outside local, 4 = outside global

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 112
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, which configuration is mandatory?
A. NAT
B. static routes
C. ARP inspections
D. EtherType access-list
E. bridge group(s)
F. dynamic MAC address learning

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 113
Which access rule is disabled automatically after the global access list has been defined and applied?
A. the implicit global deny ip any any access rule
B. the implicit interface access rule that permits all IP traffic from high security level to low security level interfaces
C. the implicit global access rule that permits all IP traffic from high security level to low security level interfaces
D. the implicit deny ip any any rule on the global and interface access lists
E. the implicit permit all IP traffic from high security level to low security level access rule on the global and interface access lists

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 114
Which option can cause the interactive setup script not to work on a Cisco ASA 5520 appliance running software version 8.4.1?
A. The clock has not been set on the Cisco ASA appliance using the clock set command.
B. The HTTP server has not been enabled using the http server enable command.
C. The domain name has not been configured using the domain-name command.
D. The inside interface IP address has not been configured using the ip address command.
E. The management 0/0 interface has not been configured as management-only and assigned a name using the nameif command.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 115
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 116
Which statement about the Cisco ASA 5585-X appliance is true?
A. The IPS SSP must be installed in slot 0 (bottom slot) and the firewall/VPN SSP must be installed in slot 1 (top slot).
B. The IPS SSP operates independently. The firewall/VPN SSP is not necessary to support the IPS SSP.
C. The ASA 5585-X appliance supports three types of SSP (the firewall/VPN SSP, the IPS SSP, and the CSC SSP).
D. The ASA 5585-X appliance with the firewall/VPN SSP-60 has a maximum firewall throughput of 10 Gb/s.
E. All IPS traffic (except the IPS management interface traffic) must flow through the firewall/VPN SSP first before it can be redirected to the IPS SSP.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 117
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 118
Which logging mechanism is configured using MPF and allows high-volume traffic-related events to be exported from the Cisco ASA appliance in a more efficient and scalable manner compared to classic syslog logging?
A. SDEE
B. Secure SYSLOG
C. XML
D. NSEL
E. SNMPv3

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 119
Refer to the exhibit.
object network insidenatted range 10.1.2.10 10.1.2.20 ! object network insidenet range 172.16.1.10 172.16.1.100 ! object network outnatted range 192.168.3.100 192.168.3.150 ! nat (inside,outside) after-auto 1 ?
Which option completes the CLI NAT configuration command to match the Cisco ASDM NAT configuration?
A. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted
B. source dynamic insidenet insidenatted interface destination static Partner-internal-subnets outnatted
C. source dynamic insidenet insidenatted destination static Partner-internal-subnets outnatted interface
D. source dynamic insidenet interface destination static Partner-internal-subnets outnatted
E. source dynamic insidenatted insidenet destination static Partner-internal-subnets outnatted
F. source dynamic insidenatted interface destination static Partner-internal-subnets outnatted

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 120
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.
Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected
10.10.10.10 web server.
3.
The security appliance should drop all requests that contain basic SQL injection attempts (the

string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing the references to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 121
By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?
A. show policy-map global_policy
B. show policy-map inspection_default
C. show class-map inspection_default
D. show class-map default-inspection-traffic
E. show service-policy global

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 122
Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?
A. Configuration > Firewall > Service Policy Rules
B. Configuration > Firewall > Advanced > IP Audit > IP Audit Policy
C. Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures
D. Configuration > Firewall > Advanced > TCP options
E. Configuration > Firewall > Objects > TCP Maps
F. Configuration > Firewall > Objects > Inspect Maps

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:

QUESTION 124

Select and Place: Correct Answer: Section: (none)
Explanation

QUESTION 125

Select and Place: Correct Answer: Section: (none)
Explanation Explanation/Reference:
QUESTION 126

Select and Place: Correct Answer: Section: (none)
Explanation

QUESTION 127
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:

Which statement about the Cisco ASA configuration is true?
A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted. Explanation:

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)
A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside destinations to be translated with dynamic port address transmission using the outside interface IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA when accessing it via ASDM Explanation:

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?
A. DNS snooping
B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
C. Periodic download of the dynamic botnet database from Cisco.
D. DNS inspection in the global policy.
E. Manual botnet black and white lists.
F.
G.

Correct Answer: ABCDE Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Q130 CORRECT TEXT
Instructions
This item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens.
Scenario
Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks:
1.
Enable HTTP inspection globally on the Cisco ASA

2.
Create a new HTTP inspect Map named: http-inspect-map to:
a.
Enable the dropping of any HTTP connections that encounter HTTP protocol violations

b.
Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request
Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional.
After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are filly functional.
Hot Area:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Answer: Here are the step by step Solution for this:

Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name “httpinspect-map”>>click on detail>>
a.
select “check for protocol violations”

b.
Action: Drop connection

c.
Log: Enable

d.
Click on Inspection: Click Add

e.
Select Single Match>>Match type: No Match

f.
Criterion: response header field

g.
Field: Predefined: Content type

h.
value: Content type

i.
Action: Drop connection

j.
Log: Enable

h.
ok>>>ok>>>Apply
Through achieve this command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection log
policy-map type inspect http http-inspect-map match not response header content-type application/msword
drop-connection log

Flydumps.com is providing complete solutions for Cisco 642-618 that will help the candidates learn extensively and score exceptional in the Cisco 642-618 exam. Passing the Microsoft is not a dream anymore as our user friendly learning resources ensure guaranteed success.

Pass4itsure hp0-m52 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/hp0-m52.html

Cisco 642-618 Cert Exam, Free Cisco 642-618 Free Dumps With 100% Pass Rate

Cisco

Cisco 642-618 VCE Files, Most Accurate Cisco 642-618 PDF Download On Our Store

Welcome to download the newest Pass4itsure eada10 VCE dumps: http://www.pass4itsure.com/eada10.html

FLYDUMPS bring you the best Cisco 642-618 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-618 exam updates as Microsoft announces a change in its Cisco 642-618 exam syllabus,we inform you about it without delay.

QUESTION 101
Which three CLI commands are generated by these Cisco ASDM configurations? (Choose three.)

A. object-group network testobj
B. object network testobj
C. ip address 10.1.1.0 255.255.255.0
D. subnet 10.1.1.0 255.255.255.0
E. nat (any,any) static 192.168.1.0 dns
F. nat (outside,inside) static 192.168.1.0 dns
G. nat (inside,outside) static 192.168.1.0 dns
H. nat (inside,any) static 192.168.1.0 dns
I. nat (any,inside) static 192.168.1.0 dns

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 103
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which four unicast or multicast routing protocols are supported by the Cisco ASA appliance? (Choose four.)
A. RIP (v1 and v2)
B. OSPF
C. ISIS
D. BGP
E. EIGRP
F. Bidirectional PIM
G. MOSPF
H. PIM dense mode

Correct Answer: ABEF Section: (none) Explanation
Explanation/Reference:
QUESTION 106
On Cisco ASA Software Version 8.4.1 and later, which three EtherChannel modes are supported? (Choose three.)
A. active mode, which initiates LACP negotiation
B. passive mode, which responds to LACP negotiation from the peer
C. auto mode, which automatically responds to either PAgP or LACP negotiation from the peer
D. on mode, which enables static port-channel mode
E. off mode, which disables dynamic negotiation

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which two Cisco ASA configuration tasks are necessary to allow authenticated BGP sessions to pass through the Cisco ASA appliance? (Choose two.)
A. Configure the Cisco ASA TCP normalizer to permit TCP option 19.
B. Configure the Cisco ASA TCP Intercept to inspect the BGP packets (TCP port 179).
C. Configure the Cisco ASA default global inspection policy to also statefully inspect the BGP flows.
D. Configure the Cisco ASA TCP normalizer to disable TCP ISN randomization for the BGP flows.
E. Configure TCP state bypass to allow the BGP flows.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which two options show the required Cisco ASA command(s) to allow this scenario? (Choose two.)
An inside client on the 10.0.0.0/8 network connects to an outside server on the 172.16.0.0/16 network using TCP and the server port of 2001. The inside client negotiates a client port in the range between UDP ports 5000 to 5500. The outside server then can start sending UDP data to the inside client on the negotiated port within the specified UDP port range.
A. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-group INSIDE in interface inside
B. access-list INSIDE line 1 permit tcp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq 2001 access-list INSIDE line 2 permit udp 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0 eq established access-group INSIDE in interface inside
C. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq 5000-5500 access-group OUTSIDE in interface outside
D. access-list OUTSIDE line 1 permit tcp 172.16.0.0 255.255.0.0 eq 2001 10.0.0.0 255.0.0.0 access-list OUTSIDE line 2 permit udp 172.16.0.0 255.255.0.0 10.0.0.0 255.0.0.0 eq established access-group OUTSIDE in interface outside
E. established tcp 2001 permit udp 5000-5500
F. established tcp 2001 permit from udp 5000-5500
G. established tcp 2001 permit to udp 5000-5500

Correct Answer: AG Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Which three actions can be applied to a traffic class within a type inspect policy map? (Choose three.)
A. drop
B. priority
C. log
D. pass
E. inspect
F. reset

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 110
On Cisco ASA Software Version 8.4 and later, which two options show the maximum number of active and standby ports that an EtherChannel can have? (Choose two.)
A. 2 active ports
B. 4 active ports
C. 6 active ports
D. 8 active ports
E. 2 standby ports
F. 4 standby ports
G. 6 standby ports
H. 8 standby ports

Correct Answer: DH Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Which three types of class maps can be configured on the Cisco ASA appliance? (Choose three.)
A. control-plane
B. regex
C. inspect
D. access-control
E. management
F. stack

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.

Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 114
In which two directions are the Cisco ASA modular policy framework inspection policies applied? (Choose two.)
A. in the ingress direction only when applied globally
B. in the ingress direction only when applied on an interface
C. in the egress direction only when applied globally
D. in the egress direction only when applied on an interface
E. bi-directionally when applied globally
F. bi-directionally when applied on an interface

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)
A. SNMPv3 Local EngineID
B. SNMPv3 Remote EngineID
C. SNMP Users
D. SNMP Groups
E. SNMP Community Strings
F. SNMP Hosts

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A customer is ordering a number of Cisco ASAs for their network. For the remote or home office, they are purchasing the Cisco ASA 5505. When ordering the licenses for their Cisco ASAs, which two licenses must they order that are “platform specific” to the Cisco ASA 5505? (Choose two.)
A. AnyConnect Essentials license
B. per-user Premium SSL VPN license
C. VPN shared license
D. internal user licenses
E. Security Plus license

Correct Answer: DE Section: (none) Explanation
Explanation/Reference: QUESTION 117
Which two statements are true? (Choose two.)

A. The connection is awaiting outside ACK to SYN.
B. The connection is initiated from the inside.
C. The connection is active and has received inbound and outbound data.
D. The connection is an incomplete TCP connection.
E. The connection is a DNS connection.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 118
The Cisco ASA is configured in multiple mode and the security contexts share the same outside physical interface. Which two packet classification methods can be used by the Cisco ASA to determine which security context to forward the incoming traffic from the outside interface? (Choose two.)
A. unique interface IP address
B. unique interface MAC address
C. routing table lookup
D. MAC address table lookup
E. unique global mapped IP addresses

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which two CLI commands result from this configuration? (Choose two.)

A. aaa authorization network LOCAL
B. aaa authorization network default authentication-server LOCAL
C. aaa authorization command LOCAL
D. aaa authorization exec LOCAL
E. aaa authorization exec authentication-server LOCAL
F. aaa authorization exec authentication-server

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which three statements are the default security policy on a Cisco ASA appliance? (Choose three.)
A. Traffic that goes from a high security level interface to a lower security level interface is allowed.
B. Outbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.
C. Traffic that goes from a low security level interface to a higher security level interface is allowed.
D. Traffic between interfaces with the same security level is allowed by default.
E. Traffic can enter and exit the same interface by default.
F. When the Cisco ASA appliance is accessed for management purposes, the access must be made to the nearest Cisco ASA interface.
G. Inbound TCP and UDP traffic is statefully inspected and returning traffic is allowed to traverse the Cisco ASA appliance.

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference: QUESTION 121
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Refer to the exhibit and to the four HTTP inspection requirements and the Cisco ASA configuration.

Which two statements about why the Cisco ASA configuration is not meeting the specified HTTP inspection requirements are true? (Choose two.)
1.
All outside clients can use only the HTTP GET method on the protected 10.10.10.10 web server.

2.
All outside clients can access only HTTP URIs starting with the “/myapp” string on the protected
10.10.10.10 web server.
3.
The security appliance should drop all requests that contain basic SQL injection attempts (the string “SELECT” followed by the string “FROM”) inside HTTP arguments.

4.
The security appliance should drop all requests that do not conform to the HTTP protocol.
A. Both instances of match not request should be changed to match request.
B. The policy-map type inspect http MY-HTTP-POLICY configuration is missing thereferences to the class maps.
C. The BASIC-SQL-INJECTION regular expression is not configured correctly.
D. The MY-URI regular expression is not configured correctly.
E. The WEB-SERVER-ACL ACL is not configured correctly.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 123

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference: Explanation:
Inside Local: 10.0.1.0_obj Inside global: 192.168.1.7_obj Outside global: 209.165.200.226_server Outside Local: 209.165.201.21_server
QUESTION 124

Select and Place: Correct Answer:

Section: (none) Explanation
Explanation/Reference:
Systems Execution SpaceUsed to define the context name, location of the context startup configuration and interface allocation Admin ContextUsed by the Cisco ASA appliance to access the required network resources Customer contextUsed to support virtual firewall with its own configuration
QUESTION 125
Select and Place:

Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 126

Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference: Explanation:
Interface access-list entries Global access-list entries Implicit deny ip any any interface access-list rule entry
QUESTION 127

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question.
Which statement about the Cisco ASA configuration is true?
1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. All input traffic on the inside interface is denied by the global ACL.
B. All input and output traffic on the outside interface is denied by the global ACL.
C. ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D. HTTP inspection is enabled in the global policy.
E. Traffic between two hosts connected to the same interface is permitted.
Correct Answer: B Section: (none) Explanation Explanation/Reference:

QUESTION 128

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
Which two statements about the running configuration of the Cisco ASA are true? (Choose Two)

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. The auto NAT configuration causes all traffic arriving on the inside interface destined to any outside destinations to be translated with dynamic port address transmission using the outside interface IP address.
B. The Cisco ASA is using the Cisco ASDM image from disk1:/asdm-642.bin
C. The Cisco ASA is setup as the DHCP server for hosts that are on the inside and outside interfaces.
D. SSH and Cisco ASDM access to the Cisco ASA requires AAA authentication using the LOCAL user database.
E. The Cisco ASA is using a persistent self-signed certified so users can authenticate the Cisco ASA when accessing it via ASDM

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 129

Case Study Title (Case Study):
Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?

1-a (exhibit):

1-b (exhibit):

1-c (exhibit):

1-d (exhibit):

1-e (exhibit):

1-f (exhibit):

A. DNS snooping
B. Botnet traffic filtering on atleast one of the Cisco ASA interface.
C. Periodic download of the dynamic botnet database from Cisco.
D. DNS inspection in the global policy.
E. Manual botnet black and white lists.
Correct Answer: A Section: (none)

Explanation
Explanation/Reference:
QUESTION 130

Case Study Title (Case Study): Instructions
This item contains a simulation task. Refer to the scenario and topology before you start. When you are ready, open the Topology window and click the required device to open the GUI window on a virtual terminal. Scroll to view all parts of the Cisco ASDM screens.

Scenario
Click the PC icon to launch Cisco ASDM. You have access to a Cisco ASA 5505 via Cisco ASDM. Use Cisco ASDM to edit the Cisco ASA 5505 configurations to enable Advanced HTTP Application inspection by completing the following tasks:
1.
Enable HTTP inspection globally on the Cisco ASA

2.
Create a new HTTP inspect Map named: http-inspect-map to:
a.
Enable the dropping of any HTTP connections that encounter HTTP protocol violations

b.
Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed of the HTTP request Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional. After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy that is created after you complete your configuration. Also not all the ASDM screens are fully functional.

2-a (exhibit):

2-b (exhibit):

2-c (exhibit): 2-d (exhibit):
A.
Correct Answer: A

Section: (none) Explanation
Explanation/Reference:
Answer: Here are the step by step Solution for this:
Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name “httpinspect-map”>>click on detail>>
a.
select “check for protocol violations”

b.
Action: Drop connection

c.
Log: Enable

d.
Click on Inspection: Click Add

e.
Select Single Match>>Match type: No Match

f.
Criterion: response header field

g.
Field: Predefined: Content type

h.
value: Content type

i.
Action: Drop connection

j.
Log: Enable

h.
ok>>>ok>>>Apply Through achieve this command line: policy-map type inspect http http-inspect-map parameters protocol-violation action drop-connection log policy-map type inspect http http-inspect-map match not response header content-type application/msword drop-connection log

Flydumps.com takes in the latest Cisco 642-618 questions in the Cisco 642-618 exam materials so that our material should be always the latest and the most relevant. We know that Cisco 642-618 examination  wouldn’t repeat the same set of questions all the time. Microsoft certification examinations are stringent and focus is often kept on updated technology trends. The Cisco 642-618 exam questions organized by the professionals will help to condition your mind to promptly grasp what you could be facing in the Cisco 642-618 cert examination.

Pass4itsure eada10 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/eada10.html

Cisco 642-618 VCE Files, Most Accurate Cisco 642-618 PDF Download On Our Store

Cisco

Cisco 642-542 Exam questions, High Pass Rate Cisco 642-542 PDF Dumps Sale

Welcome to download the newest Pass4itsure C2180-374 VCE dumps: https://www.pass4itsure.com/c2180-374.html

Your worries about Cisco 642-542 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the exam.All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-542 exam.It 100% ensure you pass the Cisco 642-542 exam without any doubt.

QUESTION 96
According to SAFE, small network design has how many modules?
B. 3
C. As many as the Enterprise architecture.
D. 5
E. 4

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. REF;Safe white papers;10 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 97
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Choose two)
A. Access-group
B. Ip inspect-name
C. Ip route
D. Access-list

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
REF;Safe white papers;
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks

QUESTION 98
How many modules are in the SAFE SMR small network design?
A. 1
B. 2
C. 3
D. 4
E. 5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The small network design has two modules: the corporate Internet module and the campus module.
REF;Safe white papers;10
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks

QUESTION 99
Which two devices in the SAFE SMR small network campus module should have HIDS installed? (Choose two)
A. Layer 2 switches
B. Firewalls
C. Management hosts
D. Desktop workstations
E. Corporate servers
F. Lab workstations

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: Because there are no Layer 3 services within the campus module, it is important to note that this design places an increased emphasis on application and host security because of the open nature of the internal network. Therefore, HIDS was also installed on key systems within the campus, including the corporate servers and management systems. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 15
QUESTION 100
What two modules are in the SAFE SMR small network design? (Choose two)
A. Edge
B. Internet
C. Corporate Internet
D. Campus

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. The corporate Internet module has connections to the Internet and also terminates VPN and public services (DNS, HTTP, FTP, SMTP) traffic. The campus module contains the Layer 2 switching and all the users, as well as the management and intranet servers. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 10
QUESTION 101
You are the administrator at Certkiller Inc. and you need to implement a firewall in the SAFE SMR small
network design.
In which module does the firewall exist in the SAFE SMR small network design?

A. The Internet module
B. The Corporate Internet module
C. The Campus module
D. The Edge module

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Corporate Internet Module
Key Devices:

1.
SMTP server-Acts as a relay between the Internet and the intranet mail servers

2.
DNS server – servers as authoritative external DNS server for the enterprise;relays internal requests to the Internet

3.
FTP/HTTP server-Provides public information about the organization

4.
Firewall or firewall router-Provides network-level protection of resources, stateful filtering of traffic, and VPN termination for remote sites and users

5.
Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe white papers;11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 102
Kathy the security administrator at Certkiller Inc. is implementing HIDS in the SAFE SMR small network
corporate Internet module.
On what device within the SAFE SMR small network corporate Internet module should Kathy perform
HIDS local attack mitigation?

A. HIDS is performed on Public services servers
B. HIDS is performed on Layer 2 switch
C. HIDS is performed on Firewall
D. HIDS is performed on Routers

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers Reference: Safe white papers;11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 9-46
QUESTION 103
According to SAFE SMR, what type of VPN connectivity is typically used with the Cisco PIX Firewall?
A. Remote access
B. Site-to-site
C. Mobile user
D. Corporate

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN connectivity is provided through the firewall or firewall/router. Remote sites authenticate each other with pre-shared keys and remote users are authenticated through the access control server in the campus module. REF;Safe white papers;page 13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 104
Which method will always compute the password if it is made up of the character set you selected to test?
A. Brute force computation
B. Strong password computation
C. Password reassemble
D. Brute force mechanism

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 105
How are application layer attacks mitigated in the SAFE SMR small network corporate Internet module?
A. NIDS
B. Virus scanning at the host level.
C. HIDS on the public servers.
D. Filtering at the firewall.
E. CAR at ISP edge.
F. TCP setup controls at the firewall to limit exposure.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks – Mitigated through HIDS on the public servers REF;Safe white papers;page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 106
How are packet sniffers attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Mitigated Threats Packet sniffers-Switched infrastructure and host IDS to limit exposure REF;Safe white papers;page 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 107
HIDS local attack mitigation is performed on what devices within the SAFE SMR small network corporate Internet module?
A. Layer 2 switches
B. Firewalls
C. Routers
D. Public services servers

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Application layer attacks-Mitigated through HIDS on the public servers
QUESTION 108
Which three key devices are in the SAFE SMR small network corporate Internet module? (Choose three)
A. Servers
B. VPN concentrators
C. Layer 3 switches
D. Firewalls
E. Layer 2 switches
F. NIDS

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices SMTP server DNS server FTP/HTTP server Firewall or Firewall router Layer 2 switch(with private VLAN support) REF;Safe white papers;page11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 109
How are trust exploitation attacks mitigated in the SAFE SMR small network corporate Internet module?
A. RFC 2827 and 1918 filtering at ISP edge and local firewall.
B. Switched infrastructure and HIDS.
C. Protocol filtering.
D. Restrictive trust model and private VLANs.
E. Restrictive filtering and HIDS.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Trust exploitation-Restrictive trust model private VLANs to limit trust-based attacks Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 11
QUESTION 110
John the security administrator at Certkiller Inc. is working on mitigating all threats to the network. What threats are expected for the SAFE SMR small network campus module? (Choose two)
A. The IP spoofing threat
B. The Packet sniffers threat
C. The Application layer attacks threat
D. The Denial of service threat

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation: Threats Mitigated
1.
Packet sniffers-A switched infrastructure limits the effectiveness of sniffing

2.
Virus and Trojan-horse applications-Host-based virus scanning prevents most viruses and many Trojan horses

3.
Unauthorized access-This type of access is mitigated through the use of host-based intrusion detection and application access control

4.
Application layer attacks-Operating systems, devices, and applications are kept up-to-date with the

latest security fixes, and they are protected by HIDS

5.
Trust exploitation-Private VLANs prevent hosts on the same subnet from communicating unless necessary

6.
Port redirection-HIDS prevents port redirection agents from being installed Reference: Safe white papers:14 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 111
You are the administrator at Certkiller Inc and you are implementing a small filtering router. As an alternative design in the SAFE SRM small network campus module, a small filtering router can be placed between the rest of the network and which devices?
A. The rest of the network and Layer 2 switches
B. The rest of the network and corporate users
C. The rest of the network and management stations
D. The rest of the network and routers

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Alternatives Setting a small filtering router or firewall between the management stations and the rest of the network can improve overall security. This setup will allow management traffic to flow only in the specific direction deemed necessary by the administrators. If the level of trust within the organization is high, HIDS can potentially be eliminated, though this is not recommended. Reference: Page 15 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 112
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Select two.)
A. access group
B. ip inspect-name
C. ip route
D. access-list

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
How are packet sniffer attacks mitigated in the SAFE SMR small network campus module?
A. Host based virus scanning.
B. The latest security fixes.
C. The use of HIDS and application access control.
D. Switches infrastructure
E. HIDS

Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation: Packet snuffers-Threats mitigated; switched infrastructure and host IDS to limit exposure. REF;Safe white papers;page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 114
What can be implemented in the SAFE SMR small network campus module to mitigate trust exploitation attacks between devices?
A. Layer 2 switches
B. Firewalls
C. Private VLANs
D. Routers

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Threats mitigated Trust exploitation-Restrictive trust model and private VLANs to limit trust-based attacks REF;Safe white papers;page 18 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 115
What are three of the key devices in the SAFE SMR small network campus module? (Choose three)
A. Layer 2 switches
B. IOS firewall
C. User workstations
D. PIX firewall
E. Corporate servers
F. NIDS

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
Explanation: Key Devices Layer 2 switching Corporate server user workstation Management host REF;Safe white papers;page13 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 116
How are port redirection attacks mitigated in the SAFE SMR small network campus module?
A. Switched infrastructure.
B. Host based virus scanning.
C. The use of NIDS and application access control.
D. The latest security fixes and NIDS.
E. Private VLANs
F. HIDS
Correct Answer: F Section: (none) Explanation

Explanation/Reference:
Explanation: Port redirection-HIDS prevents port redirection agents from being installed Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 14
QUESTION 117
What three commands are used for RFC 1918 and RFC 2827 filtering on the ISP router in the SAFE SMR small network campus module? (Choose three)
A. ip route 1918
B. access-list
C. access-group
D. enable rfc 1918 filtering
E. rate-limit
F. enable rfc 2827 filtering

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Explanation: Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 47
QUESTION 118
The security team at Certkiller Inc. is working on implementing IOS firewall in their SAFE SMR small
network design.
What is the primary function of the IOS firewall in the SAFE SMR small network design?

A. The primary function is it provides remote site connectivity and general filtering for sessions initiated through the firewall.
B. The primary function is it provides host DoS mitigation.
C. The primary function is it authenticates IPSec tunnels.
D. The primary function is it provides remote site authentication.
E. The primary function is it provides connection state enforcement and detailed filtering for sessions initiated through the firewall.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: Layer 2 switch (with private VLAN support)-Ensures that data from managed devices can only cross directly to the IOS firewall Reference: Safe white papers; 11 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 119
You are the administrator at Certkiller Inc. and you are configuring the PIX Firewall. The ip verify reverse-path command implements which of the following on the PIX Firewall? (Choose two)
A. The ip verify reverse-path command performs a route lookup based on the destination address.
B. The ip verify reverse-path command performs a route lookup based on the source address.
C. The ip verify reverse-path command provides session state information based on source address.
D. The ip verify reverse-path command provides ingress filtering.
E. The ip verify reverse-path command provides session state information based on destination address.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation: Use the ipverify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection. This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet. Reference: Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks
QUESTION 120
Jason is the security administrator at Certkiller Inc. and wants to know which is true with regard to creating an RPC entry with the NFS program number?
A. The true statement is NFS traffic designated as friendly will be allowed through the firewall.
B. The true statement is no NFS traffic will be allowed through the firewall.
C. The true statement is all NFS traffic will be allowed through the firewall.
D. The true statement is NFS traffic designated as hostile will not be allowed through the firewall.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Remote Procedure Call (RPC) inspection enables the specification of various program numbers. You can define multiple program numbers by creating multiple entries for RPC inspection, each with a different program number. If a program number is specified, all traffic for that program number is permitted. If a program number is not specified, all traffic for that program number is program number, all NFS traffic is allowed through the firewall. Reference: CSI Student Guide v2.0 p. 5-30
QUESTION 121
What is the function of SMTP inspection?
A. Monitors SMTP mail for hostile commands.
B. Monitors SMTP commands for illegal commands.
C. Monitors traffic from and STMP server that is designated as friendly.
D. Monitors traffic that has not been encapsulated.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: SMTP application inspection controls and reduces the commands that the user can use as well as the messages that the server returns. Ref: Cisco Pix Firewall Software (Configuring Application Inspection (Fixup) Cisco PIX Firewall Software – Configuring Application Inspection (Fixup)
QUESTION 122
How does Java applet filtering distinguish between trusted and untrustedapplets?
A. Examines the applet for suspicious code.
B. Relies on a list of applets that you designate as hostile.
C. Relies on a list of applets that you designate as friendly.
D. Relies on a list of external sites that you designate as friendly.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Java inspection enables Java applet filtering at the firewall. Java applet filtering distinguishes between trusted and untrusted applets by relying on a list of external sites that you designate as “friendly.” If an applet is from a friendly site, the firewall allows the applet through. If the applet is not from a friendly site, the applet will be blocked. Alternately, you could permit applets from all sites except for sites specifically designated as “hostile.” Reference: Context-Based Access Control Commands
QUESTION 123
You are the security administrator at Certkiller Inc. and you are working on filtering network traffic. accesslist 101 deny ip 192.168.8.8 0.0.0.255 anyis an example of an ACL entry to filter what type of addresses?
A. It is an example of RFC 1920
B. It is an example of RFC 2728
C. It is an example of RFC 2827
D. It is an example of RFC 1918

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: ! RFC 1918 filtering. Note network 172.16.x.x was not included in the ! filter here since it is used to simulate the ISP in the lab. ! access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any Reference: Page 47 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 124
What is the function of a crypto map on a PIX Firewall?
A. To configure a pre-shared authentication key and associate the key with an IKE peer address or host name.
B. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.
C. To specify which algorithms to use with the selected security protocol.
D. To filter and classify the traffic to be protected.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Crypto map entries for IPSec set up security association parameters, tying toghter the various parts configured for IPSec,including the following;
* Which traffic should be protected by IPSec Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 215
QUESTION 125
What causes the default TCP intercept feature of the IOS Firewall to become more aggressive? (Choose two)
A. The number of incomplete connections exceeds 1100.
B. The number of connections arriving in the last 1 minute exceeds 1100.
C. The number of incomplete connections exceeds 100.
D. The number of connections arriving in the last 10 minutes exceeds 1000.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation: If the number of incomplete connections exceeds 1100 or the number of connections arriving
in the last 1minute exceeds 1100, the TCP intercept feature becomes more aggressive.
Ref:
Cisco IOS Software Releases 12.1 Mainline – TCP Intercept Commands

Flydumps.com New Cisco 642-542 exam materials provided eliminates the tacky and laborious process of studying and memorization as it provides direct Cisco 642-542 questions and answers that will help you feel confident.

Pass4itsure C2180-374 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/c2180-374.html

Cisco 642-542 Exam questions, High Pass Rate Cisco 642-542 PDF Dumps Sale

others

Cisco 642-165 Exam Practice PDF, Provide New Cisco 642-165 Demos With New Discount

Welcome to download the newest Pass4itsure 117-201 VCE dumps: http://www.pass4itsure.com/117-201.html

Do not worry about your Cisco 642-165 exam,Flydumps now has published the new veriosn Cisco 642-165 exam dumps with more new added questions and answers,also you can free download Cisco 642-165 vce test software and pdf dumps on Flydumps.com.

QUESTION 70
Which step would you use to get information about the number of contacts currently in queue?
A. Get Contact Info
B. Get Session Info
C. Get Call Contact Info
D. Get Reporting Statistics

Correct Answer: D Section: 55-74 Explanation
Explanation/Reference:
Explanation:
QUESTION 71
How can you configure the Prompt step to play different prompts following subsequent timeouts or retries?
A. Configure it as a Generated Prompt.
B. Configure it as a Random Container Prompt.
C. Configure it as an Escalating Container Prompt.
D. Configure it as a Concatenated Container Prompt.

Correct Answer: C Section: 55-74 Explanation
Explanation/Reference:
Explanation:
QUESTION 72
What formula do you use to calculate the number of agents in a Call Center?
A. Erlang B
B. Erlang C
C. AHT * BHCA
D. VG ports + IVR ports

Correct Answer: B Section: 55-74 Explanation
Explanation/Reference:
Explanation:
QUESTION 73
What formula do you use to calculate the number of Voice Gateway ports?
A. Erlang A
B. Erlang B
C. Erlang C D. IVR ports + agent phones

Correct Answer: B Section: 55-74 Explanation
Explanation/Reference:
Explanation:
QUESTION 74
What does it mean for a variable in the Application Editor to be defined as a parameter?
A. The variable can be used to pass data to and from subflows.
B. The value for that variable can be supplied via Application Configuration in Application Administration.
C. The value for that variable is defined by the calling application.
D. The variable can be used in conditional steps.
E. The variable can be used to pass data to and from VoiceXML applications.

Correct Answer: B Section: 55-74 Explanation
Explanation/Reference:

The importance of certification in the field of IT cannot be denied, so FLYDUMPS Cisco 642-165 practice test would be the best guide for you. We are so surprised to see countless opportunities after passing the HDI exam. FLYDUMPS proved to be the best source of help for me and the products offered by FLYDUMPS enabled me to achieve the desired results. If you want to pass the Cisco 642-165 exam, the most reliable source is FLYDUMPS Cisco 642-165 practice test. Cisco 642-165 practice test supplied by IBM which can be very helpful support materials and can provide great amount of help, while preparing for Cisco 642-165 test.

Pass4itsure 117-201 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/117-201.html

Cisco 642-165 Exam Practice PDF, Provide New Cisco 642-165 Demos With New Discount

others

Cisco 642-165 Study Guides, Help To Pass Cisco 642-165 PDF Dumps Is What You Need To Take

Welcome to download the newest Pass4itsure 70-483 VCE dumps: https://www.pass4itsure.com/70-483.html

Fully Updated Do not hesitate to choose Flydumps Cisco 642-165 VCE Exam Dumps, all are updated timely by Cisco 642-165 expert professionals.Visit the site Flydumps.com to get the free Cisco 642-165 pdf dumps and free vce player.

QUESTION 86
What does CSQ stand for in Cisco Unified Contact Center Express?
A. Contact Skill Queue
B. Common Skill Queue
C. Contact Service Queue
D. Common Service Queue
E. Competence Skill Queue
F. Competence Service Queue

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which Cisco Unified Contact Center Express deployment scenario is valid?
A. Cisco Unified Contact Center Express 4.0 with Cisco Unified Communications Manager 4.0
B. Cisco Unified Contact Center Express 4.0 with Cisco Unified Communications Manager 4.1
C. Cisco Unified Contact Center Express 4.5 with Cisco Unified Communications Manager 4.3
D. Cisco Unified Contact Center Express 5.0 with Cisco Unified Communications Manager 5.0

Correct Answer: B Section: (none) Explanation Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
QUESTION 88
What issues notification messages for CRS engine errors?
A. SNMP Trap
B. Alarm
C. CDP
D. syslog

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 89
How many languages can be installed for the Cisco Agent Desktop (CAD) and the Cisco Supervisor Desktop (CSD)?
A. one language for both the CAD and the CSD
B. one language for the CAD and a different language for the CSD
C. two languages for the CAD and one language for the CSD
D. two languages for both the CAD and the CSD

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which Cisco Unified Contact Center Express deployment scenario is valid?
A. Cisco Unified Contact Center Express 4.0 with Cisco Unified Communications Manager 4.0
B. Cisco Unified Contact Center Express 4.0 with Cisco Unified Communications Manager 4.1
C. Cisco Unified Contact Center Express 4.5 with Cisco Unified Communications Manager 4.3
D. Cisco Unified Contact Center Express 5.0 with Cisco Unified Communications Manager 5.0

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 91
What issues notification messages for CRS engine errors?
A. SNMP Trap
B. Alarm
C. CDP
D. syslog
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 92
How many languages can be installed for the Cisco Agent Desktop (CAD) and the Cisco
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
Supervisor Desktop (CSD)?
A. one language for both the CAD and the CSD
B. one language for the CAD and a different language for the CSD
C. two languages for the CAD and one language for the CSD
D. two languages for both the CAD and the CSD

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
In addition to writing information to a trace file, the Cisco CRS System sends standard event logging messages to a syslog server through which service?
A. SNMP Trap
B. Alarm
C. CDP
D. Win32

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 94
In CRS Administration, what is created on the Communications Manager when you add a Unified CM Telephony group?
A. CTI Ports
B. CRS CTI Route Point
C. CRS Call Control Group
D. Communications Manager Call Control Group

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 95
In Cisco Unified Contact Center Express, where is wrap-up data enabled?
A. in the Cisco Supervisor Desktop
B. in CSQ configuration on Application Administration
C. in workflow groups on Cisco Desktop Administrator
D. in resource configuration on Application Administration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which two releases require physical media to be ordered and received prior to patching or upgrading Cisco Unified Contact Center Express? (Choose two.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
A. Minor Release
B. Major Release
C. Service Release
D. Engineering Special
E. Maintenance Release

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 97
If an existing script is uploaded to the CRS, what does it ask?
A. Do you want to debug the script?
B. Do you want to refresh the script?
C. Do you want to save the application?
D. Do you want to return to Script Management?

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 98
What tool is used to estimate the hardware server resources required for an IPCC Express deployment?
A. IPC Resource Calculator
B. CTI Port Calculator
C. Configuration and Ordering Tool
D. CRS Applications Administration

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 99
If the Call Redirect step sends a caller to a device that does not exist in the CallManager, which branch of the step is executed?
A. Busy
B. Invalid
C. Successful
D. Unsuccessful

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
What is the maximum number of agents supported on a Cisco Unified Communications Manager Express deployment?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
A. 10 agents
B. 50 agents
C. 100 agents
D. 300 agents

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 101
What is the maximum number of CTI ports supported by a Cisco Unified Contact Center Express 5.0 Standard deployment?
A. 150
B. 200
C. 300
D. varies based on the number of expansion servers
E. varies based on the number of configured applications

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 102
How is product licensing stored and viewed in Cisco Unified Contact Center Express 4.0?
A. stored in LDAP, viewed in Cisco CRS License Update Utility
B. stored in LDAP, viewed in Cisco CRS Application Administration
C. stored in local files, viewed in Cisco CRS License Update Utility
D. stored in local files, viewed in Cisco CRS Application Administration

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 103
What is the maximum number of agents supported for CCM co-resident installations?
A. 5
B. 10
C. 15
D. 20

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 104
In the Expression Editor panel of CRS Script Editor, why would you use the Java tab? (Choose three.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
A. to execute a specified method of a Java class
B. to reference a variable or invoke a method of a custom Java Object
C. to pass variables between two different workflows
D. to create an object for the purpose of executing methods on a remote computer
E. to get a reference to the Contact and Session states
F. to allow for arguments to be passed to a specified method

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 105
What should you set the Client Configuration to when configuring the ODBC Data Source for the Database Subsystem?
A. TCP
B. IP
C. Multiprotocol
D. Named Pipes
E. NWLink IPX
F. SPX
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 106
How can you configure the Prompt step to play different prompts following subsequent timeouts or retries?
A. Configure it as a Generated Prompt.
B. Configure it as a Random Container Prompt.
C. Configure it as an Escalating Container Prompt.
D. Configure it as a Concatenated Container Prompt.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 107
What features are supported in a license for IPCC Express 4.0 Enhanced? (Choose three.)
A. Database integration
B. Prompt and collect
C. Read HTTP and XML Documents
D. Announcements

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
Where do you send the finished configuration and ordering spreadsheet when manual bid assurance is required?
A. [email protected]
B. [email protected]
C. [email protected]
D. [email protected]

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 109
How does the CRS Server know that it has received an ASR-enabled contact?
A. The workflow has ASR steps in it.
B. The contact is on an ASR Dialogue Group channel.
C. The contact is on a JTAPI Call Control Group channel.
D. The contact is on a Cisco Media Dialogue Group channel.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 110
How do you debug an application with an Accept step?
A. Select Start from the Debug pulldown, then call the trigger.
B. Select Step Over from the Debug pulldown, then call the trigger.
C. Call the trigger, and when the workflow answers, select Start from the Debug pulldown.
D. Select Reactive Application, then call the trigger and press F10 to step through the workflow.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Which of the following CRS upgrades are allowed? (Choose three).
A. CRS 2.2 to CRS 3.5
B. CRS 3.1 to CRS 4.0
C. CRS 2.2 to CRS 4.0
D. CRS 3.5 to CRS 4.0

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Which three of the following are licensed Cisco CRS 4.0 software products? (Choose three.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
A. IPCC Express (Standard, Enhanced, or Premium)
B. IP IVR
C. Auto Attendant
D. IP Queue Manager

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 113
What are two ways a call can be documented as abandoned? Select two.
A. The agent hangs up on the caller.
B. The caller hangs up before reaching an agent.
C. The caller hangs up after reaching a session-handled step.
D. The caller hangs up before reaching a session-handled step.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which type of phone contains the following support matrix for Cisco Unified Contact Center Express? version 4.0 unsupported version 4.5 supported version 5.0 supported
A. SIP
B. SCCP
C. H.323
D. MGCP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
What can help you expose problems with script logic or validity by simulating a caller?
A. Alarm and Trace Configuration
B. reactive debug session
C. script validation
D. script refresh

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
What is a benefit of using subflows?
A. decreases the amount of flows PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
B. collects information about callers to agents
C. creates a framework for CRS Server status reporting
D. decreases latency through increased bandwidth on CRS Server
E. provides more efficient management of flows that are called by multiple other flows

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 117
What formula do you use to calculate the number of Voice Gateway ports?
A. Erlang A
B. Erlang B
C. Erlang C
D. IVR ports + agent phones

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which configuration object can have skills assigned to it in Cisco Unified Contact Center Express?
A. resources
B. Skill Groups
C. Resource Groups
D. competence levels

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which agent will be selected when the Resource Selection Criteria is set to circular routing?
A. the agent who has been in the Available state for the longest amount of time
B. the next available agent with the highest priority, as determined by the agent order in the Resources list
C. the next available agent, based on the last agent selected and the agent order in the Resources list
D. the agent assigned to the selected Resource Group and is thus qualified to be selected

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Where do you enable the CRS engine?
A. Publisher Activation page PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
B. Component Activation page
C. Cluster Setup page
D. Server Setup page

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 121
When a valid SQL Query in a DB Read step returns 0 rows, which branch of the step will be executed?
A. Timeout
B. SQL Error
C. Successful
D. Connection Not Available

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 122
What three tasks are required to add a CRS application? (Choose three.)
A. create a trigger
B. create an application
C. restart the CRS engine
D. upload script to repository
E. configure default session timeout

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 123
CiscoWorks IP Telephony Environment Monitor (ITEM) provides what two serviceability capabilities? (Choose two.)
A. Tool to collect syslog messages from multiple sources
B. User Tracking to track IP telephones
C. Diagnostic trace tools to analyze connectivity
D. Monitoring of Cisco voice elements E. Problem alerts for operations personnel

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
When would the Cisco Supervisor Desktop fail to show an agent that is logged in?
A. The agent is not ready.
B. The agent is not on a call. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
C. The agent is an IP phone agent.
D. The agent is not in the team currently being viewed by the supervisor.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Where are CTI route points added or configured for Cisco Unified Contact Center Express?
A. Cisco Unified CallManager Device Configuration
B. Cisco Unified Contact Center Express Directory Management
C. Cisco Supervisor Desktop
D. Cisco CRS Administration, JTAPI Trigger Creation
E. Cisco Unified Contact Center Express Media Subsystem

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
What is a benefit of using subflows?
A. decreases the amount of flows
B. collects information about callers to agents
C. creates a framework for CRS Server status reporting
D. decreases latency through increased bandwidth on CRS Server
E. provides more efficient management of flows that are called by multiple other flows

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 127
What formula do you use to calculate the number of Voice Gateway ports?
A. Erlang A
B. Erlang B
C. Erlang C
D. IVR ports + agent phones

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 128
Which configuration object can have skills assigned to it in Cisco Unified Contact Center Express?
A. resources
B. Skill Groups
C. Resource Groups PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
D. competence levels

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
When using the Call Subflow step, can variables be shared between the parent (calling) flow and the subflow?
A. No.
B. Yes.
C. Yes, but they must be manually passed via input and output mapping.
D. Yes, but they must be manually created in both flows and have the same name.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which agent will be selected when the Resource Selection Criteria is set to circular routing?
A. the agent who has been in the Available state for the longest amount of time
B. the next available agent with the highest priority, as determined by the agent order in the Resources list
C. the next available agent, based on the last agent selected and the agent order in the Resources list
D. the agent assigned to the selected Resource Group and is thus qualified to be selected

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
What types of orders are exempt from using the IPCC Express Configuration and Ordering Tool?
A. orders for coresident deployments
B. orders for adding more seats
C. orders for upgrading from standard
D. orders with less than five seats E. all orders require using the IPCC Express Configuration and Ordering Tool

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 132
What can help expose problems with script logic or validity by simulating the execution of a script?
A. Alarm and Trace Configuration PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-165
B. debug session
C. script validation
D. script refresh

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 133
When a call terminates, which Cisco Unified CCX setting takes precedence over “Automated Available” to determine the agent’s next state?
A. Automatic Work
B. Automatic WrapUp
C. Prompt for this CSQ
D. Service Level settings
E. Resource Pool selection

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

We also provide FLYDUMPS Cisco 642-165 practice test download in case there is an update by the vendor. Our team of experts keeps the exam updated and accurate. Before decide to take FLYDUMPS Cisco 642-165 test, just check the free demo we offer. FLYDUMPS Cisco 642-165 test are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development. If you prepare for the exam using our FLYDUMPS Cisco 642-165 practice test, we guarantee your success in the first attempt.

Pass4itsure 70-483 dumps with PDF + Premium VCE + VCE Simulator: https://www.pass4itsure.com/70-483.html

Cisco 642-165 Study Guides, Help To Pass Cisco 642-165 PDF Dumps Is What You Need To Take

Photoshop

Adobe 9A0-031 PDF Download , High Pass Rate Adobe 9A0-031 Questions Answers With The Knowledge And Skills

Welcome to download the newest Jumpexam C2090-611 VCE dumps: http://www.jumpexam.com/C2090-611.html

Attention Please: Professional new version Adobe 9A0-031 PDF and VCE dumps can now free download on Flydumps.com all are updated timely by our experts covering all new questions and questions.100 percent pass your Adobe 9A0-031 exam.

QUESTION 61
You are working with a duotone document. Which has an impact on the appearance of the image when printed?
A. the number of layers in the file
B. the order in which the colors are printed
C. the preview option selected in the Save As DCS 2.0 dialog box
D. whether or not bleed is specified in the Output menu of the Print with Preview dialog box Correct Answer: B
QUESTION 62
What is the purpose of the Transfer option in the Print with Preview dialog box?
A. It provides a method of printing to network printers.
B. It provides batch printing of files selected in the File Browser.
C. It creates a copy of the printed document on the workgroup server.
D. It applies a color correction to the image as it prints without affecting the original document’s color numbers

Correct Answer: D
QUESTION 63
You want to convert an RGB image into a duotone and save it for printing from a page layout application. What should you do?
A. choose Image>Mode>Duotone and save the image in EPS format
B. choose Image>Mode>Duotone and save the image as a multi-channel DCS file
C. choose Image>Mode>Grayscale; then choose Image>Mode>Doutone and save the image in EPS format
D. choose Image>mode>grayscale; then choose Image >Mode>Doutone and save the image in TIFF format

Correct Answer: C
QUESTION 64
For which task should you use the Tool Presets palette?
A. to edit a brush behavior
B. to save a fixed crop size
C. to replace the default behavior of tool
D. to save and load a customized palette layout

Correct Answer: B
QUESTION 65
You want to move a palette to a different palette group. What should you do?
A. drag the palette tabs to the palette well
B. drag the palette tab to the palette group
C. align the palettes and save a workspace preset
D. dock the palettes and drag them into the palette well
Correct Answer: B
QUESTION 66
What are two functions of the Preset Manger? (Choose two.)
A. to organize Presets
B. to create a new Preset
C. to create a libraries of Presets
D. to edit the content of an existing Preset
E. to send libraries of Presets to other users.

Correct Answer: AC
QUESTION 67
You have edited the brush dynamics and texture while using thee Cloning Stamp tool. You want to be able to apply the same settings to other painting tools.
What should you do?
A. choose New Brush from the Brushes palette menu
B. choose Save Brushes from the Brushes palette menu
C. deselect Show Current Tool Presets from the Tool Preset palette menu; then choose New
D. deselect Show Current Tool Only from the Tool Preset palette menu; then choose Save Tool Preset Presets

Correct Answer: A QUESTION 68
You have configured and saved different palette locations. What should you do to access the settings?
A. choose Edit>Preset Manager
B. choose Windows>Workspace
C. choose File>Workgroup>Open
D. choose Edit>Preferences>Display & Cursors

Correct Answer: B QUESTION 69
Which two settings are controlled in the Character palette? (Choose two.)
A. indents
B. kerning
C. font style
D. alignment

Correct Answer: AC QUESTION 70
You have an active layer that contains horizontal type. You want to convert the type to vertical type. What should you do?
A. choose Edit>Transform>Rotate 90o CW
B. choose Rotate Character from the Character drop down menu
C. highlight the text and click on the Vertical Type tool in the toolbox
D. select the Type tool and click on the Text Orientation button in the Options bar

Correct Answer: D QUESTION 71
Which two settings are controlled in the Paragraph palette? (Choose two.)
A. indents
B. kerning
C. font style
D. alignment

Correct Answer: AC QUESTION 72
You have used the Warp Text command to crate an effect on text. Which statement is true?
A. The text is editable.
B. The text is resterized.
C. You can apply a filter without rasterizing the text.
D. You can use the Hue/Saturation command on the text.

Correct Answer: A QUESTION 73
What is the purpose of the Every Line composer?
A. It provides for the automatic wrapping of text within the bounding box.
B. It evaluates where line breaks should occur, and uses those that give the most even spacing.
C. It automatically adjusts the leading in a paragraph to ensure the text fills the bounding box.
D. It justifies all the lines in a paragraph except the last, aligning it left or right as specified in the Paragraph palette.

Correct Answer: B QUESTION 74
Exhibit.

A document contains multiple type layers. You want to find and replace all occurrences of a word by using the Find and Replace Text command.
What should you do?
A. enter the Find What and Change To text, and deselect Search All Layers
B. enter the Find What and Change To text, select Search All layers and then click on Done
C. enter the Find What and Change To text, select Search All Layers and Whole Word Only, then click on Change All
D. merge the Type layers, enter the Find What and Change To text, then select Whole Word Only and lick on Change All

Correct Answer: C QUESTION 75
How do you create a droplet from an action in Photoshop?
A. choose File>Export>Create Droplet
B. choose File>Automate>Crete Droplet
C. choose Save Actions from the Actions palette menu.
D. Choose Crate Droplet from the Actions palette menu

Correct Answer: B QUESTION 76
You want to record an action that pauses at a dialog box so you can make edits. What should you do?
A. record the action up to the dialog box and choose Insert Stop from the Actions palette menu.
B. record and complete the action; click Toggle dialog on/off next to the action in the Actions palette
C. record the action up to the dialog box, click the stop button; choose Record Again from the Action palette menu
D. record and complete the action; choose Playback options from the Actions palette menu and select Step by Step

Correct Answer: B QUESTION 77
You have created an action that converts the color mode of a document to CMYK. You want to use the action to convert 15 documents that you just finished editing. The 15 documents are in a folder that has 40 documents.
You use the File Browser to sort the documents by date modified in descending order, and select the first 15 documents in the File Browser.
What should you do?
A. double-click on your action in the Actions palette
B. drag the image thumbnails to your action in the Actions palette
C. select your action in the Actions palette; then click the play button
D. choose File>Automatic>Batch; choose your action from the Action menu; choose File Browser as the source; click OK

Correct Answer: D QUESTION 78
What is the purpose of the Picture Package command?
A. to crate a catalog of images, with thumbnails and captions
B. to crate a web-based gallery of various images with thumbnails and captions
C. to create multiple copies of one image presented at various sizes in a single document
D. to create a compressed archive of images that can more readily be downloaded or emailed

Correct Answer: C QUESTION 79
You want to email an image that includes raster and vector data. You want to minimize the size of the file and still retain the vector data.
Which file format should you use?
A. PDF
B. PSD
C. GIF
D. JPEG

Correct Answer: A QUESTION 80
You are editing an image, and choose File>Save As. You select Photoshop PDF from the Format pull-down menu and click Save.
Which two options are available in the PDF Options dialog box? (Choose two.)
A. JPEG Encoding
B. Image Interpolation
C. Save Image Pyramid
D. Include Halftone Screen

Correct Answer: AB QUESTION 81
You have been given an 8 inch by 10 inch print. You want to final output to be 4 inches by 5 inches when printed at a resolution of 266 dpi.
If you scan the entire 8 inch by 10 inch print, which scanner resolution setting should you use?
A. 133 dpi
B. 266 dpi
C. 300 dpi
D. 532 dpi

Correct Answer: A QUESTION 82
You want to open all of the images of a multi-page PDF file into a Photoshop document. What should you do?
A. choose File>Place to the identify the images; then rasterize each image
B. choose>File>Open; select all the names of each image and click Open
C. choose File>Open; select the PDF file anf click Open; then rasterize the images
D. choose File>Import>PDF Images select the file and click Open then select Import All from the PDF Image Import dialog box

Correct Answer: D QUESTION 83
What happens when you place a PDF file into a Photoshop document?
A. It is converted into paths.
B. It appears in a bounding box.
C. It is converted into a shape layer.
D. It is rendered onto the active layer.

Correct Answer: B QUESTION 84
You make a selection by using the rectangular marquee. How do you modify the selection marquee without affecting the image?
A. choose Edit>Free Transform
B. choose Select>Transform Selection
C. choose Filter>Distort and select an option
D. choose Edit>Transform and select an option

Correct Answer: B QUESTION 85
You have created a closed path with the Pen tool. You want to delete one of the anchor points of the path while keeping the patch closed.
What should you do?
A. select the convert point tool; then click on the anchor point
B. select the direct selection tool and select the anchor point; press the Delete Key
C. select thepath selection tool and select the anchor point; then press the Delete Key
D. select the pen tool and select Auto Add/Delete from the Options bar; then click on the anchor point

Correct Answer: D QUESTION 86
Which statement about crating shapes by using the pen or shape tools is true?
A. The shape can be filled or stroked with color.
B. The shape takes more disk space than pixel-based data.
C. The resolution of the pixels within the shape can be chosen.
D. The shape contains pixels of the same resolution as the image.

Correct Answer: A QUESTION 87
You are creating a Photoshop EPS as a copy of an original document. You want the EPS to have the embedded profile of a specific output device, but you do NOT want to change the profile of the original document.
What should you do?
A. choose Image>Mode> convert to Profile to specify the output device profile; then leave ICC profile unchecked in the Save As dialog box
B. choose Image>ModeAssign Profile to specify the output device profile; then level ICC profile unchecked in the Save As dialog box
C. choose View>Proof seyup to specify the output device profile; then check Use Prof Setup in the Save As dialog box
D. choose View>Proof Setup to specify the output device profile; check Preserve Color Number; then check Use Proof Setup in the Save As dialog box

Correct Answer: C QUESTION 88
You have scanned an image into Adobe Photoshop. You have a profile for your scanner. Which command should you use to ensure that the image is properly color managed?
A. View>Proof Setup
B. View>Proof Colors
C. Image>Mode>Assign Profile
D. Image>Mode>Convert to Profile

Correct Answer: C QUESTION 89
Which format supports ICC profiles?
A. PNG
B. BMP
C. PDF
D. Scitex CT

Correct Answer: C QUESTION 90
You want to preview on your monitor the color and dynamic range of an output device for which you have an ICC complaint profile. What should you do?
A. choose View>Proof Setup and check the Ink Black checkbox
B. choose View>Proof Setup and check the Paper White checkbox
C. choose View>Proof Setup and select Saturation from the Intent menu
D. choose View>Proof Setup and select Absolute Colorimetric from the Intent menu

Correct Answer: B
QUESTION 91
What is the purpose for selecting a rendering intent in the Color Settings dialog box?
A. to specify when you want to be notified about profile mismatches
B. to specify the color profiles to be associated with each color model
C. to establish which method is used to convert color between color spaces
D. to establish whether a transfer function is used to compensate for dot gain.

Correct Answer: C
QUESTION 92
Which type of ICC profiles does RGB setup allow you to load?
A. user profiles
B. monitor profiles
C. scanner profiles
D. RGB printer profiles

Correct Answer: B
QUESTION 93
You want to create a set of concentric rings of random color and brightness using the Gradient tool. Which settings should you use on the Gradient tool?
A. a Noise gradient with the Angle option selected
B. a Noise gradient with the Radial option selected
C. a Solid gradient with a low Smoothness setting and the Angle option selected
D. a Solid gradient with a low Smoothness setting and the Radial option selected
Correct Answer: B
QUESTION 94
What can be adjusted with the Color Dynamics option in the Brushes palette?
A. the Blending mode of the Brush tool
B. randomness in opacity in any brush stroke
C. randomness in saturation in any brush stroke
D. randomness in the smoothness of flow in any brush stroke
Correct Answer: C
QUESTION 95
Which statement about using the Pattern Maker is true?
A. The pattern title can be non-rectangular.
B. The pattern title must be the same size as the sample.
C. The pattern sample must be from the active document.
D. The pattern sample can be from the contents of the clipboard.
Correct Answer: D QUESTION 96
You select the Brush tool and choose a brush preset. You want to disable all brush controls.
What should you do?
A. choose Reset tool from the Tool preset picker menu
B. choose Reset Brushes from the Brushes palette menu
C. choose a Normal Painting mode from the Brush options bar
D. choose Clear Brush Controls from the Brushes palette menu

Correct Answer: D

It is not easy to achieve success in the field of information technology. This is because Adobe 9A0-031 competition is very rampant in the industry. In order for you to acquire a successful career in this industry, acquiring the best Adobe 9A0-031 certification is the best thing to do. When selecting an information technology Adobe 9A0-031 certification, it is very significant to look for the right Adobe 9A0-031 that can help you succeed. Make sure that it relates to your career. Do not just select Adobe 9A0-031 certification without reviewing the Adobe 9A0-031 certification if it can help you or not.

Jumpexam C2090-611 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/C2090-611.html