100% Pass!Do you want to pass Cisco 642-541 exam quickly? Go to flydumps.com to get more free exam dumps.All the Cisco 642-541 dumps are timely updated by the professional experts.Also we guarantee 100% pass and money back guarante
QUESTION 68
What services do intranet VPNsprovide?
A. Link corporate headquarters to remote offices.
B. Link network resources with third-party vendors and business partners.
C. Link telecommuters and mobile users to corporate network resources.
D. Link private networks to public networks.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Intranet VPNs refer to connections between sites that are all part of the same company. As such, access between sites is generally less restrictive. Reference: SAFE VPN: IPSec Virtual Private Networks in Depth page 76
QUESTION 69
John the security administrator at Certkiller Inc. is working on purchasing three Cisco 3000 series concentrators. Which three models of the Cisco 3000 Series Concentrator can have redundant power supplies? (Choose three)
A. Model number 3090
B. Model number 3080
C. Model number 3060
D. Model number 3030
E. Model number 3020
F. Model number 3005
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Redundant SEP modules (optional), power supplies, and fans (Cisco VPN 3015-3080) Reference: Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Data Sheet Reference: Cisco Courseware page 4-10
QUESTION 70
What type of authentication does the Cisco 3000 Series Concentrator use?
A. RADIUS
B. TACACS+
C. CHAP
D. PAP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Full support of current and emerging security standards, including RADIUS, NT Domain Authentication, RSA SecurID, and digital certificates, allows for integration of external authentication systems and interoperability with third-party products
Ref:
Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Overview
QUESTION 71
Which three models of the Cisco 3000 Series Concentrator can provide redundancy? (Choose three)
A. 3005
B. 3010
C. 3015
D. 3030
E. 3060
F. 3080
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
Explanation: Redundant 3000 series concentrators are: Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Ref Cisco VPN 3000 Series Concentrators – Cisco VPN 3000 Series Concentrator Data Sheet
QUESTION 72
What does the Cisco Unified Client framework provide?
A. Distributed push policy technology.
B. Centralized push policy technology.
C. Centralized pull policy technology.
D. Multi-tiered policy technology.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Utilizing “push policy” capabilities, the unified VPN client framework allows customers to centrally manage security policies, while easily delivering large-scale VPN connectivity to remote users. All of Cisco’s IPsec-based VPN products for the enterprise and service providers will support the unified VPN client framework. Reference: Cisco Extends VPN Leadership – Announces Unified VPN Client Framework and Multi-protocol VPN Solution at Cisco Partner Summit 2001
QUESTION 73
According to SAFE SMR guidelines, where do you implement the Cisco VPN 3000 Series Concentrator?
A. In front of the Internet access router.
B. Behind the PIX Firewall and parallel to the Internet access router.
C. Behind the Internet access router and parallel to the PIX Firewall.
D. Behind the corporate network module.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 59
QUESTION 74
When configuring an IKE proposal on a VPN 3000 Concentrator, which of the following proposal names are valid?
A. Proposal Name: IKE-3DES
B. Proposal Name: IKE-3DES-MD5-DH7
C. Proposal Name: IKE-DH7-3DES-MD5
D. Proposal Name: IKE-3DES-DH7-MD5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Reference: Cisco VPN 3000 Series Concentrators – Tunneling Protocols Reference: Cisco Courseware page 6-59
QUESTION 75
James the security administrator at Certkiller Inc. is working on VPNs. According to SAFE SMR guidelines, what type of VPN uses primarily Cisco VPN optimized routers?
A. Intranet to extranet type of VPN.
B. Extranet to remote user type of VPN.
C. Intranet to remote user type of VPN.
D. Site-to-site type of VPN.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Acceleration Module (VAM) for Cisco 7200 and 7100 Series routers provides high-performance, hardware-assisted encryption, key generation, and compression services suitable for site-to-site virtual private network (VPN) applications. Ref: VPN Acceleration Module for Cisco 7000 Series VPN Routers
QUESTION 76
The security team at Certkiller Inc. is researching the SAFE SMR White papers. According to SAFE SMR, which Cisco router is best suited for a remote office?
A. Cisco router 1700 series
B. Cisco router 800 and 900 series
C. Cisco router 2600 and 3600 series
D. Cisco router 7100 and 7200 series
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 77
The VPN acceleration module (VAM) is available on what series of VPN optimized routers? (Choose two)
A. 1700 Series
B. 2600 Series
C. 3600 Series
D. 7100 Series
E. 7200 Series
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Acceleration Module (VAM) for Cisco 7200 and 7100 Series routers provides high-performance, hardware-assisted encryption, key generation, and compression services suitable for site-to-site virtual private network (VPN) applications. Ref: VPN Acceleration Module for Cisco 7000 Series VPN Routers
QUESTION 78
Which two models of the PIX Firewall make the VPN accelerator card available? (Choose two)
A. Model number 535
B. Model number 515
C. Model number 505
D. Model number 503
E. Model number 501
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Explanation:
System Requirements
Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525,
535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls – Cisco PIX Firewall VPN Accelerator Card
QUESTION 79
You are selling PIX firewalls at Certkiller Inc. What size network is best suited for the PIX Firewall 501?
A. Large enterprise or service provider
B. Midsize enterprise
C. Small office or home office
D. Small business or branch office
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco PIX 501 Security Appliance delivers a multilayered defense for small offices through rich security services including stateful inspection firewalling, protocol and application inspection, virtual private networking (VPN), in-line intrusion protection, and rich multimedia and voice security in a single device. The state-of-the-art Cisco Adaptive Security Algorithm (ASA) provides rich stateful inspection firewall services, tracking the state of all authorized network communications and preventing unauthorized network access. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html
QUESTION 80
What size network is best suited for the Cisco PIX Firewall 525 or 535?
A. Small office or home office.
B. Small business or branch office.
C. Midsize enterprise.
D. Large enterprise or service provider.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco PIX Firewall 525 is a large, enterprise perimeter firewall solution. The Cisco PIX firewall 535 delivers carrier-class performance to meet the needs of large enterprise networks as well as service providers. Ref: Cisco Secure PIX Firewalls (Ciscopress) Page 26
QUESTION 81
What does CBAC dynamically create and delete?
A. TCP sessions
B. Crypto maps
C. Access control lists
D. Security control lists
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: CBAC dynamically creates and deletes access control list entries at each router interface,
according to information in the state tables.
Ref:
Cisco IOS Firewall – Cisco IOS Firewall Feature Set
QUESTION 82
You are the administrator at Certkiller Inc. and you are implementing IDS to the network. Which model is recommended for IDS with at least 100 Mbps performance?
A. Model number 4260
B. Model number 4250
C. Model number 4220
D. Model number 4210
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IDS 4250 supports unparalleled performance at 500 Mbps and can be used to protect gigabit
subnets and traffic traversing switches that are being used to aggregate traffic from numerous subnets.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ps4079/index.html
QUESTION 83
What is IP logging, as defined for the Cisco IDS appliance?
A. IDS logs IP address information for hosts being attacked.
B. IDS logs user information from an attacking host.
C. IDS captures packets from an attacking host.
D. IDS logs IP address information from an attacking host.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: In addition to the packet capture that analyzes the traffic to identify malicious activity, the IDSM-2 can perform IP session logging that can be configured as a response action on a per-signature basis. If configured as such, when the signature fires, session logs will be created over a pre-specified time period in a TCP Dump format. Ref: Cisco Services Modules – Cisco Catalyst 6500 IDS (IDSM-2) Services Module
QUESTION 84
An administrator claims he is receiving too many false positives on his IDS system. What is he referencing?
A. Alarms detected and logged by IDS.
B. Alarms detected by IDS and not acted upon.
C. Alarms caused by illegitimate traffic or activities.
D. Alarms caused by legitimate traffic or activities.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: False-positives are defined as alarms caused by legitimate traffic or activity.
False negatives are attacks that the IDS system fails to see.
Ref: Safe White papers; Page 8
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 85
For the first time you want to set up your IDS Appliance using IDM (IDS Device Manager): Choose the steps that you should take:
A. Specify list of hosts authorized to managed appliance.
B. Communications Infrastructure.
C. Enter network setting.
D. Specify Logging Device.
E. Signatures
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Explanation:
1.
Specify host to manage appliance.
2.
Communication Infrastructure – Refers to names and IDs of the sensor and manager
3.
Network setting: IP address IP Netmask IP Hostname Default route Ref: Cisco Intrusion Detection System – IDS Device Manager Sensor Setup
QUESTION 86
DRAG DROP
Choose the tasks required for initial setup of the Cisco IDS appliance via IDM.
A.
B.
C.
D.
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Explanation: Choose the task required for initial setup of the Cisco IDS Appliance via IDM Initial setup of Cisco IDS appliance via IDM. Configure network settings Define list of hosts authorized to manage appliance Configure date and time Change password to account used to access IDM Not part of Initial Setup Configure signatures to block. Configure remote management services Set logging to remote device Configure secure shell settings Reference: Cisco Intrusion Detection System – IDS Device Manager Sensor Setup Reference: Cisco IDS Courseware page 7-24
QUESTION 87
Using the default, how does the Cisco IDS appliance log events? (Choose two)
A. Location
B. Type
C. Rule base
D. Effect
E. Severity
F. User option
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure IDS Sensors can be configured to generate log file locally on the sensor. By default, the
sensors are configured to send alarms of severity of medium and higher to CSPM.
Reference:
QUESTION 88
Which model is recommended for an IDSwith at least 100 Mbps performance?
A. 4210
B. 4220
C. 4250
D. 4260
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IDS 4250 supports unparalleled performance at 500 Mbps and can be used to protect gigabit
subnets and traffic traversing switches that are being used to aggregate traffic from numerous subnets.
Reference:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ps4079/index.html Incorrect Answers
A: Performance: 45 Mbps
B: No such model
D: No such model
QUESTION 89
The security team at Certkiller Inc. is working on securing their network. What is the primary identity component in a Cisco security solution?
A. primary identity component Cisco VPN Concentrators
B. primary identity component Cisco PIX Firewalls
C. primary identity component Cisco IDS Sensors
D. primary identity component Cisco IOS Firewalls
E. primary identity component Cisco Access Control servers
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Identity Based Networking Services (IBNS) is an integrated solution combining several Cisco products that offer authentication, access control, and user policies to secure network connectivity and resources. Cisco IBNS solution enables greater security while simultaneously offering cost-effective management of changes throughout the organization. IBNS and 802.1x are supported on all Cisco Catalyst switches, including Catalyst 6500, 4500, 3550, and 2950 switches, Cisco ACS Server as well as Cisco Aironet Access Points. Reference: http://www.cisco.com/en/US/netsol/ns110/ns170/ns360/ns373/networking_solutions_package.html
QUESTION 90
What is the default port for Cisco’s ACS RADIUS authentication server?
A. 1645
B. 1812
C. 1640
D. 1814
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Enabling EAP on the Access Point
Follow these steps to enable EAP on the Access Point:
1.
Follow the link path to the Authentication Server Setup page.
2.
Enter the name or IP address of the RADIUS server in the Server Name/IP entry field.
3.
Enter the port number your RADIUS server uses for authentication. The default setting, 1812, is the port
setting
for many RADIUS servers;
1645 is the port setting for Cisco’s RADIUS server, the Cisco Secure Access Control Server (ACS).
Check your server’s product documentation to find the correct port setting.
4.
Enter the shared secret used by your RADIUS server in the Shared Secret entry field. The shared secret
on the
Access Point must match the shared secret on the
RADIUS server.
5.
Enter the number of seconds the Access Point should wait before authentication fails.
6.
Click OK. Returns to the Security Setup page.
7.
On the Security Setup page, click Radio Data
Encryption (WEP) to browse to the AP Radio Data
Encryption
page.
8.
Select Network-EAP for the Authentication Type
setting. You can also enter this setting on the AP Radio
Advanced page.
9.
Check that at least one WEP key has been assigned a key size and has been selected as the transmit
key. If a WEP
key has been set up, skip to Step 13. If no WEP key has been set up, proceed to Step 10.
10.
Enter a WEP key in one of the Encryption Key fields. The Access Point uses this key for multicast data signals (signals sent from the Access Point to several client devices at once). This key does not need to be set on client devices.
11.
Select 128-bit encryption from the Key Size pull-down menu.
12.
Select the key as the transmit key.
13.
Click OK. Return automatically to the Security Setup page. Reference: Cisco Courseware Labguidepage 133
QUESTION 91
Cisco Secure ACS supports with of the following authentication methods? (Choose all that apply)
A. Radius
B. MPPE
C. PAP
D. TACACS+
E. PPP
F. CHAP
Correct Answer: ACDF Section: (none) Explanation
Explanation/Reference:
Ref: Troubleshooting Information for CiscoSecureACS http://www.cisco.com/univercd/cc/td/doc/product/ access/acs_soft/csacs4nt/csnt30/user/aa.htm
QUESTION 92
What three authentication methods are supported by CSACS? (Choose three)
A. PPP
B. RADIUS
C. CHAP
D. TACACS+
E. PAP
F. Static passwords
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Reference: Cisco Secure Access Control Server for Windows – Release Notes for Cisco Secure Access Control Server for Windows Server Version 3.1
QUESTION 93
You are the administrator at Certkiller Inc. working on managing security on the network. Which two Cisco components encompass secure management? (Choose two)
A. Cisco VPN Concentrators
B. CiscoWorks
C. Cisco IDS Sensors
D. Cisco PIX Firewalls
E. Web Device Managers
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
The high availability of network resources in Cisco AVVID Network Infrastructure solutions can be optimized through: (Choose all that apply)
A. Hot swappability
B. Protocol Resiliency
C. Hardware Redundancy
D. Network Capacity Design
E. Fast Network convergence
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
Explanation: Determining how resilient a network is to change or disruption is major concern for network managers. This assessment of network availability is critical. It is essential that every network deployment emphasizes availability as the very first consideration in a baseline network design. Key availability issues to address include:
*
Protocol Resiliency
*
Hardware Redundancy
1. Network Capacity Design Ref: Safe White papers; Page 23 Cisco AVVID Network Infrastructure Overview – White Paper
QUESTION 95
Which of the dimensions of AVVID resilience themes represent the migration from the traditional place-centric enterprise structures to people-centric organizations?
A. Network Resilience
B. Communications Resilience
C. Business Resilience
D. Routing Resilience
E. Applications Resilience
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Business resilience represents the next phase in the evolution from traditional, place-centric enterprise structures to highly virtualized, people-centric organizations that enable people to work anytime, anywhere. Ref: AVVID White papers; 2 Cisco AVVID Network Infrastructure Overview – White Paper
QUESTION 96
According to SAFE, small network design has how many modules?
A. 2
B. 3
C. As many as the Enterprise architecture.
D. 5 E. 4
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. Ref: Safe White papers; 10 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 97
Which commands are used for basic filtering in the SAFE SMR small network campus module? (Choose two)
A. Access-group
B. Ip inspect-name
C. Ip route
D. Access-list
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
Ref: Safe White papers;
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 98
How many modules are in the SAFE SMR small network design?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. Ref: Safe White papers; 10 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 99
Which two devices in the SAFE SMR small network campus module should have HIDS installed? (Choose two)
A. Layer 2 switches
B. Firewalls
C. Management hosts
D. Desktop workstations
E. Corporate servers
F. Lab workstations
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
Explanation: Because there are no Layer 3 services within the campus module, it is important to note that this design places an increased emphasis on application and host security because of the open nature of the internal network. Therefore, HIDS was also installed on key systems within the campus, including the corporate servers and management systems. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 15
QUESTION 100
What two modules are in the SAFE SMR small network design? (Choose two)
A. Edge
B. Internet
C. Corporate Internet
D. Campus
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: The small network design has two modules: the corporate Internet module and the campus module. The corporate Internet module has connections to the Internet and also terminates VPN and public services (DNS, HTTP, FTP, SMTP) traffic. The campus module contains the Layer 2 switching and all the users, as well as the management and intranet servers. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 10
Flydumps Free Cisco 642-541 exam dumps are audited by our certified subject matter experts and published authors for development. Passtcert Cisco 642-541 exam dumps are one of the highest quality Cisco 642-541 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope. Passtcert guarantees you pass Cisco 642-541 exam at first attempt.