642-583 exam
DESCRIPTION
CertMagic.com is a place where you can find various types of 642-583exam certifications preparation material. CertMagic’s full range of study material for the 642-583exam helps you to be prepared for the 642-583exam fully and enter the exam centre with full confidence. We provide you easy, simple and updated study material. After preparing from the 642-583material prepared by us we guarantee you that you will be a certified professional. We guarantee that with CertMagic 642-583study material, you will pass the Certification exam.TRANSCRIPT
CCCEEERRRTTT MMMAAAGGGIIICCC
Demo Edition
Security Solutions for Systems Engineers Exam: 642-583
642-583
1 http://www.certmagic.com
Section 1: Sec One (1 to 20) Details: Topic 1, Main QUESTION: 1 DRAG DROP You work as a network engineer at Certmagic.com. Your boss, Miss Certmagic, is curious about implementing secure WAN solutions. Which five security design components are required?
Answer:
642-583
2 http://www.certmagic.com
QUESTION: 2 What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for redirecting traffic to ScanSafe? A. Advantages: no browser changes required Disadvantages: not all browsers supported B. Advantages: ease of deployment, especially for multiple breakout points Disadvantages: no user granularity C. Advantages: user granularity Disadvantages: requires additional hardware for each breakout point Answer: A QUESTION: 3 The Cisco IPS Manager Express (IME) can be used to manage how many IPS appliances, at a maximum? A. 20 B. 10 C. 15 D. 3 E. 25 F. 5 Answer: F QUESTION: 4 Which two logical controls are available on Cisco lOS routers to limit the damage of physical intrusions? (Choose two.) A. port security B. digitally signed Cisco lOS image C. disabling of password recovery D. security stickers E. USB smart token key storage
642-583
3 http://www.certmagic.com
Answer: B, D QUESTION: 5 Which three statements correctly describe the perimeter-endpoint security architecture? (Choose three.) A. The network is regarded as an untrusted transport mechanism. B. The architecture is easy to operate and to maintain and is flexible for adding new services. C. The architecture uses a restrictive access model. D. The network is partitioned into security domains. E. The architecture offers integration of network and endpoint security. Answer: E, ?, ? QUESTION: 6 What is used to enable IPsec usage across Port Address Translation (PAT) devices? A. static NAT/PAT B. IPsec tunnel mode C. RRI D. NAT-T E. port forwarding Answer: D QUESTION: 7 Which authentication protocol can provide single sign-on (SSO) services? A. RADIUS B. Diameter C. EAP D. TACACS+ E. Kerberos
642-583
4 http://www.certmagic.com
Answer: E QUESTION: 8 MPLS VPN does not provide or support which of the following? A. any-to-any connectivity B. customer's IGP routing C. confidentiality D. the use of private IP addresses E. customer's isolation Answer: C QUESTION: 9 Pharming attacks, which are used to fool users into submitting sensitive information to malicious servers, typically involve which attack method? A. DHCP exhaustion B. DHCP server spoofing C. ARP poisoning D. IP spoofing E. DNS cache poisoning Answer: E QUESTION: 10 Refer to the exhibit. To support IPsec VPN, which three traffic types should ACL1 permit on the firewall in front of the IPsec VPN gateway? (Choose three.)
642-583
5 http://www.certmagic.com
A. UDP port 4500 B. IP protocol 50 C. TCP port 50 D. UDP port 10000 E. UDP port 500 F. IP protocol 10000 Answer: A, B, E QUESTION: 11 Which Cisco ASA SSL VPN feature requires a special license? A. smart tunnels B. prelogin assessment C. Cisco AnyConnect VPN Client D. Basic Host Scan E. Advanced Endpoint Assessment F. client plug-ins Answer: A QUESTION: 12
642-583
6 http://www.certmagic.com
Exhibit: * Missing * Refer to the exhibit. Which statement correctly describes this security architecture, which is used to protect the multi-tiered web application? ***Missing Exhibit*** A. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures. B. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls. C. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth. D. This architecture supports application tiers that are dual homed. Answer: A QUESTION: 13 Which statement is true? A. Three consecutive one-year commitments cost less than one three-year commitment. B. Cisco IronPort does not sell three-year commitments. C. Three-year commitments cost the same per year as three consecutive one-year commitments D. Three-year commitments cost less per year than three consecutive one-year commitments. Answer: B QUESTION: 14 Refer to the exhibit. A distributed DoS attack has been detected. The attack appears to have sources from many hosts in network X/24. An operator in the network operation center is notified of this attack and must take preventive action. To block all offending traffic, the network operator announces a BGP route, with the next-hop attribute of 172.31.1.1, for the X/24 network of the attacker. Which two methods do the routers at the regional office, branch office, and telecommuter location use to prevent traffic going to and from the attacker? (Choose two.)
642-583
7 http://www.certmagic.com
A. a static route to 172.31.1.1/32, which points to a null interface B. a dynamic ACL entry to block any traffic that is sourced from the X/24 network C. a prefix list to block routing updates about the X/24 network D. strict uRPF E. a route map to tag all traffic from the X/24 network with the no-export community attribute Answer: A, D QUESTION: 15 Cisco SSL VPN solution uses which method to provide connections between a Winsock 2, TCP-based application and a private site without requiring administrative privileges? A. Cisco Secure Desktop B. port forwarding C. smart tunnels D. application plug-ins E. Cisco AnyConnect VPN Client Answer: C
642-583
8 http://www.certmagic.com
QUESTION: 16 Cisco IOS Control Plane Protection can be used to protect traffic to which three router control plane subinterfaces? (Choose three.) A. cpu B. CEF-exception C. host D. transit E. fast-switched F. aggregate Answer: B, C, D QUESTION: 17 Which algorithm is recommended for implementing automatic symmetric key exchange over an unsecured channel? A. public key infrastructure (PKI) B. RSA C. Diffie-Hellman (DH) D. SHA-512 E. AES F. EAP Answer: A QUESTION: 18 When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot be used? A. GET VPN B. Virtual Tunnel Interfaces (VTIs) C. Virtual Routing Forwardings (VRFs) D. MPLS VPN E. dynamic crypto maps
642-583
9 http://www.certmagic.com
Answer: B QUESTION: 19 Which three security components can be found in today's typical single-tier firewall system? (Choose three.) A. IPS B. Network Admission Control C. application proxy D. Stateful Packet Filtering with Application Inspection and Control E. server load balancing F. cache engine Answer: A, C, D QUESTION: 20 Which two Cisco products can be used to provide a captive portal to authenticate wireless users? (Choose two.) A. Cisco Secure ACS B. WLAN Controller C. Cisco NAC Profiler D. Cisco ASA E. Cisco NAC Guest Server Answer: B, E
642-583
10 http://www.certmagic.com