642-565 - SSSE - Security Solutions for Systems Engineers Exam
Go back to Cisco
Which of these items is a valid method to verify a network security design?
pilot or prototype network
What are two functions of Cisco Security Agent? (Choose two.)
control of executable content
Which encryption protocol is suitable for an enterprise with standard security requirements?
Which IPS platform can operate in inline mode only?
Cisco IOS IPS
In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve containment and control? (Choose two.)
by preventing unauthorized network access
by tracking the state of all network communications
Which protocol should be used to provide secure communications when performing shunning on a network device?
Which two features work together to provide anti-X defense? (Choose two.)
enhanced application inspection engines
Cisco IPS sensors
Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.)
presence of Cisco Security Agent
Which statement is true about the Cisco Security MARS Global Controller?
The Global Controller centrally manages a group of Local Controllers.
Which IPS feature models worm behavior and correlates the specific time between events, network behavior, and multiple exploit behavior to more accurately identify and stop worms?
Meta Event Generator
Which of these items describes a benefit of deploying the NAC appliance in in-band mode rather than out-of-band mode?
bandwidth enforcement policy
Which two components should be included in a network design document? (Choose two.)
complete network blueprint
detailed part list
Which two requirements call for the deployment of 802.1X? (Choose two.)
authenticate users on switch or wireless ports
grant or deny network access, at the port level, based on configured authorization policies
Which two of these features are software components of the Cisco Security Manager bundle? (Choose two.)
Resource Manager Essentials
Auto Update Server
What is the objective of the Cisco IOS resilient configuration?
speed up the Cisco IOS image or configuration recovery process
Which of these items is a feature of a system-level approach to security management?
Which two are true about Cisco AutoSecure? (Choose two.)
blocks all IANA-reserved IP address blocks
enables log messages to include sequence numbers and time stamps
Which Cisco security product is used to perform a Security Posture Assessment of client workstations?
Cisco NAC Appliance
How is an incident defined in MARS?
a series of events that triggered a defined rule in the system
What are the major characteristics for designing a VPN for existing networks?
topology, high availability, security, scalability, manageability, and performance
What are the advantages of IPsec-based site-to-site VPNs over traditional WAN networks?
span, flexibility, security, and low cost
Which two of these features are the most appropriate test parameters for the acceptance test plan of a secure connectivity solution? (Choose two.)
certificate enrollment and revocation
Which two should be included in an analysis of a Security Posture Assessment? (Choose two.)
identification of critical deficiencies
recommendations based on security best practice
Which statement is true regarding Cisco IOS IPS performance and capabilities?
Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time.
What allows Cisco Security Agent to block malicious behavior before damage can occur?
interception of operating system calls
Which certificates are needed for a device to join a certificate-authenticated network?
the certificates of the certificate authority and the device
Which two of these statements describe features of the NAC Appliance architecture. (Choose two.)
NAC Appliance Manager determines the appropriate access policy.
NAC Appliance Manager acts as an authentication proxy for external authentication servers.