642-566 - Security Solutions for Systems Engineers

Go back to Cisco

Example Questions

When a FWSM is operating in transparent mode, what is true? Which item will be performed on Cisco IP Phones so that they can authenticate it before obtaining network access? You are the network consultant from Your company. Please point out two requirements that call for the deployment of 802.1X. Secure Sockets Layer (SSL) is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks such as the interne. When SSL uses TCP encapsulation on Cisco SSL VPNs, the user's TCP session is transported over another TCP session, thus making flow control inefficient if a packet is lost. Which is the best solution of this problem? For the following items, which two are differences between symmetric and asymmetric encryption algorithms? (Choose two.) Cisco Security MARS and Cisco Security Manager could work together to implement which two functions? (Choose two.) Which two features work together to provide anti-X defense? (Choose two.) How does CSA protect endpoints? Which one of the following elements is essential to perform events analysis and correlation? Which protocol should be used to provide secure communications when performing shunning on a network device? While performing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels could not be used? You are the network engineer at Your company. Which component should not be included in a security policy? Which method can be used by Cisco SSL VPN solution to provide connections between a Winsock2, TCP-based application and a private site without requiring administrative privileges? While using the Gateway Load Balancing Protocol to enable high-availability Cisco IOS Firewalls, what should be configured to maintain symmetric flow of traffic? Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrator to authenticate, authorize, evaluate and remediate wired, wireless and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops and other corporate assets are compliant with a network's security policies and it repairs any vulnerabilities before permitting access to the network. Which two of these statements describe features of the NAC Appliance Architecture? (Choose two.) Which of these items is a feature of a system-level approach to security management? Which one can be used to provide logical separation between the voice and data traffic at the access layer? Which two methods can be used to perform IPSec peer authentication? (Choose two.) While implementing a proxy component within a firewall system, which method will be used? What should be taken into consideration while performing Cisco NAC Appliance design? Select all that apply. Which option is correct about the relationship between the malware type and its description? 1. virus 2. worms 3. botnets 4. spyware 5. Trojan horses 6. rootkits (a) collection of compromised computers under a common command-and-control infrastructure (b) typically used to monitor user actions (c) autonomously spreads to other systems without user interaction (d) malware that hides through evasion of the operating system security mechanisms (e) requires some user action to infect the system (f) malware that hides inside anoter legitimate looking application Can you tell me which one of the following platforms has the highest IPSec throughput and can support the highest number of tunnels? You are the network consultant from Your company. Please point out two technologies that address ISO 17799 requirements to detecting, preventing and responding to attacks and intrusions. Which series of steps correctly describes how a challenge-and-response authentication protocol functions? Which certificates are needed for a device to join a certificate-authenticated network? Which Cisco Catalyst Series switch feature can be used to integrate a tap-mode (promiscuous mode) IDS/IPS sensor into the network? Which is the primary benefit that DTLS offers over TLS? Which two should be included in an analysis of a security posture assessment? (Choose two.) In multi-tier applications and multi-tier firewall designs, which additional security control can be used to force an attacker to compromise the exposed server before the attacker attempts to penetrate the more protected domains? Which attack method is typically used by Pharming attacks that are used to fool users into submitting sensitive information to malicious servers? Cisco IOS Control Plane Protection is able to be used to protect traffic to which three router control plane subinterfaces? (Choose three.) What is the security issue in classic packet filtering of active FTP sessions? Which two components should be included in a network design document? (Choose two.) Which two Cisco products/feature provide the best security controls for a web server having applications running on it that perform inadequate input data validation? (Choose two.) Match each IKE component to its supported option. 1. IKE authentication 2. IKE encryption 3. IKE data authentication/integrity 4. IKE key negotiation (a) 3DES or AES (b) MD5 or SHA-1 (c) pre-shared key or digital certificates (d) DH Group 1,2,or5 Which IPS feature models worm behavior and correlates the specific time between events, network behavior and multiple exploit behavior to more accurately identify and stop worms? Before damage can occur to the network, Cisco Security Agent block malicious behavior through ___________ In which two ways do Cisco ASA 5500 Series Adaptive Security Apliance achieve containment and control? (Choose two.) Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.) IPSec-based site-to-site VPNs is better than traditional WAN networks in what? Which statement best describes the Cisco ASA encrypted voice inspection capability? You are working as a Network Engineer at Your company. Please suggest one encryption protocol to your customer from an enterprise with standard security requirements. Which one of the following Cisco Security Management products is able to perform (syslog) events normalization? Why GET VPN is not deployed over the public Internet? Which typical design choices should be taken into consideration while designing Cisco solution- based enterprise remote-access solutions? You are network engineer at Your company. Please point out two functions of Cisco Security Agent. Which function can be implemented by the Cisco Security Agent data access control feature? Which one of the following platforms could support the highest number of SSL sessions? Which primary security design components should be addressed while performing Enterprise Internet Access protection? (Not all design components are required.) 1. resource separation 2. network infrastructure device hardening 3. network signaling protection 4. boundary access control 5. compliance assessment 6. endpoint protection Which option is correct about the relationship between the terms and their descriptions? Terms 1. true positives 2. false positives 3. true negatives 4. false negatives Descriptions (a) security control has not acted, even though there was malicious activity (b) security control has not acted, as there was no malicious activity (c) security control acted as a consequence of non-malicious activity (d) security control acted as a consequence of malicious activity