642-583 - Security Solutions for Systems Engineers
Go back to Cisco
Which feature of the Cisco IronPort S-Series allows administrators to control which users get access to gambling sites?
authentication with Active Directory
Which two settings can the Cisco Security Agent (release 5.2 and later) monitor to control user's wireless access? (Choose two.)
protection types such as WEP, TKIP
When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot be used?
Virtual Tunnel Interfaces (VTIs)
Which three statements correctly describe the perimeter-endpoint security architecture? (Choose three.)
The architecture uses a restrictive access model.
The architecture is easy to operate and to maintain and is flexible for adding new services.
The architecture offers integration of network and endpoint security.
Which solution stops new web threats the earliest?
Web Reputation Filtering with Exploit prevention
Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs is correct?
VPN servers authenticate by using digital certificates, and users authenticate by using usernames and passwords
Deploying logical security controls such as firewall and IPS appliances is an example of which kind of risk-management option?
Which countermeasure is best used to protect against rogue access points that are outside the enterprise physical perimeter and that attempt to attract legitimate clients?
EAP-TLS bidirectional authentication
Which statement is true?
Three-year commitments cost less per year than three consecutive one-year commitments.
Which two attack methods are typically used in reconnaissance attacks? (Choose two.)
TCP/UDP port scanning and sweeping
operating system and application fingerprinting
Which authentication protocol can provide single sign-on (SSO) services?
Which uRPF option allows for asymmetrical routing?
The Cisco ACE 4710 Appliance can be used in the enterprise data center to provide which three functions? (Choose three.)
SYN flooding attacks protection
HTTPS session decryption through SSL/TLS termination
HTTP protocol verification
Which essential element is needed to perform events analysis and correlation?
time synchronization between all the devices
Which option best describes Dynamic Content Filtering on the web security appliance?
advanced rule engine for categorizing dark web sites
When implementing QoS, which Cisco product can be used to provide endpoint-based trusted- traffic marking?
Cisco Security Agent
Which Cisco ASA's Unified Communications proxy feature manipulates both the signaling and the media channels?
The Cisco IronPort S-Series is the first product that provides complete, high-performance, web security. What is another feature?
Which statement is true regarding the scanlets within Outbreak Intelligence?
scan all web content in parallel, according to the content type
Your prospect is unwilling to make major network changes to try the Cisco IronPort web security appliance. What would be an appropriate response?
The web security appliances can be tested with a small number of users.
Cisco SSL VPN solution uses which method to provide connections between a Winsock 2, TCP- based application and a private site without requiring administrative privileges?
Which Cisco software agent uses content scanning to identify sensitive content and controls the transfer of sensitive content off the local endpoint over removable storage, locally or network- attached hardware, or network applications?
Cisco Security Agent 6.0
What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for redirecting traffic to ScanSafe?
Advantages: ease of deployment, especially for multiple breakout points Disadvantages: no user granularity
Which three statements regarding Virtual Tunnel Interface (VTI) are correct ? (Choose three.)
There are two types of VTIs: Static and Dynamic.
QoS services can be deployed on VTIs.
Traffic that requires protection is routed to VTIs by using static routing or routing protocols
On Cisco IOS routers that are running BGP, which three kinds of traffic filters can be implemented to limit routing information propagation? (Choose three.)
Which feature is used to inspect encrypted web traffic for malware?
Which method is used to scale Cisco Security MARS deployments?
Divide the network into multiple zones,then use the global/local controllers approach.
Which EAP authentication method requires both a client and a server digital certificate?
What is used to enable IPsec usage across Port Address Translation (PAT) devices?
Which statement regarding the Cisco ASA encrypted voice inspection capability is correct?
The Cisco ASA decrypts, inspects, then re-encrypts voice-signaling traffic; all of the existing VoIP inspection functions for SCCP and SIP protocols are preserved.
Which two logical controls are available on Cisco lOS routers to limit the damage of physical intrusions? (Choose two.)
USB smart token key storage
disabling of password recovery
Which two Cisco products can be used to provide a captive portal to authenticate wireless users? (Choose two.)
Cisco NAC Guest Server
What is the primary reason that GET VPN is not deployed over the public Internet?
because GET VPN preserves the original source and destination IP addresses, which may be private addresses that are not routable over the Internet
An OSPF router (routerA) on the network is running at an abnormally high CPU rate. Using various OSPF debug commands on routerA, the network administrator determines that routerA is receiving many OSPF link state packets from an unknown OSPF neighbor, thus forcing many OSPF path recalculations and affecting routerA's CPU usage. Which OSPF configuration should the administrator enable to prevent this kind of attack on routerA?
OSPF MD5 authentication
Which methods are used when implementing a proxy component within a firewall system?
transparent or non-transparent
Pharming attacks, which are used to fool users into submitting sensitive information to malicious servers, typically involve which attack method?
DNS cache poisoning
Which type of web content is most likely to be blocked by DCA?
offensive or objectionable content
MPLS VPN does not provide or support which of the following?
Which key benefit does DTLS offer over TLS?
provides low latency for real-time applications
What customer data do you generally need to know when deciding which size appliance to recommend?
number of users
What are two differences between symmetric and asymmetric encryption algorithms? (Choose two.)
Asymmetric encryption is slower than symmetric encryption.
Asymmetric encryption requires a much larger key size to achieve the same level of protection as symmetric encryption