642-583 - Security Solutions for Systems Engineers

Go back to Cisco

Example Questions

Which feature of the Cisco IronPort S-Series allows administrators to control which users get access to gambling sites? Which two settings can the Cisco Security Agent (release 5.2 and later) monitor to control user's wireless access? (Choose two.) When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot be used? Which three statements correctly describe the perimeter-endpoint security architecture? (Choose three.) Which solution stops new web threats the earliest? Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs is correct? Deploying logical security controls such as firewall and IPS appliances is an example of which kind of risk-management option? Which countermeasure is best used to protect against rogue access points that are outside the enterprise physical perimeter and that attempt to attract legitimate clients? Which statement is true? Which two attack methods are typically used in reconnaissance attacks? (Choose two.) Which authentication protocol can provide single sign-on (SSO) services? Which uRPF option allows for asymmetrical routing? The Cisco ACE 4710 Appliance can be used in the enterprise data center to provide which three functions? (Choose three.) Which essential element is needed to perform events analysis and correlation? Which option best describes Dynamic Content Filtering on the web security appliance? When implementing QoS, which Cisco product can be used to provide endpoint-based trusted- traffic marking? Which Cisco ASA's Unified Communications proxy feature manipulates both the signaling and the media channels? The Cisco IronPort S-Series is the first product that provides complete, high-performance, web security. What is another feature? Which statement is true regarding the scanlets within Outbreak Intelligence? Your prospect is unwilling to make major network changes to try the Cisco IronPort web security appliance. What would be an appropriate response? Cisco SSL VPN solution uses which method to provide connections between a Winsock 2, TCP- based application and a private site without requiring administrative privileges? Which Cisco software agent uses content scanning to identify sensitive content and controls the transfer of sensitive content off the local endpoint over removable storage, locally or network- attached hardware, or network applications? What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for redirecting traffic to ScanSafe? Which three statements regarding Virtual Tunnel Interface (VTI) are correct ? (Choose three.) On Cisco IOS routers that are running BGP, which three kinds of traffic filters can be implemented to limit routing information propagation? (Choose three.) Which feature is used to inspect encrypted web traffic for malware? Which method is used to scale Cisco Security MARS deployments? Which EAP authentication method requires both a client and a server digital certificate? What is used to enable IPsec usage across Port Address Translation (PAT) devices? Which statement regarding the Cisco ASA encrypted voice inspection capability is correct? Which two logical controls are available on Cisco lOS routers to limit the damage of physical intrusions? (Choose two.) Which two Cisco products can be used to provide a captive portal to authenticate wireless users? (Choose two.) What is the primary reason that GET VPN is not deployed over the public Internet? An OSPF router (routerA) on the network is running at an abnormally high CPU rate. Using various OSPF debug commands on routerA, the network administrator determines that routerA is receiving many OSPF link state packets from an unknown OSPF neighbor, thus forcing many OSPF path recalculations and affecting routerA's CPU usage. Which OSPF configuration should the administrator enable to prevent this kind of attack on routerA? Which methods are used when implementing a proxy component within a firewall system? Pharming attacks, which are used to fool users into submitting sensitive information to malicious servers, typically involve which attack method? Which type of web content is most likely to be blocked by DCA? MPLS VPN does not provide or support which of the following? Which key benefit does DTLS offer over TLS? What customer data do you generally need to know when deciding which size appliance to recommend? What are two differences between symmetric and asymmetric encryption algorithms? (Choose two.)