642-584 - Security Solutions for Systems Engineers SSSE
Go back to Cisco
Which three are valid Cisco email security deployment options? (Choose three.)
Hosted email security
Hybrid hosted email security
Managed appliances email security
Which one is an additional feature of Cisco IPS Manager Express as compared to Cisco IPS Device Manager?
More powerful event management
Which of these products is the best choice to prevent undesired content from being sent through a guest connection?
Cisco ISR G2 or Cisco ASA and ScanSafe
Which one of these is a Cisco Nexus 1010 virtual blade?
Which two statements about the Cisco IronPort WSA and Cisco ASA CX Context-Aware Security are true? (Choose two.)
The Cisco WSA is a secure web proxy, while Cisco ASA CX is an inline device.
The Cisco WSA offers comprehensive web security, while Cisco ASA CX offers next-generation firewall features.
Which two statements about standard clients for wireless, wired, and VPN are true? (Choose two.)
Most clients have wireless and VPN clients integrated already.
Services of integrated clients differ per OS and include wireless clients, IPsec clients, and L2TP and PPTP clients.
Which statement about MACsec is true?
MACsec provides Layer 2 hop-by-hop encryption, based on the 802.1AE standard.
Which option best describes what end users require from a BYOD solution?
Consistent experience on multiple devices
Which statement about 802.1X is true?
MAB allows clients that do not support 802.1X to be authenticated based on their MAC address.
Which statement best describes Cisco ISE?
Cisco ISE consolidates user authentication with NAC components into one solution.
Which application is the most critical one regarding malicious content?
Which statement describes an advantage of DV?
DV can prevent end users from downloading confidential data.
Which two statements about the Cisco IronPort Email Security architecture are true? (Choose two.)
Inbound security includes spam defense and virus defense.
Outbound control includes data loss prevention and secure messaging.
Which two attacks target the data link layer in a switched environment? (Choose two.)
MAC address floods
A customer wants to use the Cisco ASA for a VPN to interconnect the central site and three branches. Which type of VPN would you recommend?
IPsec site-to-site VPN
Which two virtual networking services are provided by a Cisco Nexus 1000V? (Choose two.)
Cisco Virtual Security Gateway
Cisco ASA 1000V
What are two advantages of IKEv2 and Cisco FlexVPN? (Choose two.)
Cisco FlexVPN supports interoperability, dynamic routing, direct spoke-to-spoke communication, remote access, source failover, per-peer QoS, and Full AAA management.
IKEv2 consolidates several VPN key management features and standards into one new standard.
Which two are advantages of virtual device contexts? (Choose two.)
Hardware and software fault isolation
Which statement about wireless intrusion prevention and rogue access point detection is true?
A monitor mode access point is dedicated to scanning (listen-only).
Which two features are available with Cisco Secure ACS? (Choose two.)
Authorization based on identity and time
Authorization based on identity and access type
Which statement about wireless LAN security is true?
Classification occurs at the access point; interference impact and data are then sent to the wireless LAN controller.
Which statement is true when comparing Cisco ASA and Cisco ASA CX?
Cisco ASA fits better to the core and data center.
Which statement accurately describes web authentication for secure guest access?
With central web authentication, Cisco ISE serves the web portal.
Which statement about the Cisco IOS Zone-Based Policy Firewall is true?
The Cisco IOS Zone-Based Policy Firewall applies firewall policies to traffic traversing zones.
Which two components are 802.1X components? (Choose two.)
Which statement about SGACL is true?
SGACL does not allow customers to keep the existing local design at the access layer.
Which two questions should you ask when assessing an organization's security needs? (Choose two.)
Are you exploring new cloud business models?
Are you enforcing the same security policies consistently across your organization?
Which statement about IPsec and IPv6 is true?
IPsec support is mandatory in IPv6.
Which three are valid Cisco VPN design options for teleworkers? (Choose three.)
Cisco AnyConnect VPN
Cisco SSL VPN
Cisco Mobile VPN
Which two configurations are performed on Cisco IOS routers when using Cisco AutoSecure? (Choose two.)
Source routing is globally disabled.
Proxy ARP is disabled on all interfaces.
Which statement about Cisco ASA performance and services is true?
Cisco ASA IPS works in conjunction with Cisco SIO in order to provide botnet protection.
Which statement best describes Cisco ScanSafe?
ScanSafe is a cloud-based web security service that provides web filtering and web security.
Which two are key advantages of using Cisco ASDM for Cisco ASA device management? (Choose two.)
Which two are features of the Cisco VPN Internal Service Module for ISR G2? (Choose two.)
Hardware encryption support for IPsec VPN
Hardware encryption support for SSL VPN
Which two statements about the capabilities of the Cisco AnyConnect 3.0 Secure Mobility Client for Windows are true? (Choose two.)
It supports session persistence after hibernation or standby.
Trusted Network Detection allows the connection to be established without any user intervention (authentication), if the client is located inside the office.
Which two statements about CVD and SBA are true? (Choose two.)
CVD includes everything from rough designs to tested versions of software code.
CVD is technology-oriented, while SBA is market- and solution-oriented.
Which management service is provided by the Cisco IronPort M-Series?
Which statement about the OfficeExtend Access Point solution is true?
The local access point establishes a DTLS tunnel to the OfficeExtend Access Point controller that is located at the corporate network?.
Which statement about Cisco Prime is true?
It provides simple and efficient management across architectures, networks, and services.
Which two statements about Cisco IPS are true? (Choose two.)
Cisco ASA-integrated IPS and standalone IPS offer the same features.
The Cisco IPS reputation filter is based on Cisco SIO and allows packets that are received from known malicious sources to be dropped before performing signature-based inspection.
What is not a security concern that is specific to virtualized environments?
Lack of denial-of-service mitigation features
Which three are security features that are applicable to the network edge? (Choose three.)
Email security service
WLAN authorization service
Which feature is an IPv6 security feature that is supported in Cisco IOS devices?
Secure Neighbor Discovery
Which statement about EoMPLS and VPLS is true?
EoMPLS is based on the Pseudowire Reference Model.
Which two options show the correct associations of use cases with VPN technologies? (Choose two.)
SP or large enterprise: MPLS, VPLS, OTV
Site-to-site VPN: GRE, DMVPN, FlexVPN, GET-VPN, IPsec
Which three are security-related advantages of desktop virtualization? (Choose three.)
Storing user data in the data center
Running applications in the data center
Providing isolated VMs