Exam 642-566 preparation questions

Page 1

Exam 642­566 study material Made available by Testkingprep.com

Free 642­566 Exam Preparation Questions Exam 642­566 : Security Solutions for Systems Engineers

For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

Question:1

Which one of the following methods can be used to scale Cisco Security MARS deployments? A. Use the Cisco Security MARS syslog forwarding feature to offload the syslog storage requirement to an external server. B. Migrate from the Gen1 to Gen2 Cisco Security MARS platforms. C. Use redundant or duplicated Cisco Security MARS appliances to implement a multi­tier architecture. D. Divide the network into multiple zones, then use the global/local controllers approach.

Answer: D Question:2 Which type of native encryption is supported by the LWAPP protocol? A. RC5 B. IDEA C. ECC D. AES

Answer: D Question:3 Cisco IOS Intrusion Prevention System (IPS) is an inline, deep­packet inspection feature that effectively mitigates a wide range of network attacks. A component of the Cisco IOS Integrated Threat Control framework and complemented by Cisco IOS Flexible Packet Matching feature, Cisco IOS IPS provides your network with the intelligence to accurately identify, classify, and stop or block malicious traffic in real time .Which statement is true regarding Cisco IOS IPS performance and capabilities? A. It has a minimal impact on router memory. B. It uses a parallel signature­scanning engine to scan for multiple patterns within a signature micro­engine at any given time. C. It offers a wider signature coverage than the IDSM­2 module. D. It should be enabled to maximize the coverage, except for false­positives reduction. Answer: B

Question:4 Given: 1.IPsec VPNs 2.AAA 3.redundant WAN devices 4.host IPS 5.Cisco NAC appliance I.Denial of Sercice attacks II.breaking into the WAN routers III.network traffic eavesdropping Select the best security control to minimize the WAN security threats. Not all the security controls are required. A. I­1, II­2, III­3 B. I­3, II­1, III­2 C. I­3, II­2, III­1 D. I­5, II­1, III­2

Answer: C Question:5 For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

Which two protocols can perform high­availability IPS design by use of the Cisco IPS 4200 Series Sensor appliance? (Choose two.) A. Spanning tree B. HSRP C. EtherChannel load balancing D. SDEE

Answer: A, C Question:6

IPS platform____ can operate in inline mode only. A. Cisco IPS 4200 Series Sensor B. IDSM­2 C. Cisco IOS IPS D. Cisco ASA AIP SSM

Answer: C Question:7

Which functionality can be used by the Cisco Security MARS security appliance to achieve events aggregation? A. Events action filters B. Cisco Security Manager policy correlations C. Summarization D. Sessionization Answer: D

Question:8 Study the exhibit below carefully, which statement is true about the security architecture, which is used to protect the multi­tiered web application?

A. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth. For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

B. This architecture supports application tiers that are dual homed. C. All the servers are protected by the dual­tier firewall systems and do not require additional endpoint security controls. D. The second­tier Cisco ASA AIP­SSM should be tuned for inspecting Oracle attack signatures.

Answer: D Question:9 Deploying the NAC appliance in in­band mode is better than out­of­band ode. Why? A. Bandwidth enforcement policy B. Nessus scanning C. NAC Appliance Agent deployment D. Higher number of users per NAC Appliance

Answer: A Question:10 Study the exhibit below carefully, in order to support IPsec VPN, which three traffic types should ACL1 permit on the firewall in front of the IPsec VPN gateway? (Choose three.)

A. IP protocol 50 B. UDP port 10000 C. UDP port 500 D. UDP port 4500

Answer: A, C, D

For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

For complete Exam 642-566 Training kits and Self-Paced Study Material Visit: http://www.testkingprep.com/642-566.html

http://www.testkingprep.com/

For Latest 642­566 Exam Questions and study guides­ visit­ http://www.testkingprep.com/642­566.html

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.