Cisco 642-565 Free Dumps, Money Back Guarantee Cisco 642-565 Guide Provider For Download

Flydumps certification Cisco 642-565 exam is a very important Hitachi certification exam in the IT industry, would like the examination must be fully prepared for the Cisco 642-565 exam is necessary. If you choose to enroll in the Cisco 642-565 exam you should choose a good learning materials or to choose a good training methods to prepare for the Cisco 642-565 exam. The Select Flydumps 100% to help you pass the Cisco 642-565 exam, according to the Cisco 642-565 exam subjects Flydumps Cisco 642-565 test is constantly changing, constantly update will provide the latest content of the Cisco 642-565. Flydumps have real and original Cisco 642-565 exam sample questions for preparing. Flydumps Cisco 642-565 exam sample questions and a close resemblance to the real Cisco 642-565 exam practice questions and answers.

QUESTION 124
Which encryption protocol is suitable for an enterprise with standard security requirements?
A. SHA-256
B. 768-bit RSA encryption
C. DES
D. MD5
E. AES-128

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Which three factors can affect the risk of an IPS alert? (Choose three.)
A. Attacker Location
B. Relevance
C. Signature Fidelity
D. Event Severity
E. Signature Priority
F. Asset Integrity
Correct Answer: BCD Section: (none) Explanation

Explanation/Reference:
QUESTION 126
Which encryption protocol is suitable for an enterprise with standard security requirements?
A. 768-bit RSA encryption
B. SHA-256
C. AES-128
D. MD5
E. DES

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Which three of these items are features of the Cisco Secure Access Control Server? (Choose three.)
A. CA Database
B. LDAP
C. RSA Certificates
D. Kerberos
E. NDS
F. Local OTP

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Which two of these characteristics apply to promiscuous IPS operation? (Choose two.)
A. Invisible to the attacker
B. Impacts connectivity in case of failure or overload
C. Increase latency
D. Can use stream normalization techniques
E. Typically used with SPAN on the Switches
F. Less vulnerable to evasion techniques than inline mode

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 129
Your company whishes to adopt the Adaptive Threat Defense Architecture in their security policy. Identify three components of the anti-X defense paillar. (Choose three.)
A. URL filtering
B. Distributed denial-of-servicemitifation
C. Anomaly detection
D. Application-level role-based access control
E. Network auditing
F. Transaction privacy

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which three security controls can be provided by digital signatures? (Choose three.)
A. Anti-replay
B. Integrity
C. Authenticity
D. Nonrepudiation

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 131
What are three advantages of Cisco Security MARS? (Choose three.)
A. Performs automatic mitigation on Layer 2 devices
B. Contains scalable, distributed event analysis architecture
C. Is network topologyaware
D. Fixes Vulnerable and infected devices automatically
E. Provides rapid profile-based provisioning capabilities
F. Ensures that he user device is not vulnerable

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 132
Which two of these statements describe feature of the NAC Appliance Architecture? (Choose two.)
A. The standard NAC Appliance Manger can manage up to 40 NAC Appliance Servers failover pairs
B. The NAC Appliance Agent is bundled with the NAC Appliance Server Software
C. NAC Appliance Agent has the auto-upgrade feature
D. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band)
E. NAC Appliance high availability VRRP

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Which IPS feature models worm behavior and correlates the specific time between events, network behavior and multiple exploit behavior to more accurately identify and stop worms?
A. Meta Event Generator
B. Security Device Event Exchange support
C. Risk Rating
D. Traffic normalization

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which two are main security drivers? (Choose two.)
A. Business needs
B. Optimal network operation
C. Compliance with company policy
D. Increased productivity
E. Security legislation

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 135
What are the major characteristics for designing a VPN for existing networks?
A. Performance, topology and price
B. Topology, high availability, security, scalability, manageability and performance
C. Intended use, existing installation and desired functionality
D. Vendors and the functionality of the installed equipment

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 136
A. Span, flexibility, security and low cost What are the advantage of IPSec-based Site-to-Site VPNS over traditional WAN networks?
B. Delay guarantees, span, performance, security and low cost
C. Bandwidth guarantees, support for non-IP Protocols, Scalability and modular design guidelines
D. Bandwidth guarantees, flexibility, security and low cost

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 137
Refer to the following Cisco products, which two can provide a captive portal to authenticate wireless users? (Choose two.)
A. Cisco NAC Profiler
B. WLAN Controller
C. Cisco NAC Guest Server
D. Cisco ASA

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 138
Which option is correct about the relationship between the terms and their descriptions? Term
1.
true positives

2.
false positives

3.
ture negatives

4.
false negatives
A. security control has not acted,even though there was malicious activity
B. security control has not acted,as there was no malicious activity
C. security control acted as a consequence of non-malicious activity
D. security control acted as a consequence of malicious activity
E. a-4,b-3,c-2,d-1
F. a-4,b-3,c-1,d-2
G. a-4,b-2,c-1,d-3
H. a-4,b-2,c-3,d-1

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 139
Observe the following Cisco software agents carefully, can you tell me which one uses content scanning to identify sensitive content and controls the transfer of sensitive content off the local endpoint over removable storage, locally or network-attached hardware, or network applications?
A. CiscoIronPort Agent 3.0
B. Cisco Trust Agent 2.0
C. Cisco NAC Appliance Agent 4.1.3
D. Cisco Security Agent 6.0

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Look at the following items carefully, which Cisco ASA’s Unified Communications proxy feature manipulates both the signaling and the media channels?
A. CUMA Proxy
B. TLS Proxy
C. H.323 Proxy
D. Phone Proxy

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 141
Which Cisco product can provide endpoint-based trusted-traffic marking while implementing QoS?
A. Cisco Trust Agent
B. Cisco Secure Services Client
C. Cisco Secure Desktop
D. Cisco Security Agent

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 142
In multi-tier applications and multi-tier firewall designs, which additional security control can be used to force an attacker to compromise the exposed server before the attacker attempts to penetrate the more protected domains?
A. Implement host IPS on the exposed servers in the DMZs.
B. Make exposed servers in the DMZs dual homed.
C. At each tier, implement a transparent proxy component within the firewall system.
D. Implement in-band network admission control at the first tier.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 143
You are the network consultant from Company.com. Please point out three technologies address ISO 17799 requirements for unauthorized access prevention.
A. VPN
B. Cisco Secure Access Control Server
C. 802.1X
D. Network Admission Control

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 144
Which Cisco Catalyst Series switch feature can be used to integrate a tap-mode (promiscuous mode) IDS/IPS sensor into the network?
A. PVLAN Trunk
B. PVLAN Edge
C. Cisco Express Forwarding Switching
D. Switch Port ANalyzer (SPAN)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Flydumps.com New Cisco 642-565 dumps are designed to help you to out in a short time. You can get Flydumps Cisco 642-565 dumps to pass your exam. To be a Microsoft professional makes you a better future.

Cisco 642-565 Free Dumps, Money Back Guarantee Cisco 642-565 Guide Provider For Download

Cisco 642-565 PDF, New Updated Cisco 642-565 Vce & PDF Is Your Best Choice

Flydumps bring you the best Cisco 642-565 Certification exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-565 exam updates as Microsoft announces a change in its Cisco 642-565 exam syllabus,we inform you about it without delay.

QUESTION 101
When implementing a Cisco Integrated Services Router, which feature would you apply to achieve application security?
A. Access control lists
B. Alerts and audit trails
C. Lock-and-key (dynamic access control lists)
D. Context-based Access Control

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information and can be used for intranets, extranets and the Internet. CBAC is implemented on Cisco IOS routers via the firewall feature set. Without CBAC, traffic filtering is limited to access list implementations that examine packets at the networklayer, or at most, the transportlayer. However, CBAC examines not only networklayer and transportlayer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session. This allows support of protocols that involve multiple channels created as a result of negotiations in the control channel. Most of the multimedia protocols as well as some other protocols (such as FTP, RPC, and SQL*Net) involve multiple channels. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/ products_configuration_guide_chapter09186a00800 c
QUESTION 102
Which statement is true about the built-in hardware-based encryption that is included with Cisco Integrated Services Routers?
A. It supports SRTP
B. It supports 256-bit AES encryption
C. It is two times faster than previous modules
D. It stores VPN credentials

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
The ISR router series provides built-in VPN encryption acceleration for IPSec DES, 3DES, and AES 128,
192, and 256.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 2-13.

QUESTION 103
Certkiller is a network administrator at Certkiller .com. Certkiller .com wants to implement command authorization for tighter control of user access rights. Which combination of authentication server and authentication protocol is able to best meet this requirement?
A. Cisco Secure ACS server and RADIUS
B. Cisco Secure ACS server and TACACS+
C. Microsoft IAS server and RADIUS
D. Microsoft Windows Domain Controller and Kerberos

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Secure Access Control Server (ACS) for Windows provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to control:
*
Who can log into the network

*
The privileges each user has in the network

*
Recorded security audit or account billing information

*
Access and command controls that are enabled for each configuration’s administrator Cisco Secure ACS is a major component of Cisco trust and identity networking security solutions. It extends access security by combining authentication, user and administrator access, and policy control from a centralized identity networking framework, thereby allowing greater flexibility and mobility, increased security, and user productivity gains. The TACACS+ protocol provides authentication between the network access server and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between a network access server and a TACACS+ daemon are encrypted. TACACS+ was designed by Cisco to overcome some of the imitations of RADIUS and is therefore considered to be more secure. RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information, making it difficult to decouple authentication and authorization. RADIUS also encrypts only the password in the access-request packet from the client to the server. The remainder of the packet is in the clear. Other information, such as username, authorized services, and accounting, can be captured by a third party. Reference: http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/secsols/aaasols/c262c1.htm#1034907
QUESTION 104
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about secure
features. Match the features with the appropriate description.
Use each feature once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation:
Allows control of web traffic based on sec policy – URL filtering Can control protocol misuse – Application-
based filtering (NBAR – Network Based Application Recognition)
Can proactively stop Net Attacks – unmatched (This describes IPS, which is not an option)
Leads to smaller holes in ACL – State full inspection (No need to authorize return traffic) Allows designated
users to gain temporary access- Lock-and-Key

QUESTION 105
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about secure
Cisco IOS VPN technology. Match the technology with the appropriate benefit.
Use each technology once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 106

DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about firewall
features. Match the features with the appropriate descriptions.
Use each feature once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

QUESTION 107
Cisco MARS is being used in the Certkiller network. What is a feature or function of Cisco Security MARS?
A. MARS enforces authorization policies and privileges
B. MARS determines security incidents based on device messages, events, and sessions
C. MARS configures, monitors, and troubleshoots Cisco security products
D. MARS supports AAA user login authentication
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: With MARS, as events and data messages are received, the information is normalized against the topology, discovered device configurations, same source and destination applications (across Network Address Translation [NAT] boundaries), and similar attack types. Similar events are grouped into sessions in real time. System- and user-defined correlation rules are then applied to multiple sessions to identify incidents.
QUESTION 108
Cisco Clean Access has been implemented in the Certkiller network. What are the two main reasons for customers to implement Cisco Clean Access? (Choose two)
A. Enforcement of security policies by making compliance a condition of access
B. Focus on validated incidents, not investigating isolated events
C. Integrated network intelligence for superior event aggregation, reduction, and correlation
D. Provision of secure remote access
E. Significant cost savings by automating the process of repairing and updating user machines
F. Implementation of NAC phase 1

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network’s security policies and repairs any vulnerabilities before permitting access to the network. Networks with Cisco NAC Appliance can realize benefits such as:
*
Minimized network outages

*
Enforcement of security policies

*
Significant cost savings with automated device repairs and updates Reference: http://www.cisco.com/en/ US/products/ps6128/index.html
QUESTION 109
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about Cisco
Security modules. Match the modules with the appropriate descriptions.
Not all descriptions are used.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 110

A new MARS appliance has been installed in the Certkiller network. What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance?
A. To discover and display the full topology
B. To import the device configuration
C. To pull the log information from devices
D. To reconfigure managed devices

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco routers and switches that are running Cisco IOS Software release 12.2 can be configured to provide different types of data to MARS: Syslog messages. The syslog messages provide information about activities on the network, including accepted and rejected sessions. SNMP traffic. SNMP RO community strings support the discovery of your network’s topology. NAC-specific data. NAC logs events that are specific to its configuration, including Extensible Authentication Protocol (EAP) over UDP messages and 802.1x accounting messages. Access lists or NAT statements. You must enable SSH or Telnet access if the configuration on the Cisco router or swtich includes access lists or NAT statements. Spanning tree messages (Switch only). You must have STP (spanning tree protocol) configured correctly on the switches to enable L2 discovery and mitigation. STP provides MARS with access to the L2 MIB, which is required to identify L2 re-routes of traffic and to perform L2 mitigation. MARS also uses the MIB to identify trunks to other switches, which are used to populate VLAN information used in L2 path calculations. STP, which is enabled by default on Cisco Switches, should remain enabled, as it is required for L2 mitigation. Reference: http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008074f215.html
QUESTION 111
What could be a reason to implement Cisco Security Agent?
A. To prevent Day Zero attacks
B. To communicate the host posture validation to a policy server
C. To track the Internet usage of employees
D. To validate policy compliance

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Current supported versions of Cisco Security Agent 4.0.3.x, 4.5.1.x, 5.0.0.x, and 5.1.0.x are effective in
stopping all known exploits seen to date, thus providing “Zero-Day” protection at the end host. CSA host
intrusion prevention system software effectively stops both the initial buffer overflow attempt and any
subsequent steps to exploit the Microsoft Windows VML document arbitrary code execution vulnerability.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5057/
tsd_products_security_response09186a008074f075.h t

QUESTION 112
Which two are parts of the Network Security Lifecycle? (Choose two)
A. Purchase
B. Operate
C. Integrate
D. Design
E. Develop

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The Network Security lifecycle is based on the lifecycle of the network itself as shown in the figure below. It
includes the Preparation, Planning, Design, Implementation, Operation, and Optimization components..
QUESTION 113
A new MARS appliance has been installed in the Certkiller network. On the Cisco Security MARS appliance, what is used to facilitate the management of Event, IP, Service and User management?
A. Groups
B. Custom parser
C. Rules
D. Signatures
E. Audit trail log

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Using a creating event groups is one of the most powerful ways to leverage rules. You can take any event
or series of events, group them, and use them with rules to concentrate your searches for attacks. Groups
are also used to facilitate the IP management, Service Management, and User Management tabs within
the MARS local and Global Controllers. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 6, page 4-35 through 4-36.

QUESTION 114
Which two features work together to provide Anti-X defense? (Choose two)
A. Enhanced application inspection engines
B. Enhanced security state assessment
C. Cisco IPS version 5.0 technology
D. Network security event correlation
E. Cisco IOS AutoSecure

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco Intrusion Prevention System (IPS) Version 5.0 Solutions deliver a new generation of highly accurate and intelligent in-line prevention services complemented by new network anti-virus, anti-spyware and worm mitigation capabilities for improved threat defense across multiple form factors including appliances, switch-integrated modules, and Cisco IOSSoftware-based solutions using enhanced application inspection engines.
QUESTION 115
Which three components should be included in a security policy? (Choose three)
A. Identification and authentication policy
B. Incident handling procedure
C. Security best practice
D. Security product recommendation
E. Software specifications
F. Statement of authority and scope

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
Explanation:
A Security policy is used to define and set a good foundation for securing the network, including:
Definition: Define the data assets to be covered by the security policy (statement of authority and scope).
Identity: How do you identify the hosts and applications affected by this policy. Trust: Under what
conditions is communication allowed between hosts. Enforceability: How will the policies implementation
be verified. Risk Assessment: What is the impact of a policy violation and how to detect them. Incident
Response: What actions are required upon violation of a security policy. Reference: Security Solutions for
SE (SSSE) v1.0 Student Guide, Module 1, page 1-25.

QUESTION 116
A new MARS appliance has been installed in the Certkiller network. Which statement is true about the Cisco Security MARS Global Controller?
A. The Global Controller receives detailed incidents information from the Local Controllers, and correlates the incidents between multiple Local Controllers.
B. The Global Controller centrally manages a group of Local Controllers.
C. Rules that are created on a Local Controller can be pushed to the Global Controller.
D. Most data archiving is done by the Global Controller.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The MARS GlobalController is a security threat mitigation (STM) appliance. Once you deploy multiple LocalControllers, you can deploy a GlobalController that summarizes the findings of two or more LocalControllers. In this way, the GlobalController enables you to scale your network monitoring without increasing the management burden. The GlobalController provides a single user interface for defining new device types, inspection rules, and queries, and it enables you to manage LocalControllers under its control. This management includes defining administrative accounts and performing remote, distributed upgrades of the LocalControllers. Reference: http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008053fdeb.html
QUESTION 117
Which Cisco IOS feature uses multipoint GRE and the Next Hop Resolution Protocol to create dynamic IPSec tunnels between spoke (branch) sites?
A. Easy VPN
B. V3PN
C. DMVPN
D. Web VPN

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). With DMVPN, The Dynamic Creation for Spoke-to-Spoke Tunnels feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them so data can be directly transferred. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/ products_feature_guide09186a0080110ba1.html
QUESTION 118
When a FWSM is operating in transparent mode, what is true?
A. Each interface must be on the same VLAN.
B. The FWSM does not support multiple security contexts.
C. Each directly connected network must be on the same subnet.
D. The FWSM supports up to 256 VLANs.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
Explanation: In transparent mode, the FWSM acts like a “bump in the wire,” or a “stealth firewall,” and is not a router hop. The FWSM connects the same network on its inside and outside interfaces, but each interface must be on a different VLAN (only 2 VLANs). No dynamic routing protocols or NAT are required. However, like routed mode, transparent mode also requires ACLs to allow any traffic through aside from ARP packets. Transparent mode can allow certain types of traffic in an ACL that are blocked by routed mode, including unsupported routing protocols and multicast traffic. Transparent mode can also optionally use EtherType ACLs to allow non-IP traffic. Transparent mode only supports two interfaces, an inside interface and an outside interface, with each interface in the same IP subnet. Reference: http://www.cisco.com/en/US/partner/products/hw/switches/ps708/ products_module_configuration_guide_chapt e
QUESTION 119
Which three are included with the Cisco Security Agent? (Choose three)
A. Buffer overflow protection
B. Day Zero virus and worm protection
C. Cisco Easy VPN Client
D. Host-based intrusion prevention
E. Plug-in interface to query posture providers
F. Packet sniffer

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal impact to the stability and performance of the underlying operating system. The software’s unique architecture intercepts all operating system calls to file, network, and registry sources, as well as to dynamic run-time resources such as memory pages, shared library modules, and COM objects. The agent applies unique intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications. This correlation and subsequent understanding of an application’s behavior is what allows the software-as directed by the security staff-to prevent new intrusions on the individual hosts. The Cisco Security Agent provides numerous benefits, including: The ability to aggregate and extend multiple endpoint security functions-the Cisco Security Agent provides host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation, all within a single agent Preventive protection against entire classes of attacks, including port scans, buffer overflows, Trojan horses, malformed packets, malicious HTML requests, and e-mail worms “Zero update” prevention for known and unknown attacks Reference: http://www.cisco.com/en/US/partner/products/sw/secursw/ps5057/ products_data_sheet0900aecd80440398.html
QUESTION 120
A new MARS appliance has been installed in the Certkiller network. What is a valid step when setting up the Cisco Security MARS appliance for data archiving?
A. Specify the remote CIFS server.
B. Specify the remote FTP server.
C. Specify the remote NFS server.
D. Specify the remote TFTP server.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
Explanation:
You can archive data from a MARS Appliance and use that data to restore the operating system (OS),
system configuration settings, dynamic data (event data), or the complete system. The appliance archives
and restores data to and from an external network-attached storage (NAS) system using the network file
system (NFS) protocol. Only a NFS or a NAS using the NFS protocol is supported on the Cisco MARS.

Flydumps.com Cisco 642-565 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps.com assistance.

Cisco 642-565 PDF, New Updated Cisco 642-565 Vce & PDF Is Your Best Choice

Cisco 642-565 Practice Questions, Latest Upload Cisco 642-565 Certification Material Provider On Sale

Welcome to download the newest Pass4itsure hp0-m52 VCE dumps: http://www.pass4itsure.com/hp0-m52.html

Attention Please:Professional new version Cisco 642-565 PDF and VCE dumps can now free download on Flydumps.com,all are updated timely by our experts covering all Cisco 642-565 new questions and questions.100 percent pass your exam.

QUESTION 64
How does CSA protect endpoints?
A. uses signatures to detect and stop attacks
B. uses deep-packet application inspections to control application misuse and abuse
C. uses file system, network, registry, and execution space interceptors to stop malicious activity
D. works in conjunction with antivirus software to lock down the OS
E. works at the application layer to provide buffer overflow protection

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 65
How is Cisco IOS Control Plane Policing achieved?
A. by adding a service-policy to virtual terminal lines and the console port
B. by applying a QoS policy in control plane configuration mode
C. by disabling unused services
D. by rate-limiting the exchange of routing protocol updates
E. by using AutoQoS to rate-limit the control plane traffic

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 67
When a FWSM is operating in transparent mode, what is true?
A. Each interface must be on the same VLAN.
B. The FWSM does not support multiple security contexts.
C. Each directly connected network must be on the same subnet.
D. The FWSM supports up to 256 VLANs.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which of these characteristics is a feature of AES?
A. It has a variable key length.
B. It provides strong encryption and authentication.
C. It should be used with key lengths greater than 1024 bits.
D. It is not supported by hardware accelerators but runs very fast in software.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which three Cisco security products help to prevent application misuse and abuse? (Choose three.)
A. Cisco ASA 5500 Series Adaptive Security Appliances
B. NAC Appliance (Cisco Clean Access)
C. Cisco Traffic Anomaly Detector
D. Cisco Security Agent
E. Cisco Trust Agent
F. Cisco IOS FW and IPS

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Identify two ways to create a long-duration query on the Cisco Security MARS appliance. (Choose two.)
A. by modifying an existing report
B. by saving a query as a report
C. by submitting a query in line
D. by submitting a batch query
E. by saving a query as a rule

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:

Flydumps.com never believes in second chances and hence bring you the best Cisco 642-565 exam preparation materials which will make you pass in the first attempt. Flydumps.com experts have complied the fail proof Cisco 642-565 exam content to help you pass your Cisco 642-565 certification exam in the first attempt and score the top possible grades too.

Pass4itsure hp0-m52 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/hp0-m52.html

Cisco 642-565 Practice Questions, Latest Upload Cisco 642-565 Certification Material Provider On Sale

Cisco 642-565 Test Software, Easily To Pass Cisco 642-565 Exam With High Quality

Welcome to download the newest Jumpexam C2090-611 VCE dumps: http://www.jumpexam.com/C2090-611.html

Flydumps just published the newest Cisco 642-565 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Cisco 642-565 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Cisco 642-565 version VCE Player along with your VCE dumps.

QUESTION 71
The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and Flash). What is the objective of the Cisco IOS resilient configuration?
A. Improve the sped of Cisco IOS image or configuration recovery process
B. Enable primary and backup operations of two Cisco IOS routers
C. Allow a compromise of the router
D. Enable redundant Cisco IOS images for fault tolerance router operations

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which three functions can be provided by the Cisco ACE 4710 Appliance in the enterprise data center? (Choose three.)
A. HTTPS session decryption through SSL/TLS termination
B. SYN flooding attacks protection
C. XML firewalling
D. HTTP protocol verification

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Secure Sockets Layer (SSL) is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks such as the interne. When SSL uses TCP encapsulation on Cisco SSL VPNs, the user’s TCP session is transported over another TCP session, thus making flow control inefficient if a packet is lost. Which is the best solution of this problem?
A. DAP
B. Cisco Secure Desktop
C. DTLS
D. SSL Traversal

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which method can be used by Cisco SSL VPN solution to provide connections between a Winsock2, TCP-based application and a private site without requiring administrative privileges?
A. Application plug-ins
B. Port Forwarding
C. Cisco Secure Desktop
D. Smart tunnels

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Study the exhibit below carefully, which statement is true about the security architecture, which is used to protect the multi-tiered web application?

A. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth.
B. This architecture supports application tiers that are dual homed.
C. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls.
D. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 76
You work as a network operator for an IT company. You have just detected a distributed DoS attack which appears to have sources from many hosts in network X/24. You must take preventive action to block all offending traffic, so you announce a BGP route, with the next-hop attribute of 172.31.1.1, for the X/24 network of the attacker. Which two methods will be adopted by the routers at the regional office, branch office, and telecommuter location to prevent traffic going to and from the attacker? (Choose two.)

A. a prefix list to block routing updates about the X/24 network
B. a static route to 172.31.1.1/32, which points to a null interface
C. a dynamic ACL entry to block any traffic that is sourced from the X/24 network
D. strict uRPF

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 77
You are a network engineer of your company. Study the following exhibit carefully, which three Cisco IOS features could be used on the VPN gateways (Cisco IOS routers) to implement high availability for remote-access IPsec VPN? (Choose three.)

A. Dynamic VTIs
B. Reverse Route Injection (RRI)
C. cooperative key servers
D. Dead Peer Detection (DPD)

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which Cisco Security product is used to perform a Security Posture Assessment of client workstations?
A. Adaptive Security Appliance
B. Cisco Security Agent
C. Cisco Security Posture Assessment Tool
D. Cisco NAS Appliance
E. Cisco ACS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which three policy types can be assigned to a network user role in the Cisco NAC Appliance architecture? (Choose three.)
A. Allowed IP Address ranges
B. Network Port Scanning Plug-ins
C. VPN and roaming policies
D. Inactivity period
E. Session Duration
F. Minimum Password length

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which two components should be included in a network design document? (Choose two.)
A. Complete network blueprint
B. Operating Expense
C. Risk Analysis
D. Configuration for each device
E. Detailed part list

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Look at the picture.
Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 82
Which statement is true about the Cisco Security MARS Global Controller?
A. Rules that are created on a Local Controller can be pushed to the Global Controller
B. Most data archiving is done by the Global Controller
C. The Global Controller receives detailed incidents information from the Local Controllers and correlates the incidents between multiple Local Controllers
D. The Global Controller Centrally Manages of a group of Local Controllers

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which certificates are needed for a device to join a certificate-authenticated network?
A. The Certificates of the device and its peer
B. The Certificates of the certificate authority, the device and the peer
C. The Certificates of the certificate authority and the peer
D. The Certificates of the certificate authority and the device

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 84
Which three Cisco Security products help to prevent application misuse and abuse? (Choose three.)
A. Cisco ASA 5500 Series Adaptive Security Appliances
B. Cisco IOS FW and IPS
C. Cisco Traffic Anomaly Detector
D. Cisco Security Agent
E. Cisco Trust Agent
F. NAC Appliance (Cisco Clean Access)

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
You work as a network engineer at Your company. Your boss, , is interested attack methodologies. Match the descriptions with the proper methodology. Use only options that apply.
Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 86
Which two of these features are integrated security components of the Cisco Adaptive Security Appliance? (Chose two.)
A. VRF-aware firewall
B. Cisco ASA AIP SSM
C. VTI
D. Control Plane Policing
E. Anti-X
F. DMVPN

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which two of these statements describes features of the NAC Appliance architecture? (Choose two.)
A. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band)
B. NAC Appliance Agent has the auto-upgrade feature
C. NAC Appliance High Availability uses VRRP
D. The standard NAC Appliance Managercan mange up to 40 NAC Appliance Servers failover pairs
E. The NAC Appliance Agent is bundled with the NAC Appliance Server Software

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which three of these security products complement each other to achieve a secure remote-access solution? (Choose three.)
A. Cisco GET VPN
B. Cisco Security MARS
C. URL Filtering Server
D. Cisco Secure Access Control Server
E. NAC Appliance
F. Adaptive Security Appliance

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What are two functions of Cisco Security Agent? (Choose two.)
A. Span Filtering
B. Authentication
C. Resource Protection
D. User tracking
E. Control of Executable Content

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which two should be included in an analysis of a security posture assessment? (Choose two.)
A. Identification of bottlenecks inside the network
B. Recommendations based on security best practice
C. Identification of critical deficiencies
D. Service offer
E. Detailed action plan

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which three of these security products complement each other to achieve a secure-e-banking solution? (Choose three.)
A. Cisco Trust Agent
B. CCA Agent
C. Cisco Security Agent
D. Cisco IOS DMVPN
E. Cisco Intrusion Prevention System
F. Cisco Adaptive Security Appliance

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Your company, wants to implement the PCI Data Security Standard to protect sensitive cardholder information. They are planning to use RSA to ensure data privacy, integrity and origin authentication. Which two of these statements describe features of the RSA keys? (Choose two.)
A. The private key only decrypts
B. The private key both encrypts and decrypts
C. The public key only decrypts
D. The public key both encrypts and decrypts
E. The private key only encrypts
F. The public key only encrypts

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which three technologies address SO 17799 requirements for unauthorized access prevention? (Choose three.)
A. Cisco Secure Access Control Server
B. 802.1X
C. SSL VPN
D. Network Admission Control
E. Intrusion Prevention System
F. Cisco Security MARS
Correct Answer: ABD Section: (none) Explanation

Explanation/Reference:
QUESTION 94
Which two of these features are supported by Cisco Security MARS running software version 4.2.x? (Choose two.)
A. Attack capture and playback
B. Use login authentication using external AAA Server
C. Inline or promiscuous mode operation
D. NetFlow for Network profiling and anomaly detection
E. Role-based access and dashboards
F. Hierarchical Design using global and local controllers

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which of these characteristics is a feature of AES?
A. It is not supported by hardware accelerators but runs very fast in software
B. It provides strong encryption and authentication
C. It has a variable key length
D. It should be used with key lengths greater than 1024 bits

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which protocol should be used to provide secure communications when performing shunning on a network device?
A. SSH
B. Telnet
C. SNMPV2
D. SSL
E. SNMPv3

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 97 DRAG DROP
Look at the picture.
Select and Place:

Correct Answer:

Section: (none)

Explanation
Explanation/Reference:
QUESTION 98
How does CSA protect endpoints?
A. Uses deep-packet application inspection to control application misuse and abuse
B. Uses file system, network, registry and execution space interceptors to stop malicious activity
C. Works at the application layer to provide buffer overflow protection
D. Uses signatures to detect and stop attacks
E. Works in conjunction with antivirus software to lock down the OS

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
What are the advantages of IPSec-based site-to-site VPNs over traditional WAN networks?
A. Delay guarantees, span, performance, security and low cost
B. Span, flexibility, security and low cost
C. Bandwidth guarantees, support for non-IP protocols, scalability and modular design guidelines
D. Bandwidth guarantees, flexibility, security and low cost

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Identify two ways to create a long-duration query on the Cisco Security MARS Appliance. (Choose two.)
A. By Modifying an existing report
B. By submitting a query inline
C. By Submitting a batch query
D. By saving a query as a rule
E. By saving a query as a report

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Security state assessment
B. Network Security event correlation
C. CiscoAutoSecure
D. Enhanced Application inspection engines
E. Cisco IPS Sensors

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Which IPS platform can operate in inline mode only?
A. Cisco ASA AIP SSM
B. IDSM-2
C. Cisco IPS 4200 Series Sensor
D. Cisco IOS IPS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Which three components should be included in a security policy? (Choose three.)
A. Security best practice
B. Incident handling procedure
C. Software Specifications
D. Statement of authority and scope
E. Security product recommendation
F. Identification and authentication policy

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 104
What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS Appliance?
A. To pull the log information from devices
B. To reconfigure managed devices
C. To discover and display the full topology
D. To import the device configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 105
What are three advantages of Cisco Security MARS? (Choose three.)
A. Fixes Vulnerable and infected devices automatically
B. Is network topologyaware
C. Provides rapid profile-based provisioning capabilities
D. Contains scalable, distributed event analysis architecture
E. Performs automatic mitigation on Layer 2 devices
F. Ensures that he user device is not vulnerable

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 106
What is the security issue in classic packet filtering of active FTP sessions?
A. The established keyword can’t be used for control or data sessions
B. Allowing control sessions to the client opens up all the high ports on the client
C. Allowing data sessions to the clientopens up all the high ports on the client
D. The control session can’t be adequately filtered

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which two components should be included in a detailed design documents for a security solution? (Choose two.)
A. Traffic growth forecast
B. Data Source
C. Proof of concept
D. Existing Network Infrastructure
E. Weak-link description
F. Organizational Chart

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. Cisco IOS IPS signatures have a minimal impact on router memory
B. Cisco IOS IPS offersa wider signature coverage than the IDSM-2 module
C. All Cisco IOS IPS signatures should be enabled to maximize the coverage, except for false-positives reduction
D. Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
How is Cisco IOS Control Plane Policing Achieved?
A. By usingAutoQoS to rate-limit Control Plane traffic
B. By adding a server-policy to virtual terminal lines and the console port
C. By Applying a QoS policy in control plane configuration mode
D. By disabling unused services
E. By Rate limiting the exchange of routing protocol updates

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 110
What are three functions of Cisco Security Agent? (Choose three.)
A. Local Shunning
B. Device-based registry scans
C. Malicious mobile code protection
D. Flexibility against new attacks through customizable signature “on the fly”
E. Spyware and adware protection
F. Protection against buffer overflows

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
What are two main reasons for customer to implement Cisco Clean Access? (Choose Two.)
A. Integrated network intelligence for superior event aggregation, reduction and correlation
B. Enforcement of Security Policies by making compliance a condition of access
C. Provision of secure remote access
D. Significant cost savings by automating the process of repairing and updating user machines
E. Focus on validated incidents, not investigating isolated events
F. Implementation of NAC Phase-1

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 112

Which two statements are true about symmetric key encryption? (Choose two.)
A. RSA is an example of symmetric key encryption
B. The key exchange can take place via anonsecure channel
C. It is typically used to encrypt the content of a message
D. It uses secret-key cryptography
E. Encryption and decryption use different keys

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.)
A. Presence of Cisco Trust Agent
B. Presence of Cisco Security Agent
C. Registry Keys
D. IP Address
E. Microsofthotfixes

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 114
In which two ways do Cisco ASA 5500 Series Adaptive Security Apliance achieve containment and control? (Choose two.)
A. By probing end systems for compliance
B. By Enabling business to create secure connections
C. By preventing unauthorized network access
D. By performing traffic anomaly detection
E. By tracking the state of all network communications

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which two statements mitigate the threat of a SYN flood attack? (Choose two.)
A. MARS floodautomitigation
B. Cisco IOS IPS
C. NAC Appliance Security Posture Validation
D. ASA TCP Intercept
E. ASA Enhanced application inspection
F. Cisco IOS FPM

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which three of these features are key elements of the Adaptive Threat Defense? (Choose three.)
A. Ability of a network to identify, prevent and adapt to security threats
B. Active management and mitigation
C. Multilayer intelligence
D. Blend of IP and Security technologies
E. Dynamic adjustment of risk ratings
F. Feature consistency

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Which two technologies can prevent the Slammer worm from compromising a host? (Choose two.)
A. NAC Appliance Security posture validation
B. ASAstateful firewall
C. Cisco IOS IPS
D. ASA enhanced application inspection
E. Cisco IOS FPM
F. Cisco Trust Agent

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Application inspection engines
B. Enhanced Security state assessment
C. CiscoAutoSecure
D. Network Security event correlation
E. Cisco IPS Sensors

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which primary security design components should be addressed while implementing secure WAN solutions?(Not all design components are required.)
1.
authentication and transmission protection

2.
network infrastructure device hardening

3.
boundary access control

4.
topology

5.
high availability

6.
performance and scalability

7.
resource separation

A. 1, 2, 4, 5, 6
B. 1, 2, 3, 4, 5
C. 1, 2, 3, 5, 6
D. 2, 3, 4, 5, 6

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which two technologies mitigate the threat of a SYN Flood attack? (Choose two.)
A. NAC Appliance Security Posture Validation
B. Cisco IOS IPS
C. ASA Enhanced Application inspection
D. Cisco IOS FPM
E. ASA TCP intercept
F. MARS Floodautomitigation

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two of these features are the most appropriate test parameters for the acceptance test plan of a secure connectivity solution? (Choose two.)
A. Certificate enrollment and revocation
B. High availability
C. Privacy of key exchange
D. Duration of the key refresh operation
E. Resistance Against brute-force attacks

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which two technologies address ISO 17799 requirements in detecting, preventing and responding to attacks and intrusion? (Choose two.)
A. Cisco Trust Agent
B. 802.1X
C. Cisco Security MARS
D. Cisco Security Agent
E. Cisco NAC Appliance
F. DMVPN

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 123
When a FWSM is operating in transparent mode, what is true?
A. The FWSM does not support multiple security contexts
B. Each directly connected network must be on the same subnet
C. The FWSM supports up to 256 VLANs
D. Each interface must be on the same LAN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about Cisco 642-565 exam. Our Cisco 642-565 exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend Cisco 642-565 exam.

Jumpexam C2090-611 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/C2090-611.html

Cisco 642-565 Test Software, Easily To Pass Cisco 642-565 Exam With High Quality

Cisco 642-565 Exam Test Questions, Best Quality Cisco 642-565 Preparation Materials Online Shop

Welcome to download the newest Pass4itsure 312-76 VCE dumps: http://www.pass4itsure.com/312-76.html

Review all FLYDUMPS Cisco 642-565 exam sample questions carefully, we guarantee you wiil pass the Cisco 642-565 exam for you first attempt and get the Cisco Certification successed. The only thing you need to do just is memorizing all the FLYDUMPS Cisco 642-565 exam questions and answers. There are number of IT certifications popular today, on account of their market potential in the field of Information technology. Cisco 642-565 exam is one of these popular certifications which remain the preference of all IT professionals who want to improve their career opportunities.

QUESTION 75
How is Cisco IOS Control Plane Policing achieved?
A. By adding a service-policy to virtual terminal lines and the console port
B. By applying a QoS policy in control plane configuration mode
C. By disabling unused services
D. By rate-limiting the exchange of routing protocol updates
E. By using AutoQoS to rate-limit the control plane traffic
F. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of CiscoIOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch. To configure, follow these detailed steps: Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/ products_feature_guide09186a008052446b.html

QUESTION 76
The Certkiller network is using NAC. Which component of the Cisco NAC framework is responsible for compliance evaluation and policy enforcement?
A. Cisco Secure ACS server
B. Cisco Trust Agent
C. Network access devices
D. Posture validation server

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure ACS extends access security by combining authentication, user and administrator access,
and policy control from a centralized identity networking framework, thereby allowing greater flexibility and
mobility, increased security, and user productivity gains.

Cisco Secure ACS is an important component of the Cisco Network Admission Control (NAC)-an industry initiative sponsored by Cisco Systems that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Cisco Secure ACS 4.0 acts as a policy decision point in NAC deployments, evaluating credentials, determining the state of the host, and sending out per-user authorization to the network access devices. Reference: http://www.cisco.com/en/US/ products/sw/secursw/ps2086/index.html
QUESTION 77
DRAG DROP You work as a network technician at Certkiller .com. Your trainee Sandra is curious about Network Security Lifecycles. Match each action with the appropriate task.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 78

What is a benefit of the Cisco Integrated Services Routers?
A. Intel Xeon CPUs
B. Built-in event correlation engine
C. Built-in encryption acceleration
D. Customer programmable ASIC

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco 800, 1800, 2800, and 3800 Integrated Services Routers (ISR) were designed to incorporate security in every router by making hardware-based encryption a standard feature. This built-in, hardware-based encryption acceleration offloads the VPN processes to provide increased VPN throughput with minimal impact on the router CPU. If additional VPN throughput or scalability is required, optional VPN encryption advanced integration modules (AIMs) are available.
QUESTION 79
The Certkiller network has just implemented CSA for all end hosts. What are three functions of CSA in helping to secure customer environments? (Choose three)
A. Application control
B. Control of executable content
C. Identification of vulnerabilities
D. Probing of systems for compliance
E. Real-time analysis of network traffic
F. System hardening

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
Explanation:
The functions of the CSA are system hardening, resource protection, control of executable content,
application control, and detection. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 4, page 4-3.

QUESTION 80
The Certkiller network just upgraded to the ISR router series. Which two features can the USB eToken for Cisco Integrated Services Router be used for? (Choose two)
A. Distribution and storage of VPN credentials
B. Command authorization
C. One-time passwords
D. Secure deployment of configurations
E. Troubleshooting

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IOS Software-level integration of Aladdin’s eToken drivers provides partners and customers with
enhanced security router practices:

1.
Secure Provisioning of Cisco Router Configurations: Combining eToken drivers with Cisco integrated services routers helps Cisco partners mount router configuration on eToken and securely send them to end customers.

2.
Portable Credential Storage for Cisco VPN: VPN credential storage on eToken provides off-platform generation and secure storage of VPN credentials. Encryption keys are loaded when eToken is plugged in, and removed when eToken is removed. Reference: http://www.aladdin.com/etoken/demos/cisco/ask.asp
QUESTION 81
Refer to the exhibit below. As each spoke site is added, spoke-to-spoke and spoke-to-hub connectivity will
be required. What is the best VPN implementation option in this scenario?
Exhibit:
A. GRE over IPSec with dynamic routing
B. IPSec DMVPN
C. IPSec Easy VPN
D. V3PN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). Benefits of Dynamic Multipoint VPN (DMVPN) Hub Router Configuration Reduction: Currently, for each spoke router, there is a separate block of configuration lines on the hub router that define the crypto map characteristics, the crypto access list, and the GRE tunnel interface. This feature allows users to configure a single mGRE tunnel interface, a single IPsec profile, and no crypto access lists on the hub router to handle all spoke routers. Thus, the size of the configuration on the hub router remains constant even if spoke routers are added to the network. DMVPN architecture can group many spokes into a single multipoint GRE interface, removing the need for a distinct physical or logical interface for each spoke in a native IPsec installation. Automatic IPsec Encryption Initiation GRE has the peer source and destination address configured or resolved with NHRP. Thus, this feature allows IPsec to be immediately triggered for the point-to-point GRE tunneling or when the GRE peer address is resolved via NHRP for the multipoint GRE tunnel. Support for Dynamically Addressed Spoke Routers When using point-to-point GRE and IPsec hub-and-spoke VPN networks, the physical interface IP address of the spoke routers must be known when configuring the hub router because IP address must be configured as the GRE tunnel destination address. This feature allows spoke routers to have dynamic physical interface IP addresses (common for cable and DSL connections). When the spoke router comes online, it will send registration packets to the hub router: within these registration packets, is the current physical interface IP address of this spoke. Dynamic Creation for Spoke-to-Spoke Tunnels This feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them so data can be directly transferred.
VRF Integrated DMVPN DMVPNs can be used to extend the Multiprotocol Label Switching (MPLS) networks that are deployed by service providers to take advantage of the ease of configuration of hub and spokes, to provide support for dynamically addressed customer premises equipment (CPEs), and to provide zero-touch provisioning for adding new spokes into a DMVPN. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/ products_feature_guide09186a0080110ba1.html
QUESTION 82
The Certkiller network is using GRE on their IPSec VPN WAN. What is a benefit of IPSec + GRE?
A. Bandwidth conservation
B. No need for a separate client
C. Full support of Cisco dynamic routing protocols
D. Support of dynamic connections

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk. IPSec with GRE uses generic routing encapsulation (GRE) in order to accomplish routing between the different networks. All routing protocols will be supported as all traffic will be encapsulated within a GRE packet.
QUESTION 83
Which two are true about Cisco AutoSecure? (Choose two)
A. It blocks all IANA-reserved IP address blocks
B. It enables identification service
C. It enables log messages to include sequence numbers and time stamps
D. It disables tcp-keepalives-in and tcp-keepalives-out
E. It removes the exec-timeout

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco AutoSecure performs the following functions:

1. Disables the following Global Services
1.
Finger

2.
PAD

3.
Small Servers

4.
Bootp

5.
HTTP service

6.
Identification Service

7.
CDP

8.
NTP

9.
Source Routing
2. Enables the following Global Services
1.
Password-encryption service

2.
Tuning of scheduler interval/allocation

3.
TCP synwait-time

4.
TCP-keepalives-in and tcp-kepalives-out

5.
SPD configuration

6.
No ip unreachables for null 0
3. Disables the following services per interface
1.
ICMP

2.
Proxy-Arp

3.
Directed Broadcast

4.
Disables MOP service

5.
Disables icmp unreachables

6.
Disables icmp mask reply messages.
4. Provides logging for security
1.
Enables sequence numbers & timestamp

2.
Provides a console log

3.
Sets log buffered size

4.
Provides an interactive dialogue to configure the logging server ip address.

5.
Secures access to the router
1.
Checks for a banner and provides facility to add text to automatically configure:

2.
Login and password

3.
Transport input & output

4.
Exec-timeout

5.
Local AAA

6.
SSH timeout and ssh authentication-retries to minimum number

7.
Enable only SSH and SCP for access and file transfer to/from the router

8.
Disables SNMP If not being used
6. Secures the Forwarding Plane
1.
Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available

2.
Anti-spoofing

3.
Blocks all IANA reserved IP address blocks

4.
Blocks private address blocks if customer desires

5.
Installs a default route to NULL 0, if a default route is not being used

6.
Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

7.
Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

8.
Enables NetFlow on software forwarding platforms Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns336/ networking_solutions_white_paper09186a00801
QUESTION 84
Which two statements about the Firewall Services Module are true? (Choose two)
A. For traffic from high to low security levels, no access control list is needed.
B. Interfaces with the same security level cannot communicate without a translation rule.
C. Two VLAN interfaces connect MSFC and FWSM.
D. Up to 1 million simultaneous connections are possible.
E. Up to 100 separate security contexts are possible.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Firewall Service Module (FWSM) is a high performance module used in Catalyst 6500 series switches
and 7600 series routers. It is capable of 5.5GB of throughput, supporting 1 million simultaneous
connections, 100,000 connection setup and teardowns per second, and 256,000 NAT and PAT
translations. It also supports up to 100 separate security contexts (virtual firewalls) with a license upgrade.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 2, page 4-2 and 4-7.

QUESTION 85
The Certkiller network administrator is installing a new Cisco Security MARS appliance. After powering up the MARS appliance, what is a valid task?
A. Use a Category 5 crossover cable to connect the computer Ethernet port to the MARS eth0 port.
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration.
C. Set the IP address of the computer to 192.168.1.100.
D. Telnet to 192.168.1.1 using the username pnadmin and the password pnadmin.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
When installing the CS-MARS appliance and connecting to it for the first time, when the CS-MARS booted
up, connect a UTP Cat 5 crossover cable to your computer’s Etheret port and connect the other end of the
crossover cable to the CS-MARS’ Ethernet 0 (eth0) port.
Incorrect Answers:

B: To start the configuration process, you must connect another computer that is running Microsoft Internet Explorer to the appliance.
C: The default IP address of the CS-MARS device is 192.168.0.100, and it is recommended that the IP address of you computer is set to 192.168.0.101/24.
D: Although the default user name/password is indeed pnadmin/pnadmin, you should connect to 192.168.0.100, not 192.168.1.1 Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-65.
QUESTION 86
Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network?
A. Cisco Security Agent
B. Cisco Secure ACS server
C. NAC Appliance (Cisco Clean Access)
D. Cisco Traffic Anomaly Detector

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network’s security policies and repairs any vulnerabilities before permitting access to the network. When deployed, Cisco NAC Appliance provides the following benefits:
1.
Recognizes users, their devices, and their roles in the network. This first step occurs at the point of
authentication, before malicious code can cause damage.
2.
Evaluates whether machines are compliant with security policies. Security policies can include specific
antivirus or antispyware software, OS updates, or patches. Cisco NAC Appliance supports policies that
vary by user type, device type, or operating system.
3.
Enforces security policies by blocking, isolating, and repairing noncompliant machines.
Noncompliant machines are redirected into a quarantine area, where remediation occurs at the discretion
of the administrator.

QUESTION 87
What is a benefit of high-performance AIM that is included with Cisco Integrated Services Routers?
A. Hardware-accelerated packet inspection engine
B. Hardware-based encryption and compression
C. Removable secure credentials
D. Support of SRTP

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Advanced Integration Module (AIM) for the Cisco 1841 Integrated Services Router and Cisco 2800 and3800Series Integrated Services Routers optimizes the Cisco Integrated Services Router platforms for virtual private networks in both IP Security (IPSec) and Secure Sockets Layer (SSL) Web and VPN deployments. The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec VPN over the built-in IPsec encryption, and up to twice the performance for SSL Web VPN encryption. The Cisco VPN and SSL AIM supports all three of these functions in hardware: SSLencryption in hardware, VPN IPsec encryption in hardware using either Data Encryption Standard (DES) or Advanced Encryption Standard (AES), and the IP Payload Compression Protocol (IPPCP) in hardware. Reference: http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd804ff58a.html
QUESTION 88
In the context of Cisco NAC, what is a network access device?
A. A workstation without Cisco Trust Agent
B. A Cisco IOS router
C. An AAA server
D. A laptop with Cisco Trust Agent installed

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
In NAC, network devices that can or will enforce admission control policy include routers, switches,
wireless access points, wireless LAN controllers, and security appliances. These devices demand host
credentials and relay this information to policy servers, where network admission control decisions are
made. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 1-11 and 1-13.

QUESTION 89
How does Cisco CSA protect endpoints?
A. It uses signatures to detect and stop attacks
B. It uses deep-packet application inspections to control application misuse and abuse
C. It uses file system, network, registry, and execution space interceptors to stop malicious activity
D. It works in conjunction with antivirus software to lock down the OS
E. It works at the application layer to provide buffer overflow protection

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The technology used to control the host is the CSA INCORE (Interceptor Correlate Rules Engine)
technology which supports four interceptors:
File System- All file read or write requests are intercepted and checked against a defined set of rules.
Network- Packet events at the driver (NDIS) or transport (TDI) level Configuration – Read or write requests
to the registry on Windows or to the RC files on UNIX.
Execution space – Deals with maintaining the integrity of each application’s dynamic run-time environment.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 4-3

QUESTION 90
Which two should be included in an analysis of a Security Posture Assessment? (Choose two) A. A detailed action plan
B. An identification of bottlenecks inside the network
C. An identification of critical deficiencies
D. A recommendations based on security best practice
E. A service offer

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: As the first step in planning network security, it is required to make an evaluation of the organization’s network security posture. The Security Posture Assessment provides a snapshot of the security state of the network by conducting a thorough assessment of the network devices, servers, databases, and desktops. Analyze the effectiveness of the network security in reference to recognized industry best practices, allowing identifying the relative strengths and weaknesses of the environment and documenting specific vulnerabilities that could threaten the business. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-29
QUESTION 91
Refer to the exhibit. Network security is a continuous process that is built around which element? Exhibit:

A. Business requirements
B. Corporate security policy
C. Customer needs
D. Security best practice

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Network security is a continuous process built around a security policy. The diagram above is found in the
reference link below, with the words “Security Policy” found in the blank box.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-24

QUESTION 92
DRAG DROP You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about Cisco IOS Adaptive Threat Defense. You try to explain by matching the features with the appropriate functions.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 93

DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about rule types.
You try to explain by matching the features with the appropriate functions.
Use each rule type once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 94

What are two functions of Cisco Security Agent? (Choose two)
A. Authentication
B. Control of executable content
C. Resource protection
D. Spam filtering
E. User tracking

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
The functions of the CSA are system hardening, resource protection, control of executable content,
application control, and detection. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 4, page 4-3.

QUESTION 95
The Certkiller network is undergoing a Security Posture Assessment. In which two ways can a Security Posture Assessment help organizations to understand network threats and risk? (Choose two)
A. By coaching system administrators
B. By identifying bottlenecks
C. By identifying vulnerable systems
D. By recommending areas to improve
E. By recommending new products

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: A Security Posture Assessment is designed to identify vulnerabilities that allow outside, untrusted networks to gain access to internal, trusted networks and systems, and recommend solutions for improvement. With a Security Posture Assessment, your organization can: ? Reduce the risk of intentional or accidental access to IT assets and information ? Identify security vulnerabilities in your network infrastructure ? Develop a prioritized list of steps required to fix identified vulnerabilities ? Improve compliance with federal and state regulations that require security assessments ? Reduce the time and resources trying to stay current with new and emerging vulnerabilities ? Validate current security policies and practices against industry best practices and verifying areas that require security budget or staffing
QUESTION 96
Self-Defending Network is the Cisco vision for security systems. What is the purpose of the Cisco Secure ACS server?
A. Anomaly detection
B. Identity management
C. Secure connectivity
D. Security management

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure Access Control Server (ACS) provides a centralized identity networking solution and
simplified user management experience across all Cisco devices and security management applications.
Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to
control:

1.
Who can log into the network

2.
The privileges each user has in the network

3.
Recorded security audit or account billing information

4.
Access and command controls that are enabled for each configuration’s administrator
QUESTION 97
Which two are valid arguments that you can use to convince a business decision maker of the need for network security? (Choose two)
A. A high-performance firewall is the only device that is needed to protect businesses.
B. Cisco products can provide end-to-end network protection against current and emerging threats.
C. The network should be secured at any expense.
D. Network security products are complex to manage and that makes them hard to penetrate.
E. Organizations that operate vulnerable networks face increasing liability.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: Organizations today face an increasing amount of security legislation that require companies to protect their date, including CFAA (Computer Fraud and Abuse Act) HIPAA (Health Insurance Portability and Accountability Act), and GLBA (The Gramm-Leach-Bliley Act) just to name a few. This legislation means an increased amount of liability and accountability for network security. The Cisco Self Defending Network suite of solutions can be used to provide end to end network security. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-3
QUESTION 98
What is the main reason for customers to implement the Cisco Detector and Guard solution?
A. As a replacement for IPS sensors
B. As a DDoS protection system
C. As a complete appliance-based NAC solution
D. As a replacement for firewalls

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Distributed Denial of Service (DDoS) attacks are attacks in which malicious individuals cause thousands of compromised computers (“zombies”) to run automated scripts that cripple a protected server’s (the zone) network resources with spurious requests for service. The attacks can be, for example, a flood of bogus home page requests to a web server that shuts out legitimate consumers, or efforts that compromise the availability and accuracy of Domain Name System (DNS) servers. Although often launched by an individual, the zombies actually executing the attacking code may number in the hundreds of thousands, and are distributed over multiple autonomous systems, administered by multiple organizations. These distributed attacks generate a volume of traffic that cannot be handled by the lower bandwidths available at a typical zone, including the largest corporations. The Cisco Traffic Anomaly Detector Module (Detector module) is a Cisco IOS application module that you can install in the Catalyst 6500 series switch. It is a denial-of-service (DoS) detection product. It receives a copy of the traffic on the switch, analyzes that traffic, and sends out an alert when a DoS attack is detected.The Detector can detect attacks and activate protection mechanisms. It is best suited to work alongside with the Cisco Guard but it can also operate as a separate DDoS detection and alarm component. The Detector gets a copy of the traffic either by using the port mirroring feature (such as SPAN) of a switch, or by means of splitting. Then it constantly monitors the traffic, and closely remains tuned to zone traffic characteristics for evolving attack patterns. The Detector module can also activate a configured Cisco Anomaly Guard Module to mitigate these attacks. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ products_module_configuration_guide_chapter0918
QUESTION 99
Which two statements are true about symmetric key encryption? (Choose two)
A. It uses secret-key cryptography.
B. Encryption and decryption use different keys.
C. It is typically used to encrypt the content of a message.
D. RSA is an example of symmetric key encryption
E. The key exchange can take place via a nonsecure channel.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this with public-key cryptology, which utilizes two keys
-a public key to encrypt messages and a private key to decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must
somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public
key can be distributed in a non-secure way, and the private key is never transmitted.
Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular symmetric-
key system is the Data Encryption Standard (DES).

QUESTION 100
What allows Cisco Security Agent to block malicious behavior before damage can occur?
A. Correlation of network traffic with signatures
B. Interception of operating system calls
C. Scan of downloaded files for malicious code
D. User query and response

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal impact to the stability and performance of the underlying operating system. The software’s unique architecture intercepts all operating system calls to file, network, and registry sources, as well as to dynamic run-time resources such as memory pages, shared library modules, and COM objects. The agent applies unique intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications. This correlation and subsequent understanding of an application’s behavior is what allows the software-as directed by the security staff-to prevent new intrusions. Because the Cisco Security Agent intercepts system calls at the operating system level, there is no need to replace any system programs. Reference: www.cisco.com/en/US/products/sw/secursw/ps5057/products_data_sheet0900aecd80440398.html

Looking to become a certified Adobe professional? Would you like to reduce or minimize your Cisco 642-565 certification cost? Do you want to pass all of the Microsoft certification? If you answered YES, then look no further. Flydumps.com offers you the best Cisco 642-565 exam certification test questions which cover all core topics and certification requirements.

Pass4itsure 312-76 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/312-76.html

Cisco 642-565 Exam Test Questions, Best Quality Cisco 642-565 Preparation Materials Online Shop

Cisco 642-565 Answers, Latest Upload Cisco 642-565 Certification Material Are The Best Materials

Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 642-565 exam.Successful candidates have provided their reviews about our guaranteed Cisco 642-565 preparation material,you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.

QUESTION 45
In reconnaissance attacks, which two attack methods are typically used? (Choose two.)
A. Operating system and application fingerprinting
B. Buffer overflows
C. TCP/UDP port scanning and sweeping
D. APR spoofing

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which functions can be provided by Cisco SSL VPN solution by use of the Cisco Secure Desktop? (Select All that apply.)
A. Secure Vault
B. Cache Cleaner
C. Pre-login assessment
D. Advanced Endpoint Assessment

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Which description is true about the hybrid user authentication model for remote-access IPSec VPNs?
A. VPN Servers and users authenticate by using digital certificates
B. VPN servers authenticate by using digital certificates and users authenticate by using pre-shared keys
C. VPN Servers and users authenticate by using pre-shared keys
D. VPN servers authenticate by using digital certificates and users authenticate by using usernames and passwords

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two of the following settings can be monitored by the Cisco Security Agent (release 5.2 and later) to control user’s wireless access? (Choose two.)
A. Antivirus Version
B. Protection types such as WEP, TKIP
C. Wireless card type (802.11a,b or g)
D. SSIDs

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
What should be taken into consideration while performing Cisco NAC Appliance design? Select all that apply.
A. edge deployment versus central deployment
B. in-band versus out-of-band
C. Real-IP Gateway versus virtual gateway
D. Layer 2 versus Layer 3
E. None of the other alternatives apply.

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 50
You are the network consultant from Your company. Please point out two technologies address ISO 17799 requirements to detecting, preventing and responding to attacks and intrusions.
A. Cisco Security Agent
B. 802.1X
C. Cisco Security MARS
D. Cisco Secure Access Control Server

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
In today’s typical single-tier firewall system, which three security components can be found? (Choose three.)
A. Network Admission Control
B. IPS
C. Stateful Packet filtering with Application Inspection and Control
D. Application Proxy

Correct Answer: BCD Section: (none) Explanation Explanation/Reference:
QUESTION 52
Before damage can occur to the network, Cisco Security Agent block malicious behavior through
A. Firewall
B. Interception of operation system calls
C. User query and response
D. Third-party Anti-virus software

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Cisco IOS Control Plane Protection is able to be used to protect traffic to which three router control plane subinterfaces? (Choose three.)
A. transit
B. cpu
C. host
D. CEF-exception

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which item will be performed on Cisco IP Phones so that they can authenticate it before obtaining network access?
A. Cisco Security Agent
B. One-time Password
C. IEEE 802.1X Supplicant
D. AAA Client

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Can you tell me which authentication protocol can provide single sign-on (SSO) services?
A. EAP
B. TACACS+
C. RADIUS
D. Kerberos

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Why GET VPN is not deployed over the public Internet?
A. Because the GET VPN group members use multicast to register with the key servers
B. Because the GET VPN key servers and group members to requires a secure path to exchange the Key Encryption Key (KEK) and the traffic Encryption Key (TEK)
C. Because the GET VPN uses IPSec transport mode, which would expose the IP Addresses to the public if using the Internet
D. Because the GET VPN preserves the original source and destination IP addresses, which may be private addresses that are not routable over the Internet

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash), What is the objective of the Cisco IOS resilient configuration?
A. Improve the speed of Cisco IOS image or configuration recovery process
B. Allow a compromise of the router
C. Enable primary and backup operations of two Cisco IOS routers
D. Enable redundant Cisco IOS images for fault tolerance router operations

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
While implementing a proxy component within a firewall system, which method will be used?
A. In-band or out-of-band
B. Layer 2 or Layer 3
C. Transparent or non-transparent
D. Routed or bridged

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 59
The Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. What is not the advantage of Cisco Security MARS?
A. Contains scalable, distributed event and analysis architecture
B. Is network topologyaware
C. Performs automatic Mitigation on Layer 2 devices
D. Provides rapid profile-based provisioning capabilities

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Adaptive Threat Defense or ATD encompasses three areas: Anti-X defense, application security and network control and containment. Identify three components of the anit-X defense pillar.
A. URL filtering
B. Application-level role-based access control
C. Distributed denial of service mitigation
D. Anomaly detection

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Refer to the following EAP authentication methods, which one needs both a client and a server digital certificate?
A. EAP-FAST
B. PEAP-GTC
C. EAP-TLS
D. EAP-MS-CHAP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrator to authenticate, authorize, evaluate and remediate wired, wireless and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops and other corporate assets are compliant with a network’s security policies and it repairs any vulnerabilities before permitting access to the network. Which two of these statements describe features of the NAC Appliance Architecture? (Choose two.)
A. NAC Appliance Client evaluates the endpoint security information
B. NAC Appliance Manager acts as an authentication proxy for external authentication servers
C. NAC Appliance Server acts as an authentication proxy for internal user authentication
D. NAC Appliance Manager determines the appropriate access policy

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Refer to the following Cisco products, which two are best positioned for data loss prevention? (Choose two.)
A. Cisco Security Agent 6.0
B. Cisco IPS 6.0
C. Cisco NAC Appliance
D. CiscoIronPort C-Series Appliances

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 64
_______________ is a valid method to verify a network security designing?
A. Network Audit
B. Computer Simulation
C. Pilot or prototype network
D. Network Security

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrator to authenticate, authorize, evaluate and remediate wired, wireless and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops and other corporate assets are compliant with a network’s security policies and it repairs any vulnerabilities before permitting access to the network. In which way do components of the NAC Appliance architecture communicate?
A. Sending check-up instructions to the NAC Appliance Server
B. Sending remediation instructions to the NAC Appliance Agent
C. Sending procedure instructions to the NAC Appliance Server
D. Sending sends block instructions to the NAC Appliance Agent

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 66
You are the network engineer at Your company. Which component should not be included in a security policy?
A. Identification and authentication policy
B. Incident handling procedure
C. Security best practice
D. Statement of authority and scope

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
While using the Gateway Load Balancing Protocol to enable high-availability Cisco IOS Firewalls, what should be configured to maintain symmetric flow of traffic?
A. Static Routing
B. CEF
C. Dynamic Routing
D. Network Address Translation (NAT)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 68
You are the network engineer at Your company. Please point out two components included in a detailed design document for a security solution.
A. Proof of Concept
B. IDS
C. Existing Network Infrastructure
D. WEP

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 69
IPS platform ________ can operate in inline mode only.
A. Cisco IOS IPS
B. Cisco IPS 4200 Series Sensor
C. IDSM-2
D. Cisco ASA AIP SSM
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 70
You are the network consultant from Your company. Please point out two keys features of the collaborative security approach.
A. Network Admission Control
B. Automated event and action filters
C. Coordinated defense of potential entry points
D. Integration of security features in network equipment

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

CCNA Cisco 642-565 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 642-565.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 642-565 to the text and laying out a complete study plan for review.CCNA Cisco 642-565 also includes a wealth of hands-on practice exercises and a copy of the Cisco 642-565 network simulation software that allows you to practice your CCNA Cisco 642-565 hands-on skills in a virtual lab environment.The Cisco 642-565 supporting website keeps you fully informed of any exam changes

Cisco 642-565 Questions And Answers, 100% Pass Guarantee Cisco 642-565 Exam Download Online Store

You can pass Cisco 642-565 exam if you get a complete hold of  Cisco 642-565 dumps. What’s more, all the Cisco 642-565 Certification exams Q and A provided by Flydumps is the latest.

QUESTION 50
Which two technologies mitigate the threat of a SYN flood attack? (Choose two.)
A. Cisco IOS IPS
B. MARS flood automitigation
C. ASA TCP Intercept
D. ASA enhanced application inspection
E. NAC Appliance security posture validation
F. Cisco IOS FPM

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which statement is true about the Cisco Security MARS Global Controller?
A. The Global Controller receives detailed incidents information from the Local Controllers, and correlates the incidents between multiple Local Controllers.
B. The Global Controller centrally manages a group of Local Controllers.
C. Rules that are created on a Local Controller can be pushed to the Global Controller.
D. Most data archiving is done by the Global Controller.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which two technologies can prevent the Slammer worm from compromising a host? (Choose two.)
A. Cisco IOS IPS
B. ASA stateful firewall
C. ASA enhanced application inspection
D. NAC Appliance security posture validation
E. Cisco IOS FPM
F. Cisco Trust Agent

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 54
Which two statements are true about symmetric key encryption? (Choose two.)
A. It uses secret-key cryptography.
B. Encryption and decryption use different keys.
C. It is typically used to encrypt the content of a message.
D. RSA is an example of symmetric key encryption
E. The key exchange can take place via a nonsecure channel.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which of these protections is a benefit of HMAC?
A. protection against DoS attacks
B. protection against brute-force attacks
C. protection against man-in-the-middle attacks
D. protection from the avalanche effect

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 56
Which two are main security drivers? (Choose two.)
A. business needs
B. compliance with company policy
C. increased productivity
D. optimal network operation
E. security legislation

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 58
Which two of these statements describe features of the NAC Appliance architecture? (Choose two.)
A. The standard NAC Appliance Manager can manage up to 40 NAC Appliance Servers failover pairs.
B. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band).
C. The NAC Appliance Agent is bundled with the NAC Appliance Server software.
D. NAC Appliance high availability uses VRRP.
E. NAC Appliance Agent has the auto-upgrade feature.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference: QUESTION 59
What are the two main reasons for customers to implement Cisco Clean Access? (Choose two.)
A. enforcement of security policies by making compliance a condition of access
B. focus on validated incidents, not investigating isolated events
C. integrated network intelligence for superior event aggregation, reduction, and correlation
D. provision of secure remote access
E. significant cost savings by automating the process of repairing and updating user machines
F. implementation of NAC phase 1

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance?
A. to discover and display the full topology
B. to import the device configuration
C. to pull the log information from devices
D. to reconfigure managed devices

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which two of these characteristics apply to promiscuous IPS operation? (Choose two.)
A. typically used with SPAN on the switches
B. impacts connectivity in case of failure or overload
C. invisible to the attacker
D. increases latency
E. can use stream normalization techniques
F. less vulnerable to evasion techniques than inline mode

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 62
What is the security issue in classic packet filtering of active FTP sessions?
A. The control session cannot be adequately filtered.
B. Allowing control sessions to the client opens up all the high ports on the client.
C. The established keyword cannot be used for control or data sessions.
D. Allowing data sessions to the client opens up all the high ports on the client.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Which three of these features are key elements of the Adaptive Threat Defense? (Choose three.)
A. multilayer intelligence
B. blend of IP and security technologies
C. ability of a network to identify, prevent, and adapt to security threats
D. active management and mitigation
E. dynamic adjustment of risk ratings
F. feature consistency

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:

This volume is part of the Exam Certification Guide Series from Cisco 642-565. Cisco 642-565 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-565 Certification candidates identify weaknesses,concentrate their study efforts,and enhance their confidence as Cisco 642-565 exam day nears.

Cisco 642-565 Exam Demo, Provide New Cisco 642-565 Exam Download 100% Pass With A High Score

Flydumps presents the highest quality of Cisco 642-565 practice material which helps candidates to pass the Cisco 642-565 exams in the first attempt.The dumps are the latest, authenticated by expert and covering each and every aspect of Cisco 642-565 exam.

QUESTION 68
Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. Cisco IOS IPS signatures have a minimal impact on router memory
B. Cisco IOS IPS offers a wider signature coverage than the IDSM-2 module
C. All Cisco IOS IPS signatures should be enabled to maximize the coverage, except for false-positives reduction
D. Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time
Correct Answer: D Section: (none) Explanation

Explanation/Reference:
QUESTION 69
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Security state assessment
B. Network Security event correlation
C. Cisco AutoSecure
D. Enhanced Application inspection engines
E. Cisco IPS Sensors

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which two of these statements describes features of the NAC Appliance architecture? (Choose two.)
A. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band)
B. NAC Appliance Agent has the auto-upgrade feature
C. NAC Appliance High Availability uses VRRP
D. The standard NAC Appliance Manager can mange up to 40 NAC Appliance Servers failover pairs
E. The NAC Appliance Agent is bundled with the NAC Appliance Server Software

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 71
A new MARS appliance has been installed in the Certkiller network. Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance?
A. RDEP over SSL
B. SDEE over SSL
C. SSH
D. SYSLOG
E. All of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
For Cisco IPS 5.x devices, MARS pulls the logs using SDEE (Security Device Event Exchange) over SSL.
Therefore, MARS must have HTTPS access to the sensor.
Reference:
http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a008074f213.html

QUESTION 72
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about attack
methodologies. Match the technology with the appropriate description.
Use each technology once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:

Explanation: Reconnaissance Attacks Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also called information gathering. In most cases, it precedes an actual access or DoS attack. The malicious intruder typically ping-sweeps the target network first to determine what IP addresses are alive. After this is accomplished, the intruder determines what services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the application type and version as well as the type and version of the operating system running on the target host. Reconnaissance is somewhat analogous to a thief scoping out a neighborhood for vulnerable homes he can break into, such as an unoccupied residence, an easy-to-open door or window, and so on. In many cases, an intruder goes as far as “rattling the door handle”-not to go in immediately if it is open, but to discover vulnerable services he can exploit later when there is less likelihood that anyone is looking. Access Attacks Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privilege escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Sometimes this is as easy as finding shared folders in Windows 9x or NT, or NFS exported directories in UNIX systems with read or read-write access to everyone. The intruder has no problem getting to the files. More often than not, the easily accessible information is highly confidential and completely unprotected from prying eyes, especially if the attacker is already an internal user. System access is an intruder’s ability to gain access to a machine that he is not allowed access to (such as when the intruder does not have an account or password). Entering or accessing systems that you don’t have access to usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked. Another form of access attacks involves privilege escalation. This is done by legitimate users who have a lower level of access privileges or intruders who have gained lower-privileged access. The intent is to get information or execute procedures that are unauthorized at the user’s current level of access. In many cases this involves gaining root access in a UNIX system to install a sniffer to record network traffic, such as usernames and passwords that can be used to access another target. In some cases, intruders only want to gain access, not steal information-especially when the motive is intellectual challenge, curiosity, or ignorance. DoS Attacks DoS is when an attacker disables or corrupts networks, systems, or services with the intent to deny the service to intended users. It usually involves either crashing the system or slowing it down to the point where it is unusable. But DoS can also be as simple as wiping out or corrupting information necessary for business. In most cases, performing the attack simply involves running a hack, script, or tool. The attacker does not need prior access to the target, because usually all that is required is a way to get to it. For these reasons and because of the great damaging potential, DoS attacks are the most feared-especially by e-commerce website operators.
QUESTION 73
Which Cisco management product provides a Security Audit wizard?
A. Cisco Security Auditor
B. CiscoWorks VPN/Security Management Solution
C. Cisco Adaptive Security Device Manager
D. Cisco Router and Security Device Manager
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
In the Cisco Router and Security Device Manager, the Security Audit is a feature that examines your
existing router configurations and then updates your router in order to make your router and network more
secure. Security Audit is based on the Cisco IOS AutoSecure feature; it performs checks on and assists in
configuration of almost all of the AutoSecure functions.
Security Audit operates in one of two modes-the Security Audit wizard, which lets you choose which
potential security-related configuration changes to implement on your router, and One-Step Lockdown,
which automatically makes all recommended security-related configuration changes.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps5318/
products_user_guide_chapter09186a0080656061.ht m

QUESTION 74
A new MARS appliance has been installed in the Certkiller network. Which three features of Cisco Security MARS provide for identity and mitigation of threats? (Choose three)
A. Determines security incidents based on device messages, events, and sessions
B. Provides incident analysis that is topologically aware for visualization and replay
C. Integrates with Trend Micro to clean infected hosts
D. Performs mitigation on Layer 2 ports and at Layer 3 choke points
E. Provides a security solution for preventing DDoS attacks
F. Pushes signatures to Cisco IPS to keep viruses from entering the network

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco Security MARS obtains network intelligence by understanding the topology and device configurations from routers, switches, and firewalls, and by profiling network traffic. The system’s integrated network discovery function builds a topology map containing device configuration and current security policies, which enables it to model packet flows through your network. Since the appliance does not operate inline and makes minimal use of existing software agents, there is little impact on network or system performance. The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow). Cisco Security MARS transforms raw network and security data into intelligence that can be used to subvert valid security incidents and maintain compliance. This easy-to-use family of threat mitigation appliances enables operators to centralize, detect, mitigate, and report on priority threats using the network and security devices already deployed in your infrastructure. The threat mitigation features of MARS can be used to isolate and prevent problems from spreading in the network by stopping them key layer 2 and layer 3 network points.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-1 through 4-14.

Cisco 642-565 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-565 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-565 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-565 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.

100% Pass VCE Dumps–Cisco 642-565 New Version With Free VCE And PDF Download

100% Valid And Pass With latest Cisco 642-565 exam dumps, you will never fail your Cisco 642-565 exam. All the questions and answers are updated and added to the new version timely by our experts. Also now Flydumps is offering free Cisco 642-565 exam VCE player and PDF files for free on their website.

Exam A
QUESTION 1
You are the network consultant from Your company. Please point out two requirements that call for the deployment of 802.1X.
A. Authenticate users on switch or wireless ports
B. Grant or Deny network access at the port level, based on configured authorization policies
C. Allow network access during thequeit period
D. Verify security posture using TACAS+
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Open Shortest Path First (OSPF) is a dynamic routing protocol for use in Internet Protocol (IP) networks. An OSPF router on the network is running at an abnormally high CPU rate. By use of different OSPF debug commands on Router, the network administrator determines that router is receiving many OSPF link state packets from an unknown OSPF neighbor, thus forcing many OSPF path recalculations and affecting router’s CPU usage. Which OSPF configuration should the administrator enable to prevent this kind of attack on the Router?
A. Multi-Area OSPF
B. OSPF stub Area
C. OSPF MD5 Authentication
D. OSPF not-so-stubby Area
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which one of the following Cisco Security Management products is able to perform (syslog) events normalization?
A. Cisco IME
B. Cisco Security Manager
C. Cisco ASDM
D. Cisco Security MARS
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Can you tell me which one of the following platforms has the highest IPSec throughput and can support the highest number of tunnels?
A. Cisco 6500/7600 + VPN SPA
B. Cisco ASR 1000-5G
C. Cisco 7200 NPE-GE+VSA
D. Cisco 7200 NPE-GE+VAM2+
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two methods can be used to perform IPSec peer authentication? (Choose two.)
A. One-time Password
B. AAA
C. Pre-shared key
D. Digital Certificate
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Cisco Security Agent is the first endpoint security solution that combines zero-update attack protection, data loss prevention, and signature-based antivirus in a single agent. This unique blend of capabilities defends servers and desktops against sophisticated day-zero attacks and enforces acceptable-use and compliance policies within a simple management infrastructure. What are three functions of CSA in helping to secure customer environments?
A. Control of executable content
B. Identification of vulnerabilities
C. Application Control
D. System hardening
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Cisco Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements. Which three of these items are features of the Cisco Secure Access Control Server?
A. NDS
B. RSA Certificates
C. LDAP
D. Kerberos
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: QUESTION 8
Observe the following protocols carefully, which one is used to allow the utilization of Cisco Wide Area Application Engines or Cisco IronPort S-Series web security appliances to localize web traffic patterns I the network and to enable the local fulfillment of content requests?
A. TLS
B. DTLS
C. WCCP
D. HTTPS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which one is not the factor can affect the risk rating of an IPS alert?
A. Relevance
B. Attacker location
C. Event severity
D. Signature fidelity
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
For the following items, which two are differences between symmetric and asymmetric encryption algorithms? (Choose two.)
A. Asymmetric encryption is slower than symmetric encryption
B. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk encryption
C. Symmetric encryption is used in digital signatures and asymmetric encryption is used in HMACs
D. Asymmetric encryption requires a much larger key size to achieve the same level of protection as asymmetric encryption
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Deploying the NAC appliance in in-band mode is better than out-of-band mode. Why?
A. Nessus scanning
B. Higher number of users per NAC Appliance
C. Bandwidth enforcement policy
D. NAC Appliance Agent deployment
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 12
IPSec-based site-to-site VPNs is better than traditional WAN networks what?
A. Delay guarantees, span, performance, security and low cost
B. Bandwidth guarantees, support for non-IP protocols, scalability and modular design guidelines
C. Bandwidth guarantees, flexibility, security and low cost
D. Span, flexibility, security and low cost
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which VPN technology can not be used over the internet?
A. VTI
B. GRE overIPsec
C. IPsec direct encapsulation
D. GET VPN
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
DRAG AND DROP
Match each IKE component to its supported option:

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 15
DRAG AND DROP
Which item is correct about the relationship between the VPN types and their descriptions?

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 16
DRAG AND DROP Select the best security control to minimize the WAN security threats. Not all the security controls are required.
Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which is the primary benefit that DTLS offers over TLS?
A. Both the application and TLS can retransmit loss packets
B. Improves security
C. Provides low latency for real-time applications
D. Uses TCP instead of UDP to provide a reliable Transport mechanism

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 18
DRAG DROP
Which option is correct about the relationship between the terms and their description?

Select and Place:

Correct Answer:

Section: (none) Explanation

Explanation/Reference:
QUESTION 19
Cisco AutoSecure is a new Cisco IOS Security Command Line Interface (CLI) command, which two are statements are true regarding the Cisco AutoSecure? (Choose two.)
A. Enabletcp-keeplive-in and tcp-keepalives-out
B. Disabletcp-keeplives-in and tcp-keepalives-out
C. Enables log messages to include sequence numbers and time stamps
D. Blocks all IANA-reserved IP address blocks

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Exhibit:

In order to support IPSec VPN, which three traffic types should ACL1 permit on the firewall in front of the IPSec VPN gateway? (Choose three.)
A. IP Protocol 50
B. UDP port 4500
C. UDP Port 10000
D. UDP Port 5000

Correct Answer: ABD Section: (none)
Explanation
Explanation/Reference:

Cisco 642-565 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-565 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-565 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-565 exercises help you think about exam objectives in real-world situations, thus increasing recall during exam time.

Free Flydumps Cisco 642-565 Exam VCE And PDF With All New Exam Questions

Passed Cisco 642-565 yesterday on first attempt only using the Exampass premium vce and one corrected answers. Thanks a lot for your valuable update reagding premium dump.It will definitely help me for preparing for the exam before to write.

Exam A QUESTION 1
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 2
SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information. They are planning to use RSA to ensure data privacy, integrity, and origin authentication. Which two of these statements describe features of the RSA keys? (Choose two.)
A. The public key only encrypts.
B. The public key only decrypts.
C. The public key both encrypts and decrypts.
D. The private key only encrypts.
E. The private key only decrypts.
F. The private key both encrypts and decrypts.

Correct Answer: CF Section: (none) Explanation
Explanation/Reference:

QUESTION 3
What are two functions of Cisco Security Agent? (Choose two.)
A. authentication
B. control of executable content
C. resource protection
D. spam filtering
E. user tracking
Correct Answer: BC Section: (none) Explanation

Explanation/Reference:
QUESTION 4
Which three policy types can be assigned to a network user role in the Cisco NAC Appliance architecture? (Choose three.)
A. allowed IP address ranges
B. session duration
C. minimum password length
D. VPN and roaming policies
E. inactivity period
F. network port scanning plug-ins

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which of these items is a valid method to verify a network security design?
A. network audit
B. sign-off by the operations team
C. computer simulation
D. analysis of earlier attacks
E. pilot or prototype network

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Drop

A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 7
Which two components should be included in a detailed design document for a security solution? (Choose two.)
A. data source
B. existing network infrastructure
C. organizational chart
D. proof of concept
E. traffic growth forecast
F. weak-link description

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 8
What are three functions of CSA in helping to secure customer environments? (Choose three.)
A. application control
B. control of executable content
C. identification of vulnerabilities
D. probing of systems for compliance
E. real-time analysis of network traffic
F. system hardening

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which two of these features are key elements of the collaborative security approach? (Choose two.)
A. integration of security features in network equipment
B. Network Admission Control
C. coordinated defense of potential entry points
D. automated event and action filters
E. network behavioral analysis
F. device chaining
Correct Answer: BC Section: (none) Explanation

Explanation/Reference:
QUESTION 10
Which two of these statements describe features of the NAC Appliance architecture. (Choose two.)
A. NAC Appliance Server evaluates the endpoint security information.
B. NAC Appliance Manager determines the appropriate access policy.
C. NAC Appliance Client acts as an authentication proxy for internal user authentication.
D. NAC Appliance Manager acts as an authentication proxy for external authentication servers.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which three technologies address ISO 17799 requirements for unauthorized access prevention? (Choose three.)
A. Cisco Secure Access Control Server
B. SSL VPN
C. 802.1X
D. Network Admission Control
E. Cisco Security MARS
F. intrusion prevention system

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which certificates are needed for a device to join a certificate-authenticated network?
A. the certificates of the certificate authority and the device
B. the certificates of the device and its peer
C. the certificates of the certificate authority and the peer
D. the certificates of the certificate authority, the device, and the peer

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 13
What allows Cisco Security Agent to block malicious behavior before damage can occur?
A. correlation of network traffic with signatures
B. interception of operating system calls
C. scan of downloaded files for malicious code D. user query and response

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 14
What are three advantages of Cisco Security MARS? (Choose three.)
A. performs automatic mitigation on Layer 2 devices
B. ensures that the user device is not vulnerable
C. fixes vulnerable and infected devices automatically
D. provides rapid profile-based provisioning capabilities
E. is network topology aware
F. contains scalable, distributed event analysis architecture

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which encryption protocol is suitable for an enterprise with standard security requirements?
A. MD5
B. 768-bit RSA encryption
C. AES-128
D. DES
E. SHA-256

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve containment and control? (Choose two.)
A. by enabling businesses to create secure connections
B. by preventing unauthorized network access
C. by probing end systems for compliance
D. by tracking the state of all network communications
E. by performing traffic anomaly detection

Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 17
Which three of these security products complement each other to achieve a secure e-banking solution? (Choose three.)
A. Cisco IOS DMVPN
B. Cisco Intrusion Prevention System
C. CCA Agent
D. Cisco Adaptive Security Appliance
E. Cisco Security Agent
F. Cisco Trust Agent

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which IPS feature models worm behavior and correlates the specific time between events, network behavior, and multiple exploit behavior to more accurately identify and stop worms?
A. Risk Rating
B. Meta Event Generator
C. Security Device Event Exchange support
D. traffic normalization

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.)
A. IP address
B. registry keys
C. presence of Cisco Trust Agent
D. presence of Cisco Security Agent
E. Microsoft hotfixes

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which of these items is a feature of a system-level approach to security management?
A. single-element management
B. responsibility sharing
C. multiple cross-vendor management platforms
D. high availability
E. complex operations

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

This volume is part of the Exam Certification Guide Series from Cisco 642-565.Cisco 642-565 in this series provide officially developed exam preparation materials that offer assessment, review, and practice to help Cisco 642-565 Certification candidates identify weaknesses, concentrate their study efforts, and enhance their confidence as Cisco 642-565 exam day nears.