Flydumps presents the highest quality of Cisco 642-565 practice material which helps candidates to pass the Cisco 642-565 exams in the first attempt.The dumps are the latest, authenticated by expert and covering each and every aspect of Cisco 642-565 exam.
Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. Cisco IOS IPS signatures have a minimal impact on router memory
B. Cisco IOS IPS offers a wider signature coverage than the IDSM-2 module
C. All Cisco IOS IPS signatures should be enabled to maximize the coverage, except for false-positives reduction
D. Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time
Correct Answer: D Section: (none) Explanation
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Security state assessment
B. Network Security event correlation
C. Cisco AutoSecure
D. Enhanced Application inspection engines
E. Cisco IPS Sensors
Correct Answer: DE Section: (none) Explanation
Which two of these statements describes features of the NAC Appliance architecture? (Choose two.)
A. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band)
B. NAC Appliance Agent has the auto-upgrade feature
C. NAC Appliance High Availability uses VRRP
D. The standard NAC Appliance Manager can mange up to 40 NAC Appliance Servers failover pairs
E. The NAC Appliance Agent is bundled with the NAC Appliance Server Software
Correct Answer: AB Section: (none) Explanation
A new MARS appliance has been installed in the Certkiller network. Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance?
A. RDEP over SSL
B. SDEE over SSL
E. All of the above
Correct Answer: B Section: (none) Explanation
For Cisco IPS 5.x devices, MARS pulls the logs using SDEE (Security Device Event Exchange) over SSL.
Therefore, MARS must have HTTPS access to the sensor.
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about attack
methodologies. Match the technology with the appropriate description.
Use each technology once and only once.
Correct Answer: Section: (none) Explanation
Explanation: Reconnaissance Attacks Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also called information gathering. In most cases, it precedes an actual access or DoS attack. The malicious intruder typically ping-sweeps the target network first to determine what IP addresses are alive. After this is accomplished, the intruder determines what services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the application type and version as well as the type and version of the operating system running on the target host. Reconnaissance is somewhat analogous to a thief scoping out a neighborhood for vulnerable homes he can break into, such as an unoccupied residence, an easy-to-open door or window, and so on. In many cases, an intruder goes as far as “rattling the door handle”-not to go in immediately if it is open, but to discover vulnerable services he can exploit later when there is less likelihood that anyone is looking. Access Attacks Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privilege escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Sometimes this is as easy as finding shared folders in Windows 9x or NT, or NFS exported directories in UNIX systems with read or read-write access to everyone. The intruder has no problem getting to the files. More often than not, the easily accessible information is highly confidential and completely unprotected from prying eyes, especially if the attacker is already an internal user. System access is an intruder’s ability to gain access to a machine that he is not allowed access to (such as when the intruder does not have an account or password). Entering or accessing systems that you don’t have access to usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked. Another form of access attacks involves privilege escalation. This is done by legitimate users who have a lower level of access privileges or intruders who have gained lower-privileged access. The intent is to get information or execute procedures that are unauthorized at the user’s current level of access. In many cases this involves gaining root access in a UNIX system to install a sniffer to record network traffic, such as usernames and passwords that can be used to access another target. In some cases, intruders only want to gain access, not steal information-especially when the motive is intellectual challenge, curiosity, or ignorance. DoS Attacks DoS is when an attacker disables or corrupts networks, systems, or services with the intent to deny the service to intended users. It usually involves either crashing the system or slowing it down to the point where it is unusable. But DoS can also be as simple as wiping out or corrupting information necessary for business. In most cases, performing the attack simply involves running a hack, script, or tool. The attacker does not need prior access to the target, because usually all that is required is a way to get to it. For these reasons and because of the great damaging potential, DoS attacks are the most feared-especially by e-commerce website operators.
Which Cisco management product provides a Security Audit wizard?
A. Cisco Security Auditor
B. CiscoWorks VPN/Security Management Solution
C. Cisco Adaptive Security Device Manager
D. Cisco Router and Security Device Manager
E. None of the above
Correct Answer: D Section: (none) Explanation
In the Cisco Router and Security Device Manager, the Security Audit is a feature that examines your
existing router configurations and then updates your router in order to make your router and network more
secure. Security Audit is based on the Cisco IOS AutoSecure feature; it performs checks on and assists in
configuration of almost all of the AutoSecure functions.
Security Audit operates in one of two modes-the Security Audit wizard, which lets you choose which
potential security-related configuration changes to implement on your router, and One-Step Lockdown,
which automatically makes all recommended security-related configuration changes.
A new MARS appliance has been installed in the Certkiller network. Which three features of Cisco Security MARS provide for identity and mitigation of threats? (Choose three)
A. Determines security incidents based on device messages, events, and sessions
B. Provides incident analysis that is topologically aware for visualization and replay
C. Integrates with Trend Micro to clean infected hosts
D. Performs mitigation on Layer 2 ports and at Layer 3 choke points
E. Provides a security solution for preventing DDoS attacks
F. Pushes signatures to Cisco IPS to keep viruses from entering the network
Correct Answer: ABD Section: (none) Explanation
Explanation: Cisco Security MARS obtains network intelligence by understanding the topology and device configurations from routers, switches, and firewalls, and by profiling network traffic. The system’s integrated network discovery function builds a topology map containing device configuration and current security policies, which enables it to model packet flows through your network. Since the appliance does not operate inline and makes minimal use of existing software agents, there is little impact on network or system performance. The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow). Cisco Security MARS transforms raw network and security data into intelligence that can be used to subvert valid security incidents and maintain compliance. This easy-to-use family of threat mitigation appliances enables operators to centralize, detect, mitigate, and report on priority threats using the network and security devices already deployed in your infrastructure. The threat mitigation features of MARS can be used to isolate and prevent problems from spreading in the network by stopping them key layer 2 and layer 3 network points.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-1 through 4-14.
Cisco 642-565 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-565 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-565 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-565 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.