Cisco 642-565 Answers, Latest Upload Cisco 642-565 Certification Material Are The Best Materials

Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 642-565 exam.Successful candidates have provided their reviews about our guaranteed Cisco 642-565 preparation material,you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.

QUESTION 45
In reconnaissance attacks, which two attack methods are typically used? (Choose two.)
A. Operating system and application fingerprinting
B. Buffer overflows
C. TCP/UDP port scanning and sweeping
D. APR spoofing

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which functions can be provided by Cisco SSL VPN solution by use of the Cisco Secure Desktop? (Select All that apply.)
A. Secure Vault
B. Cache Cleaner
C. Pre-login assessment
D. Advanced Endpoint Assessment

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Which description is true about the hybrid user authentication model for remote-access IPSec VPNs?
A. VPN Servers and users authenticate by using digital certificates
B. VPN servers authenticate by using digital certificates and users authenticate by using pre-shared keys
C. VPN Servers and users authenticate by using pre-shared keys
D. VPN servers authenticate by using digital certificates and users authenticate by using usernames and passwords

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two of the following settings can be monitored by the Cisco Security Agent (release 5.2 and later) to control user’s wireless access? (Choose two.)
A. Antivirus Version
B. Protection types such as WEP, TKIP
C. Wireless card type (802.11a,b or g)
D. SSIDs

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 49
What should be taken into consideration while performing Cisco NAC Appliance design? Select all that apply.
A. edge deployment versus central deployment
B. in-band versus out-of-band
C. Real-IP Gateway versus virtual gateway
D. Layer 2 versus Layer 3
E. None of the other alternatives apply.

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 50
You are the network consultant from Your company. Please point out two technologies address ISO 17799 requirements to detecting, preventing and responding to attacks and intrusions.
A. Cisco Security Agent
B. 802.1X
C. Cisco Security MARS
D. Cisco Secure Access Control Server

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 51
In today’s typical single-tier firewall system, which three security components can be found? (Choose three.)
A. Network Admission Control
B. IPS
C. Stateful Packet filtering with Application Inspection and Control
D. Application Proxy

Correct Answer: BCD Section: (none) Explanation Explanation/Reference:
QUESTION 52
Before damage can occur to the network, Cisco Security Agent block malicious behavior through
A. Firewall
B. Interception of operation system calls
C. User query and response
D. Third-party Anti-virus software

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Cisco IOS Control Plane Protection is able to be used to protect traffic to which three router control plane subinterfaces? (Choose three.)
A. transit
B. cpu
C. host
D. CEF-exception

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which item will be performed on Cisco IP Phones so that they can authenticate it before obtaining network access?
A. Cisco Security Agent
B. One-time Password
C. IEEE 802.1X Supplicant
D. AAA Client

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Can you tell me which authentication protocol can provide single sign-on (SSO) services?
A. EAP
B. TACACS+
C. RADIUS
D. Kerberos

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Why GET VPN is not deployed over the public Internet?
A. Because the GET VPN group members use multicast to register with the key servers
B. Because the GET VPN key servers and group members to requires a secure path to exchange the Key Encryption Key (KEK) and the traffic Encryption Key (TEK)
C. Because the GET VPN uses IPSec transport mode, which would expose the IP Addresses to the public if using the Internet
D. Because the GET VPN preserves the original source and destination IP addresses, which may be private addresses that are not routable over the Internet

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and flash), What is the objective of the Cisco IOS resilient configuration?
A. Improve the speed of Cisco IOS image or configuration recovery process
B. Allow a compromise of the router
C. Enable primary and backup operations of two Cisco IOS routers
D. Enable redundant Cisco IOS images for fault tolerance router operations

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
While implementing a proxy component within a firewall system, which method will be used?
A. In-band or out-of-band
B. Layer 2 or Layer 3
C. Transparent or non-transparent
D. Routed or bridged

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 59
The Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. What is not the advantage of Cisco Security MARS?
A. Contains scalable, distributed event and analysis architecture
B. Is network topologyaware
C. Performs automatic Mitigation on Layer 2 devices
D. Provides rapid profile-based provisioning capabilities

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Adaptive Threat Defense or ATD encompasses three areas: Anti-X defense, application security and network control and containment. Identify three components of the anit-X defense pillar.
A. URL filtering
B. Application-level role-based access control
C. Distributed denial of service mitigation
D. Anomaly detection

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Refer to the following EAP authentication methods, which one needs both a client and a server digital certificate?
A. EAP-FAST
B. PEAP-GTC
C. EAP-TLS
D. EAP-MS-CHAP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrator to authenticate, authorize, evaluate and remediate wired, wireless and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops and other corporate assets are compliant with a network’s security policies and it repairs any vulnerabilities before permitting access to the network. Which two of these statements describe features of the NAC Appliance Architecture? (Choose two.)
A. NAC Appliance Client evaluates the endpoint security information
B. NAC Appliance Manager acts as an authentication proxy for external authentication servers
C. NAC Appliance Server acts as an authentication proxy for internal user authentication
D. NAC Appliance Manager determines the appropriate access policy

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Refer to the following Cisco products, which two are best positioned for data loss prevention? (Choose two.)
A. Cisco Security Agent 6.0
B. Cisco IPS 6.0
C. Cisco NAC Appliance
D. CiscoIronPort C-Series Appliances

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 64
_______________ is a valid method to verify a network security designing?
A. Network Audit
B. Computer Simulation
C. Pilot or prototype network
D. Network Security

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that allows network administrator to authenticate, authorize, evaluate and remediate wired, wireless and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops, desktops and other corporate assets are compliant with a network’s security policies and it repairs any vulnerabilities before permitting access to the network. In which way do components of the NAC Appliance architecture communicate?
A. Sending check-up instructions to the NAC Appliance Server
B. Sending remediation instructions to the NAC Appliance Agent
C. Sending procedure instructions to the NAC Appliance Server
D. Sending sends block instructions to the NAC Appliance Agent

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 66
You are the network engineer at Your company. Which component should not be included in a security policy?
A. Identification and authentication policy
B. Incident handling procedure
C. Security best practice
D. Statement of authority and scope

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
While using the Gateway Load Balancing Protocol to enable high-availability Cisco IOS Firewalls, what should be configured to maintain symmetric flow of traffic?
A. Static Routing
B. CEF
C. Dynamic Routing
D. Network Address Translation (NAT)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 68
You are the network engineer at Your company. Please point out two components included in a detailed design document for a security solution.
A. Proof of Concept
B. IDS
C. Existing Network Infrastructure
D. WEP

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 69
IPS platform ________ can operate in inline mode only.
A. Cisco IOS IPS
B. Cisco IPS 4200 Series Sensor
C. IDSM-2
D. Cisco ASA AIP SSM
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 70
You are the network consultant from Your company. Please point out two keys features of the collaborative security approach.
A. Network Admission Control
B. Automated event and action filters
C. Coordinated defense of potential entry points
D. Integration of security features in network equipment

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

CCNA Cisco 642-565 contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 642-565.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CCNA Cisco 642-565 to the text and laying out a complete study plan for review.CCNA Cisco 642-565 also includes a wealth of hands-on practice exercises and a copy of the Cisco 642-565 network simulation software that allows you to practice your CCNA Cisco 642-565 hands-on skills in a virtual lab environment.The Cisco 642-565 supporting website keeps you fully informed of any exam changes