Cisco 642-565 Exam Test Questions, Best Quality Cisco 642-565 Preparation Materials Online Shop

Welcome to download the newest Pass4itsure 312-76 VCE dumps: http://www.pass4itsure.com/312-76.html

Review all FLYDUMPS Cisco 642-565 exam sample questions carefully, we guarantee you wiil pass the Cisco 642-565 exam for you first attempt and get the Cisco Certification successed. The only thing you need to do just is memorizing all the FLYDUMPS Cisco 642-565 exam questions and answers. There are number of IT certifications popular today, on account of their market potential in the field of Information technology. Cisco 642-565 exam is one of these popular certifications which remain the preference of all IT professionals who want to improve their career opportunities.

QUESTION 75
How is Cisco IOS Control Plane Policing achieved?
A. By adding a service-policy to virtual terminal lines and the console port
B. By applying a QoS policy in control plane configuration mode
C. By disabling unused services
D. By rate-limiting the exchange of routing protocol updates
E. By using AutoQoS to rate-limit the control plane traffic
F. None of the above

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of CiscoIOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch. To configure, follow these detailed steps: Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/ products_feature_guide09186a008052446b.html

QUESTION 76
The Certkiller network is using NAC. Which component of the Cisco NAC framework is responsible for compliance evaluation and policy enforcement?
A. Cisco Secure ACS server
B. Cisco Trust Agent
C. Network access devices
D. Posture validation server

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure ACS extends access security by combining authentication, user and administrator access,
and policy control from a centralized identity networking framework, thereby allowing greater flexibility and
mobility, increased security, and user productivity gains.

Cisco Secure ACS is an important component of the Cisco Network Admission Control (NAC)-an industry initiative sponsored by Cisco Systems that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Cisco Secure ACS 4.0 acts as a policy decision point in NAC deployments, evaluating credentials, determining the state of the host, and sending out per-user authorization to the network access devices. Reference: http://www.cisco.com/en/US/ products/sw/secursw/ps2086/index.html
QUESTION 77
DRAG DROP You work as a network technician at Certkiller .com. Your trainee Sandra is curious about Network Security Lifecycles. Match each action with the appropriate task.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 78

What is a benefit of the Cisco Integrated Services Routers?
A. Intel Xeon CPUs
B. Built-in event correlation engine
C. Built-in encryption acceleration
D. Customer programmable ASIC

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco 800, 1800, 2800, and 3800 Integrated Services Routers (ISR) were designed to incorporate security in every router by making hardware-based encryption a standard feature. This built-in, hardware-based encryption acceleration offloads the VPN processes to provide increased VPN throughput with minimal impact on the router CPU. If additional VPN throughput or scalability is required, optional VPN encryption advanced integration modules (AIMs) are available.
QUESTION 79
The Certkiller network has just implemented CSA for all end hosts. What are three functions of CSA in helping to secure customer environments? (Choose three)
A. Application control
B. Control of executable content
C. Identification of vulnerabilities
D. Probing of systems for compliance
E. Real-time analysis of network traffic
F. System hardening

Correct Answer: ABF Section: (none) Explanation
Explanation/Reference:
Explanation:
The functions of the CSA are system hardening, resource protection, control of executable content,
application control, and detection. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 4, page 4-3.

QUESTION 80
The Certkiller network just upgraded to the ISR router series. Which two features can the USB eToken for Cisco Integrated Services Router be used for? (Choose two)
A. Distribution and storage of VPN credentials
B. Command authorization
C. One-time passwords
D. Secure deployment of configurations
E. Troubleshooting

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IOS Software-level integration of Aladdin’s eToken drivers provides partners and customers with
enhanced security router practices:

1.
Secure Provisioning of Cisco Router Configurations: Combining eToken drivers with Cisco integrated services routers helps Cisco partners mount router configuration on eToken and securely send them to end customers.

2.
Portable Credential Storage for Cisco VPN: VPN credential storage on eToken provides off-platform generation and secure storage of VPN credentials. Encryption keys are loaded when eToken is plugged in, and removed when eToken is removed. Reference: http://www.aladdin.com/etoken/demos/cisco/ask.asp
QUESTION 81
Refer to the exhibit below. As each spoke site is added, spoke-to-spoke and spoke-to-hub connectivity will
be required. What is the best VPN implementation option in this scenario?
Exhibit:
A. GRE over IPSec with dynamic routing
B. IPSec DMVPN
C. IPSec Easy VPN
D. V3PN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). Benefits of Dynamic Multipoint VPN (DMVPN) Hub Router Configuration Reduction: Currently, for each spoke router, there is a separate block of configuration lines on the hub router that define the crypto map characteristics, the crypto access list, and the GRE tunnel interface. This feature allows users to configure a single mGRE tunnel interface, a single IPsec profile, and no crypto access lists on the hub router to handle all spoke routers. Thus, the size of the configuration on the hub router remains constant even if spoke routers are added to the network. DMVPN architecture can group many spokes into a single multipoint GRE interface, removing the need for a distinct physical or logical interface for each spoke in a native IPsec installation. Automatic IPsec Encryption Initiation GRE has the peer source and destination address configured or resolved with NHRP. Thus, this feature allows IPsec to be immediately triggered for the point-to-point GRE tunneling or when the GRE peer address is resolved via NHRP for the multipoint GRE tunnel. Support for Dynamically Addressed Spoke Routers When using point-to-point GRE and IPsec hub-and-spoke VPN networks, the physical interface IP address of the spoke routers must be known when configuring the hub router because IP address must be configured as the GRE tunnel destination address. This feature allows spoke routers to have dynamic physical interface IP addresses (common for cable and DSL connections). When the spoke router comes online, it will send registration packets to the hub router: within these registration packets, is the current physical interface IP address of this spoke. Dynamic Creation for Spoke-to-Spoke Tunnels This feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them so data can be directly transferred.
VRF Integrated DMVPN DMVPNs can be used to extend the Multiprotocol Label Switching (MPLS) networks that are deployed by service providers to take advantage of the ease of configuration of hub and spokes, to provide support for dynamically addressed customer premises equipment (CPEs), and to provide zero-touch provisioning for adding new spokes into a DMVPN. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/ products_feature_guide09186a0080110ba1.html
QUESTION 82
The Certkiller network is using GRE on their IPSec VPN WAN. What is a benefit of IPSec + GRE?
A. Bandwidth conservation
B. No need for a separate client
C. Full support of Cisco dynamic routing protocols
D. Support of dynamic connections

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk. IPSec with GRE uses generic routing encapsulation (GRE) in order to accomplish routing between the different networks. All routing protocols will be supported as all traffic will be encapsulated within a GRE packet.
QUESTION 83
Which two are true about Cisco AutoSecure? (Choose two)
A. It blocks all IANA-reserved IP address blocks
B. It enables identification service
C. It enables log messages to include sequence numbers and time stamps
D. It disables tcp-keepalives-in and tcp-keepalives-out
E. It removes the exec-timeout

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco AutoSecure performs the following functions:

1. Disables the following Global Services
1.
Finger

2.
PAD

3.
Small Servers

4.
Bootp

5.
HTTP service

6.
Identification Service

7.
CDP

8.
NTP

9.
Source Routing
2. Enables the following Global Services
1.
Password-encryption service

2.
Tuning of scheduler interval/allocation

3.
TCP synwait-time

4.
TCP-keepalives-in and tcp-kepalives-out

5.
SPD configuration

6.
No ip unreachables for null 0
3. Disables the following services per interface
1.
ICMP

2.
Proxy-Arp

3.
Directed Broadcast

4.
Disables MOP service

5.
Disables icmp unreachables

6.
Disables icmp mask reply messages.
4. Provides logging for security
1.
Enables sequence numbers & timestamp

2.
Provides a console log

3.
Sets log buffered size

4.
Provides an interactive dialogue to configure the logging server ip address.

5.
Secures access to the router
1.
Checks for a banner and provides facility to add text to automatically configure:

2.
Login and password

3.
Transport input & output

4.
Exec-timeout

5.
Local AAA

6.
SSH timeout and ssh authentication-retries to minimum number

7.
Enable only SSH and SCP for access and file transfer to/from the router

8.
Disables SNMP If not being used
6. Secures the Forwarding Plane
1.
Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available

2.
Anti-spoofing

3.
Blocks all IANA reserved IP address blocks

4.
Blocks private address blocks if customer desires

5.
Installs a default route to NULL 0, if a default route is not being used

6.
Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

7.
Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

8.
Enables NetFlow on software forwarding platforms Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns336/ networking_solutions_white_paper09186a00801
QUESTION 84
Which two statements about the Firewall Services Module are true? (Choose two)
A. For traffic from high to low security levels, no access control list is needed.
B. Interfaces with the same security level cannot communicate without a translation rule.
C. Two VLAN interfaces connect MSFC and FWSM.
D. Up to 1 million simultaneous connections are possible.
E. Up to 100 separate security contexts are possible.

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
Explanation:
The Firewall Service Module (FWSM) is a high performance module used in Catalyst 6500 series switches
and 7600 series routers. It is capable of 5.5GB of throughput, supporting 1 million simultaneous
connections, 100,000 connection setup and teardowns per second, and 256,000 NAT and PAT
translations. It also supports up to 100 separate security contexts (virtual firewalls) with a license upgrade.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 2, page 4-2 and 4-7.

QUESTION 85
The Certkiller network administrator is installing a new Cisco Security MARS appliance. After powering up the MARS appliance, what is a valid task?
A. Use a Category 5 crossover cable to connect the computer Ethernet port to the MARS eth0 port.
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration.
C. Set the IP address of the computer to 192.168.1.100.
D. Telnet to 192.168.1.1 using the username pnadmin and the password pnadmin.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
When installing the CS-MARS appliance and connecting to it for the first time, when the CS-MARS booted
up, connect a UTP Cat 5 crossover cable to your computer’s Etheret port and connect the other end of the
crossover cable to the CS-MARS’ Ethernet 0 (eth0) port.
Incorrect Answers:

B: To start the configuration process, you must connect another computer that is running Microsoft Internet Explorer to the appliance.
C: The default IP address of the CS-MARS device is 192.168.0.100, and it is recommended that the IP address of you computer is set to 192.168.0.101/24.
D: Although the default user name/password is indeed pnadmin/pnadmin, you should connect to 192.168.0.100, not 192.168.1.1 Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-65.
QUESTION 86
Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network?
A. Cisco Security Agent
B. Cisco Secure ACS server
C. NAC Appliance (Cisco Clean Access)
D. Cisco Traffic Anomaly Detector

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network’s security policies and repairs any vulnerabilities before permitting access to the network. When deployed, Cisco NAC Appliance provides the following benefits:
1.
Recognizes users, their devices, and their roles in the network. This first step occurs at the point of
authentication, before malicious code can cause damage.
2.
Evaluates whether machines are compliant with security policies. Security policies can include specific
antivirus or antispyware software, OS updates, or patches. Cisco NAC Appliance supports policies that
vary by user type, device type, or operating system.
3.
Enforces security policies by blocking, isolating, and repairing noncompliant machines.
Noncompliant machines are redirected into a quarantine area, where remediation occurs at the discretion
of the administrator.

QUESTION 87
What is a benefit of high-performance AIM that is included with Cisco Integrated Services Routers?
A. Hardware-accelerated packet inspection engine
B. Hardware-based encryption and compression
C. Removable secure credentials
D. Support of SRTP

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The VPN Advanced Integration Module (AIM) for the Cisco 1841 Integrated Services Router and Cisco 2800 and3800Series Integrated Services Routers optimizes the Cisco Integrated Services Router platforms for virtual private networks in both IP Security (IPSec) and Secure Sockets Layer (SSL) Web and VPN deployments. The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec VPN over the built-in IPsec encryption, and up to twice the performance for SSL Web VPN encryption. The Cisco VPN and SSL AIM supports all three of these functions in hardware: SSLencryption in hardware, VPN IPsec encryption in hardware using either Data Encryption Standard (DES) or Advanced Encryption Standard (AES), and the IP Payload Compression Protocol (IPPCP) in hardware. Reference: http://www.cisco.com/en/US/products/ps5853/products_data_sheet0900aecd804ff58a.html
QUESTION 88
In the context of Cisco NAC, what is a network access device?
A. A workstation without Cisco Trust Agent
B. A Cisco IOS router
C. An AAA server
D. A laptop with Cisco Trust Agent installed

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
In NAC, network devices that can or will enforce admission control policy include routers, switches,
wireless access points, wireless LAN controllers, and security appliances. These devices demand host
credentials and relay this information to policy servers, where network admission control decisions are
made. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 1-11 and 1-13.

QUESTION 89
How does Cisco CSA protect endpoints?
A. It uses signatures to detect and stop attacks
B. It uses deep-packet application inspections to control application misuse and abuse
C. It uses file system, network, registry, and execution space interceptors to stop malicious activity
D. It works in conjunction with antivirus software to lock down the OS
E. It works at the application layer to provide buffer overflow protection

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The technology used to control the host is the CSA INCORE (Interceptor Correlate Rules Engine)
technology which supports four interceptors:
File System- All file read or write requests are intercepted and checked against a defined set of rules.
Network- Packet events at the driver (NDIS) or transport (TDI) level Configuration – Read or write requests
to the registry on Windows or to the RC files on UNIX.
Execution space – Deals with maintaining the integrity of each application’s dynamic run-time environment.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 4-3

QUESTION 90
Which two should be included in an analysis of a Security Posture Assessment? (Choose two) A. A detailed action plan
B. An identification of bottlenecks inside the network
C. An identification of critical deficiencies
D. A recommendations based on security best practice
E. A service offer

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: As the first step in planning network security, it is required to make an evaluation of the organization’s network security posture. The Security Posture Assessment provides a snapshot of the security state of the network by conducting a thorough assessment of the network devices, servers, databases, and desktops. Analyze the effectiveness of the network security in reference to recognized industry best practices, allowing identifying the relative strengths and weaknesses of the environment and documenting specific vulnerabilities that could threaten the business. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-29
QUESTION 91
Refer to the exhibit. Network security is a continuous process that is built around which element? Exhibit:

A. Business requirements
B. Corporate security policy
C. Customer needs
D. Security best practice

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Network security is a continuous process built around a security policy. The diagram above is found in the
reference link below, with the words “Security Policy” found in the blank box.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-24

QUESTION 92
DRAG DROP You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about Cisco IOS Adaptive Threat Defense. You try to explain by matching the features with the appropriate functions.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 93

DRAG DROP
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about rule types.
You try to explain by matching the features with the appropriate functions.
Use each rule type once and only once.
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 94

What are two functions of Cisco Security Agent? (Choose two)
A. Authentication
B. Control of executable content
C. Resource protection
D. Spam filtering
E. User tracking

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
The functions of the CSA are system hardening, resource protection, control of executable content,
application control, and detection. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 4, page 4-3.

QUESTION 95
The Certkiller network is undergoing a Security Posture Assessment. In which two ways can a Security Posture Assessment help organizations to understand network threats and risk? (Choose two)
A. By coaching system administrators
B. By identifying bottlenecks
C. By identifying vulnerable systems
D. By recommending areas to improve
E. By recommending new products

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: A Security Posture Assessment is designed to identify vulnerabilities that allow outside, untrusted networks to gain access to internal, trusted networks and systems, and recommend solutions for improvement. With a Security Posture Assessment, your organization can: ? Reduce the risk of intentional or accidental access to IT assets and information ? Identify security vulnerabilities in your network infrastructure ? Develop a prioritized list of steps required to fix identified vulnerabilities ? Improve compliance with federal and state regulations that require security assessments ? Reduce the time and resources trying to stay current with new and emerging vulnerabilities ? Validate current security policies and practices against industry best practices and verifying areas that require security budget or staffing
QUESTION 96
Self-Defending Network is the Cisco vision for security systems. What is the purpose of the Cisco Secure ACS server?
A. Anomaly detection
B. Identity management
C. Secure connectivity
D. Security management

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Cisco Secure Access Control Server (ACS) provides a centralized identity networking solution and
simplified user management experience across all Cisco devices and security management applications.
Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to
control:

1.
Who can log into the network

2.
The privileges each user has in the network

3.
Recorded security audit or account billing information

4.
Access and command controls that are enabled for each configuration’s administrator
QUESTION 97
Which two are valid arguments that you can use to convince a business decision maker of the need for network security? (Choose two)
A. A high-performance firewall is the only device that is needed to protect businesses.
B. Cisco products can provide end-to-end network protection against current and emerging threats.
C. The network should be secured at any expense.
D. Network security products are complex to manage and that makes them hard to penetrate.
E. Organizations that operate vulnerable networks face increasing liability.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Explanation: Organizations today face an increasing amount of security legislation that require companies to protect their date, including CFAA (Computer Fraud and Abuse Act) HIPAA (Health Insurance Portability and Accountability Act), and GLBA (The Gramm-Leach-Bliley Act) just to name a few. This legislation means an increased amount of liability and accountability for network security. The Cisco Self Defending Network suite of solutions can be used to provide end to end network security. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-3
QUESTION 98
What is the main reason for customers to implement the Cisco Detector and Guard solution?
A. As a replacement for IPS sensors
B. As a DDoS protection system
C. As a complete appliance-based NAC solution
D. As a replacement for firewalls

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Distributed Denial of Service (DDoS) attacks are attacks in which malicious individuals cause thousands of compromised computers (“zombies”) to run automated scripts that cripple a protected server’s (the zone) network resources with spurious requests for service. The attacks can be, for example, a flood of bogus home page requests to a web server that shuts out legitimate consumers, or efforts that compromise the availability and accuracy of Domain Name System (DNS) servers. Although often launched by an individual, the zombies actually executing the attacking code may number in the hundreds of thousands, and are distributed over multiple autonomous systems, administered by multiple organizations. These distributed attacks generate a volume of traffic that cannot be handled by the lower bandwidths available at a typical zone, including the largest corporations. The Cisco Traffic Anomaly Detector Module (Detector module) is a Cisco IOS application module that you can install in the Catalyst 6500 series switch. It is a denial-of-service (DoS) detection product. It receives a copy of the traffic on the switch, analyzes that traffic, and sends out an alert when a DoS attack is detected.The Detector can detect attacks and activate protection mechanisms. It is best suited to work alongside with the Cisco Guard but it can also operate as a separate DDoS detection and alarm component. The Detector gets a copy of the traffic either by using the port mirroring feature (such as SPAN) of a switch, or by means of splitting. Then it constantly monitors the traffic, and closely remains tuned to zone traffic characteristics for evolving attack patterns. The Detector module can also activate a configured Cisco Anomaly Guard Module to mitigate these attacks. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ products_module_configuration_guide_chapter0918
QUESTION 99
Which two statements are true about symmetric key encryption? (Choose two)
A. It uses secret-key cryptography.
B. Encryption and decryption use different keys.
C. It is typically used to encrypt the content of a message.
D. RSA is an example of symmetric key encryption
E. The key exchange can take place via a nonsecure channel.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. Contrast this with public-key cryptology, which utilizes two keys
-a public key to encrypt messages and a private key to decrypt them.
Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must
somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public
key can be distributed in a non-secure way, and the private key is never transmitted.
Symmetric-key cryptography is sometimes called secret-key cryptography. The most popular symmetric-
key system is the Data Encryption Standard (DES).

QUESTION 100
What allows Cisco Security Agent to block malicious behavior before damage can occur?
A. Correlation of network traffic with signatures
B. Interception of operating system calls
C. Scan of downloaded files for malicious code
D. User query and response

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal impact to the stability and performance of the underlying operating system. The software’s unique architecture intercepts all operating system calls to file, network, and registry sources, as well as to dynamic run-time resources such as memory pages, shared library modules, and COM objects. The agent applies unique intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications. This correlation and subsequent understanding of an application’s behavior is what allows the software-as directed by the security staff-to prevent new intrusions. Because the Cisco Security Agent intercepts system calls at the operating system level, there is no need to replace any system programs. Reference: www.cisco.com/en/US/products/sw/secursw/ps5057/products_data_sheet0900aecd80440398.html

Looking to become a certified Adobe professional? Would you like to reduce or minimize your Cisco 642-565 certification cost? Do you want to pass all of the Microsoft certification? If you answered YES, then look no further. Flydumps.com offers you the best Cisco 642-565 exam certification test questions which cover all core topics and certification requirements.

Pass4itsure 312-76 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/312-76.html

Cisco 642-565 Exam Test Questions, Best Quality Cisco 642-565 Preparation Materials Online Shop