Cisco 642-565 Test Software, Easily To Pass Cisco 642-565 Exam With High Quality

Welcome to download the newest Jumpexam C2090-611 VCE dumps: http://www.jumpexam.com/C2090-611.html

Flydumps just published the newest Cisco 642-565 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Cisco 642-565 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Cisco 642-565 version VCE Player along with your VCE dumps.

QUESTION 71
The Cisco IOS Resilient Configuration feature enables a router to secure and maintain a working copy of the running image and configuration so that those files can withstand malicious attempts to erase the contents of persistent storage (NVRAM and Flash). What is the objective of the Cisco IOS resilient configuration?
A. Improve the sped of Cisco IOS image or configuration recovery process
B. Enable primary and backup operations of two Cisco IOS routers
C. Allow a compromise of the router
D. Enable redundant Cisco IOS images for fault tolerance router operations

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which three functions can be provided by the Cisco ACE 4710 Appliance in the enterprise data center? (Choose three.)
A. HTTPS session decryption through SSL/TLS termination
B. SYN flooding attacks protection
C. XML firewalling
D. HTTP protocol verification

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Secure Sockets Layer (SSL) is a cryptographic protocol that provides security and data integrity for communications over TCP/IP networks such as the interne. When SSL uses TCP encapsulation on Cisco SSL VPNs, the user’s TCP session is transported over another TCP session, thus making flow control inefficient if a packet is lost. Which is the best solution of this problem?
A. DAP
B. Cisco Secure Desktop
C. DTLS
D. SSL Traversal

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which method can be used by Cisco SSL VPN solution to provide connections between a Winsock2, TCP-based application and a private site without requiring administrative privileges?
A. Application plug-ins
B. Port Forwarding
C. Cisco Secure Desktop
D. Smart tunnels

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Study the exhibit below carefully, which statement is true about the security architecture, which is used to protect the multi-tiered web application?

A. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth.
B. This architecture supports application tiers that are dual homed.
C. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls.
D. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 76
You work as a network operator for an IT company. You have just detected a distributed DoS attack which appears to have sources from many hosts in network X/24. You must take preventive action to block all offending traffic, so you announce a BGP route, with the next-hop attribute of 172.31.1.1, for the X/24 network of the attacker. Which two methods will be adopted by the routers at the regional office, branch office, and telecommuter location to prevent traffic going to and from the attacker? (Choose two.)

A. a prefix list to block routing updates about the X/24 network
B. a static route to 172.31.1.1/32, which points to a null interface
C. a dynamic ACL entry to block any traffic that is sourced from the X/24 network
D. strict uRPF

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 77
You are a network engineer of your company. Study the following exhibit carefully, which three Cisco IOS features could be used on the VPN gateways (Cisco IOS routers) to implement high availability for remote-access IPsec VPN? (Choose three.)

A. Dynamic VTIs
B. Reverse Route Injection (RRI)
C. cooperative key servers
D. Dead Peer Detection (DPD)

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Which Cisco Security product is used to perform a Security Posture Assessment of client workstations?
A. Adaptive Security Appliance
B. Cisco Security Agent
C. Cisco Security Posture Assessment Tool
D. Cisco NAS Appliance
E. Cisco ACS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which three policy types can be assigned to a network user role in the Cisco NAC Appliance architecture? (Choose three.)
A. Allowed IP Address ranges
B. Network Port Scanning Plug-ins
C. VPN and roaming policies
D. Inactivity period
E. Session Duration
F. Minimum Password length

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which two components should be included in a network design document? (Choose two.)
A. Complete network blueprint
B. Operating Expense
C. Risk Analysis
D. Configuration for each device
E. Detailed part list

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Look at the picture.
Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 82
Which statement is true about the Cisco Security MARS Global Controller?
A. Rules that are created on a Local Controller can be pushed to the Global Controller
B. Most data archiving is done by the Global Controller
C. The Global Controller receives detailed incidents information from the Local Controllers and correlates the incidents between multiple Local Controllers
D. The Global Controller Centrally Manages of a group of Local Controllers

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which certificates are needed for a device to join a certificate-authenticated network?
A. The Certificates of the device and its peer
B. The Certificates of the certificate authority, the device and the peer
C. The Certificates of the certificate authority and the peer
D. The Certificates of the certificate authority and the device

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 84
Which three Cisco Security products help to prevent application misuse and abuse? (Choose three.)
A. Cisco ASA 5500 Series Adaptive Security Appliances
B. Cisco IOS FW and IPS
C. Cisco Traffic Anomaly Detector
D. Cisco Security Agent
E. Cisco Trust Agent
F. NAC Appliance (Cisco Clean Access)

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
You work as a network engineer at Your company. Your boss, , is interested attack methodologies. Match the descriptions with the proper methodology. Use only options that apply.
Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 86
Which two of these features are integrated security components of the Cisco Adaptive Security Appliance? (Chose two.)
A. VRF-aware firewall
B. Cisco ASA AIP SSM
C. VTI
D. Control Plane Policing
E. Anti-X
F. DMVPN

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which two of these statements describes features of the NAC Appliance architecture? (Choose two.)
A. NAC Appliance Servers managed by the same NAC Appliance Manager can run in mixed mode (inline or out-of-band)
B. NAC Appliance Agent has the auto-upgrade feature
C. NAC Appliance High Availability uses VRRP
D. The standard NAC Appliance Managercan mange up to 40 NAC Appliance Servers failover pairs
E. The NAC Appliance Agent is bundled with the NAC Appliance Server Software

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which three of these security products complement each other to achieve a secure remote-access solution? (Choose three.)
A. Cisco GET VPN
B. Cisco Security MARS
C. URL Filtering Server
D. Cisco Secure Access Control Server
E. NAC Appliance
F. Adaptive Security Appliance

Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What are two functions of Cisco Security Agent? (Choose two.)
A. Span Filtering
B. Authentication
C. Resource Protection
D. User tracking
E. Control of Executable Content

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which two should be included in an analysis of a security posture assessment? (Choose two.)
A. Identification of bottlenecks inside the network
B. Recommendations based on security best practice
C. Identification of critical deficiencies
D. Service offer
E. Detailed action plan

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Which three of these security products complement each other to achieve a secure-e-banking solution? (Choose three.)
A. Cisco Trust Agent
B. CCA Agent
C. Cisco Security Agent
D. Cisco IOS DMVPN
E. Cisco Intrusion Prevention System
F. Cisco Adaptive Security Appliance

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 92
Your company, wants to implement the PCI Data Security Standard to protect sensitive cardholder information. They are planning to use RSA to ensure data privacy, integrity and origin authentication. Which two of these statements describe features of the RSA keys? (Choose two.)
A. The private key only decrypts
B. The private key both encrypts and decrypts
C. The public key only decrypts
D. The public key both encrypts and decrypts
E. The private key only encrypts
F. The public key only encrypts

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which three technologies address SO 17799 requirements for unauthorized access prevention? (Choose three.)
A. Cisco Secure Access Control Server
B. 802.1X
C. SSL VPN
D. Network Admission Control
E. Intrusion Prevention System
F. Cisco Security MARS
Correct Answer: ABD Section: (none) Explanation

Explanation/Reference:
QUESTION 94
Which two of these features are supported by Cisco Security MARS running software version 4.2.x? (Choose two.)
A. Attack capture and playback
B. Use login authentication using external AAA Server
C. Inline or promiscuous mode operation
D. NetFlow for Network profiling and anomaly detection
E. Role-based access and dashboards
F. Hierarchical Design using global and local controllers

Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which of these characteristics is a feature of AES?
A. It is not supported by hardware accelerators but runs very fast in software
B. It provides strong encryption and authentication
C. It has a variable key length
D. It should be used with key lengths greater than 1024 bits

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which protocol should be used to provide secure communications when performing shunning on a network device?
A. SSH
B. Telnet
C. SNMPV2
D. SSL
E. SNMPv3

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 97 DRAG DROP
Look at the picture.
Select and Place:

Correct Answer:

Section: (none)

Explanation
Explanation/Reference:
QUESTION 98
How does CSA protect endpoints?
A. Uses deep-packet application inspection to control application misuse and abuse
B. Uses file system, network, registry and execution space interceptors to stop malicious activity
C. Works at the application layer to provide buffer overflow protection
D. Uses signatures to detect and stop attacks
E. Works in conjunction with antivirus software to lock down the OS

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
What are the advantages of IPSec-based site-to-site VPNs over traditional WAN networks?
A. Delay guarantees, span, performance, security and low cost
B. Span, flexibility, security and low cost
C. Bandwidth guarantees, support for non-IP protocols, scalability and modular design guidelines
D. Bandwidth guarantees, flexibility, security and low cost

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Identify two ways to create a long-duration query on the Cisco Security MARS Appliance. (Choose two.)
A. By Modifying an existing report
B. By submitting a query inline
C. By Submitting a batch query
D. By saving a query as a rule
E. By saving a query as a report

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Security state assessment
B. Network Security event correlation
C. CiscoAutoSecure
D. Enhanced Application inspection engines
E. Cisco IPS Sensors

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Which IPS platform can operate in inline mode only?
A. Cisco ASA AIP SSM
B. IDSM-2
C. Cisco IPS 4200 Series Sensor
D. Cisco IOS IPS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Which three components should be included in a security policy? (Choose three.)
A. Security best practice
B. Incident handling procedure
C. Software Specifications
D. Statement of authority and scope
E. Security product recommendation
F. Identification and authentication policy

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 104
What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS Appliance?
A. To pull the log information from devices
B. To reconfigure managed devices
C. To discover and display the full topology
D. To import the device configuration

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 105
What are three advantages of Cisco Security MARS? (Choose three.)
A. Fixes Vulnerable and infected devices automatically
B. Is network topologyaware
C. Provides rapid profile-based provisioning capabilities
D. Contains scalable, distributed event analysis architecture
E. Performs automatic mitigation on Layer 2 devices
F. Ensures that he user device is not vulnerable

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 106
What is the security issue in classic packet filtering of active FTP sessions?
A. The established keyword can’t be used for control or data sessions
B. Allowing control sessions to the client opens up all the high ports on the client
C. Allowing data sessions to the clientopens up all the high ports on the client
D. The control session can’t be adequately filtered

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which two components should be included in a detailed design documents for a security solution? (Choose two.)
A. Traffic growth forecast
B. Data Source
C. Proof of concept
D. Existing Network Infrastructure
E. Weak-link description
F. Organizational Chart

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. Cisco IOS IPS signatures have a minimal impact on router memory
B. Cisco IOS IPS offersa wider signature coverage than the IDSM-2 module
C. All Cisco IOS IPS signatures should be enabled to maximize the coverage, except for false-positives reduction
D. Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 109
How is Cisco IOS Control Plane Policing Achieved?
A. By usingAutoQoS to rate-limit Control Plane traffic
B. By adding a server-policy to virtual terminal lines and the console port
C. By Applying a QoS policy in control plane configuration mode
D. By disabling unused services
E. By Rate limiting the exchange of routing protocol updates

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 110
What are three functions of Cisco Security Agent? (Choose three.)
A. Local Shunning
B. Device-based registry scans
C. Malicious mobile code protection
D. Flexibility against new attacks through customizable signature “on the fly”
E. Spyware and adware protection
F. Protection against buffer overflows

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
What are two main reasons for customer to implement Cisco Clean Access? (Choose Two.)
A. Integrated network intelligence for superior event aggregation, reduction and correlation
B. Enforcement of Security Policies by making compliance a condition of access
C. Provision of secure remote access
D. Significant cost savings by automating the process of repairing and updating user machines
E. Focus on validated incidents, not investigating isolated events
F. Implementation of NAC Phase-1

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 112

Which two statements are true about symmetric key encryption? (Choose two.)
A. RSA is an example of symmetric key encryption
B. The key exchange can take place via anonsecure channel
C. It is typically used to encrypt the content of a message
D. It uses secret-key cryptography
E. Encryption and decryption use different keys

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.)
A. Presence of Cisco Trust Agent
B. Presence of Cisco Security Agent
C. Registry Keys
D. IP Address
E. Microsofthotfixes

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 114
In which two ways do Cisco ASA 5500 Series Adaptive Security Apliance achieve containment and control? (Choose two.)
A. By probing end systems for compliance
B. By Enabling business to create secure connections
C. By preventing unauthorized network access
D. By performing traffic anomaly detection
E. By tracking the state of all network communications

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which two statements mitigate the threat of a SYN flood attack? (Choose two.)
A. MARS floodautomitigation
B. Cisco IOS IPS
C. NAC Appliance Security Posture Validation
D. ASA TCP Intercept
E. ASA Enhanced application inspection
F. Cisco IOS FPM

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which three of these features are key elements of the Adaptive Threat Defense? (Choose three.)
A. Ability of a network to identify, prevent and adapt to security threats
B. Active management and mitigation
C. Multilayer intelligence
D. Blend of IP and Security technologies
E. Dynamic adjustment of risk ratings
F. Feature consistency

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Which two technologies can prevent the Slammer worm from compromising a host? (Choose two.)
A. NAC Appliance Security posture validation
B. ASAstateful firewall
C. Cisco IOS IPS
D. ASA enhanced application inspection
E. Cisco IOS FPM
F. Cisco Trust Agent

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two features work together to provide anti-X defense? (Choose two.)
A. Enhanced Application inspection engines
B. Enhanced Security state assessment
C. CiscoAutoSecure
D. Network Security event correlation
E. Cisco IPS Sensors

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Which primary security design components should be addressed while implementing secure WAN solutions?(Not all design components are required.)
1.
authentication and transmission protection

2.
network infrastructure device hardening

3.
boundary access control

4.
topology

5.
high availability

6.
performance and scalability

7.
resource separation

A. 1, 2, 4, 5, 6
B. 1, 2, 3, 4, 5
C. 1, 2, 3, 5, 6
D. 2, 3, 4, 5, 6

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which two technologies mitigate the threat of a SYN Flood attack? (Choose two.)
A. NAC Appliance Security Posture Validation
B. Cisco IOS IPS
C. ASA Enhanced Application inspection
D. Cisco IOS FPM
E. ASA TCP intercept
F. MARS Floodautomitigation

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two of these features are the most appropriate test parameters for the acceptance test plan of a secure connectivity solution? (Choose two.)
A. Certificate enrollment and revocation
B. High availability
C. Privacy of key exchange
D. Duration of the key refresh operation
E. Resistance Against brute-force attacks

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which two technologies address ISO 17799 requirements in detecting, preventing and responding to attacks and intrusion? (Choose two.)
A. Cisco Trust Agent
B. 802.1X
C. Cisco Security MARS
D. Cisco Security Agent
E. Cisco NAC Appliance
F. DMVPN

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 123
When a FWSM is operating in transparent mode, what is true?
A. The FWSM does not support multiple security contexts
B. Each directly connected network must be on the same subnet
C. The FWSM supports up to 256 VLANs
D. Each interface must be on the same LAN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about Cisco 642-565 exam. Our Cisco 642-565 exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend Cisco 642-565 exam.

Jumpexam C2090-611 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/C2090-611.html

Cisco 642-565 Test Software, Easily To Pass Cisco 642-565 Exam With High Quality