642-552 Exam
Securing Cisco Network Devices Exam
- Exam Number/Code : 642-552
- Exam Name : Securing Cisco Network Devices Exam
- Questions and Answers : 60 Q&As
- Update Time: 2013-04-05
- Price:
$ 119.00$ 69.00 
642-552 Hard Copy (PDF)- 642-552 Test Engine
Free 642-552 Demo Download
Test4pass offers free demo for CCSP 642-552 exam (Securing Cisco Network Devices Exam). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
Exam Description
It is well known that 642-552 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 642-552 real test . It is the examination of the perfect combination and it will help you pass 642-552 exam at the first time!
Why choose Test4pass 642-552 braindumps
Quality and Value for the 642-552 Exam
100% Guarantee to Pass Your 642-552 Exam
Downloadable, Interactive 642-552 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.
Test4pass 642-552 Exam Features
Quality and Value for the 642-552 Exam
Test4pass Practice Exams for Cisco 642-552 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-552 Exam
If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCSP 642-552 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.
Cisco 642-552 Downloadable, Printable Exams (in PDF format)
Our Exam 642-552 Preparation Material provides you everything you will need to take your 642-552 Exam. The 642-552 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.
642-552 Downloadable, Interactive Testing engines
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-552 Exam will provide you with free 642-552 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-552 Exam:100% Guarantee to Pass Your CCSP exam and get your CCSP Certification.
Hot KeyWords On 642-552 test
We collect some hot keywords about this exam:
Test4pass , Pass 4 Sure , Test in Side ,Pass Guide ,Test King 642-552 exam | 642-552 pdf exam | 642-552 braindumps | 642-552 study guides | 642-552 trainning materials | 642-552 simulations | 642-552 testing engine | 642-552 vce | 642-552 torrent | 642-552 dumps | free download 642-552 | 642-552 practice exam | 642-552 preparation files | 642-552 questions | 642-552 answers.
How to pass your 642-552 exam
You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 642-552 test,The safer.easier way to get
CCSP Certification
.
¡¡
Exam : Cisco 642-552
Title : Cisco(r) Securing Cisco Network Devices Exam
1. Referring to the network diagram shown, which ACL entry will block any Telnet Client traffic from the Corporate LAN to any Telnet Servers on the Remote Access LAN?
A. access-list 190 deny tcp any eq 23 16.2.1.0 0.0.0.255
B. access-list 190 deny tcp 16.1.1.0 0.0.0.255 eq 23 16.2.1.0 0.0.0.255 eq 23
C. access-list 190 deny tcp any 16.1.1.0 0.0.0.255 eq 23
D. access-list 190 deny tcp any 16.2.1.0 0.0.0.255 eq 23
E. access-list 190 deny tcp 16.2.1.0 0.0.0.255 eq 23 16.1.1.0 0.0.0.255 eq 23
Answer: D
2. Referring to the Cisco SDM Security Audit Wizard screen shown, what will happen if you check the Fix it box for Firewall is not enabled in all the outside interfaces then click the Next button?
A. All outside access through the outside interfaces will immediately be blocked by an ACL.
B. SDM will prompt you to configure an ACL to block access through the outside interfaces.
C. SDM will take you to the Advanced Firewall Wizard.
D. SDM will perform a one-step lockdown to lock down the outside interfaces.
E. SDM will take you to the Edit Firewall Policy/ACL screen where you can configure an ACL to block access through the outside interfaces.
Answer: C
3. What two tasks should be done before configuring SSH server operations on Cisco routers? (Choose two.)
A. Upgrade routers to run a Cisco IOS Release 12.1(1)P image.
B. Upgrade routers to run a Cisco IOS Release 12.1(3)T image or later with the IPsec feature set.
C. Ensure routers are configured for external ODBC authentication.
D. Ensure routers are configured for local authentication or AAA for username and password authentication.
E. Upgrade routers to run a Cisco IOS Release 11.1(3)T image or later with the IPsec feature set.
Answer: BD
4. Which method does a Cisco router use for protocol type IP packet filtering?
A. inspection rules
B. standard ACLs
C. security policies
D. extended ACLs
Answer: D
5. Which method of mitigating packet-sniffer attacks is the most effective?
A. implement two-factor authentication
B. deploy a switched Ethernet network infrastructure
C. use software and hardware to detect the use of sniffers
D. deploy network-level cryptography using IPsec, secure services, and secure protocols
Answer: D
6. Why is TACACS+ the preferred AAA protocol to use with Cisco device authentication?
A. TACACS+ encryption algorithm is more recent than other AAA protocols
B. TACACS+ has a more robust programming interface than other AAA protocols
C. TACACS+ was initially developed as open-source software
D. TACACS+ provides true AAA functional separation and encrypts the entire body of the packet
E. TACACS+ maintains authentication information in the local database of each Cisco IOS router
F. TACACS+ combines authentication and authorization to provide more robust functionalities
Answer: D
7. Which building blocks make up the Adaptive Threat Defense phase of Cisco SDN strategy?
A. VoIP services, NAC services, Cisco IBNS
B. network foundation protection, NIDS services, adaptive threat mitigation services
C. firewall services, intrusion prevention, secure connectivity
D. firewall services, IPS and network antivirus services, network intelligence
E. Anti-X defense, NAC services, network foundation protection
Answer: D
8. A malicious program is disguised as another useful program; consequently, when the user executes the program, files get erased and then the malicious program spreads itself using emails as the delivery mechanism. Which type of attack best describes how this scenario got started?
A. DoS
B. worm
C. virus
D. trojan horse
E. DDoS
Answer: D
9. Network administrators have just configured SSH on their target router and have now discovered that an intruder has been using this router to perform a variety of malicious attacks. What have they most likely forgotten to do and which Cisco IOS commands do they need to use to fix this problem on their target router?
A. forgot to reset the encryption keys using the crypto key zeroize rsa Cisco IOS global configuration command
B. forgot to close port 23 and they need to issue the no transport input telnet Cisco IOS global configuration command
C. forgot to disable vty inbound Telnet sessions and they need to issue the line vty 0 4 and the no transport input telnet Cisco IOS line configuration commands
D. forgot to restrict access to the Telnet service on port 23 using ACLs and they need to issue the access-list 90 deny any log Cisco IOS global configuration command, and the line vty 0 4 and access-class 90 in Cisco IOS line configuration commands
Answer: C
10. The figure contains a sample configuration using Cisco IOS commands. Which Cisco IOS command or setting does the configuration need to get SSH to work?
A. add the transport input telnet ssh Cisco IOS command after the line vty 0 4 Cisco IOS command
B. add the transport output ssh Cisco IOS command after the line vty 0 4 Cisco IOS command
C. set the SSH timeout value using the ip ssh timeout 60 Cisco IOS command
D. add the crypto key generate rsa general-keys modulus 1024 Cisco IOS command
E. set the SSH retries value using the ip ssh authentication-retries 3 Cisco IOS command
Answer: D
11. What is the key function of a comprehensive security policy?
A. informing staff of their obligatory requirements for protecting technology and information assets
B. detailing the way security needs will be met at corporate and department levels
C. recommending that Cisco IPS sensors be implemented at the network edge
D. detailing how to block malicious network attacks
Answer: A
12. Which security log messaging method is the most common message logging facility and why?
A. SNMP traps, because the router can act as an SNMP agent and forward SNMP traps to an external SNMP server
B. buffered logging, because log messages are stored in router memory and events are cleared whenever the router is rebooted
C. console logging, because security messages are not stored and do not take up valuable storage space on network servers
D. syslog, because this method is capable of providing long-term log storage capabilities and supporting a central location for all router messages
E. logging all events to the Cisco Incident Control System to correlate events and provide recommended mitigation actions
Answer: D
13. What is a syslog configuration oversight that makes system event logs hard to interpret and what can be done to fix this oversight?
A. The system time does not get set on the router, making it difficult to know when events occurred. Recommend that an NTP facility be used to ensure that all the routers operate at the correct time.
B. Third-party flash memory gets installed and doesn't provide easily understandable error or failure codes. Only Cisco-authorized memory modules should be installed in Cisco devices.
C. The syslog message stream does not get encrypted and invalid syslog messages get sent to the syslog server. Encrypt the syslog messages.
D. The syslog messages filter rules did not get configured on the router, resulting in too many unimportant messages. Configure syslog messages filter rules so that low-severity messages are blocked from being sent to the syslog server and are logged locally on the router.
Answer: A
14. Which of these two ways does Cisco recommend that you use to mitigate maintenance-related threats? (Choose two.)
A. Maintain a stock of critical spares for emergency use.
B. Ensure that all cabling is Category 6.
C. Always follow electrostatic discharge procedures when replacing or working with internal router and switch device components.
D. Always wear an electrostatic wrist band when handling cabling, including fiber-optic cabling.
E. Always employ certified maintenance technicians to maintain mission-critical equipment and cabling.
Answer: AC
