Cisco 642-565 PDF, New Updated Cisco 642-565 Vce & PDF Is Your Best Choice

Flydumps bring you the best Cisco 642-565 Certification exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-565 exam updates as Microsoft announces a change in its Cisco 642-565 exam syllabus,we inform you about it without delay.

When implementing a Cisco Integrated Services Router, which feature would you apply to achieve application security?
A. Access control lists
B. Alerts and audit trails
C. Lock-and-key (dynamic access control lists)
D. Context-based Access Control

Correct Answer: D Section: (none) Explanation
Explanation: CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information and can be used for intranets, extranets and the Internet. CBAC is implemented on Cisco IOS routers via the firewall feature set. Without CBAC, traffic filtering is limited to access list implementations that examine packets at the networklayer, or at most, the transportlayer. However, CBAC examines not only networklayer and transportlayer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session. This allows support of protocols that involve multiple channels created as a result of negotiations in the control channel. Most of the multimedia protocols as well as some other protocols (such as FTP, RPC, and SQL*Net) involve multiple channels. Reference: products_configuration_guide_chapter09186a00800 c
Which statement is true about the built-in hardware-based encryption that is included with Cisco Integrated Services Routers?
A. It supports SRTP
B. It supports 256-bit AES encryption
C. It is two times faster than previous modules
D. It stores VPN credentials

Correct Answer: B Section: (none) Explanation
The ISR router series provides built-in VPN encryption acceleration for IPSec DES, 3DES, and AES 128,
192, and 256.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 2-13.

Certkiller is a network administrator at Certkiller .com. Certkiller .com wants to implement command authorization for tighter control of user access rights. Which combination of authentication server and authentication protocol is able to best meet this requirement?
A. Cisco Secure ACS server and RADIUS
B. Cisco Secure ACS server and TACACS+
C. Microsoft IAS server and RADIUS
D. Microsoft Windows Domain Controller and Kerberos

Correct Answer: B Section: (none) Explanation
Explanation: Cisco Secure Access Control Server (ACS) for Windows provides a centralized identity networking solution and simplified user management experience across all Cisco devices and security management applications. Cisco Secure ACS helps to ensure enforcement of assigned policies by allowing network administrators to control:
Who can log into the network

The privileges each user has in the network

Recorded security audit or account billing information

Access and command controls that are enabled for each configuration’s administrator Cisco Secure ACS is a major component of Cisco trust and identity networking security solutions. It extends access security by combining authentication, user and administrator access, and policy control from a centralized identity networking framework, thereby allowing greater flexibility and mobility, increased security, and user productivity gains. The TACACS+ protocol provides authentication between the network access server and the TACACS+ daemon, and it ensures confidentiality because all protocol exchanges between a network access server and a TACACS+ daemon are encrypted. TACACS+ was designed by Cisco to overcome some of the imitations of RADIUS and is therefore considered to be more secure. RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information, making it difficult to decouple authentication and authorization. RADIUS also encrypts only the password in the access-request packet from the client to the server. The remainder of the packet is in the clear. Other information, such as username, authorized services, and accounting, can be captured by a third party. Reference:
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about secure
features. Match the features with the appropriate description.
Use each feature once and only once.

Correct Answer: Section: (none) Explanation

Allows control of web traffic based on sec policy – URL filtering Can control protocol misuse – Application-
based filtering (NBAR – Network Based Application Recognition)
Can proactively stop Net Attacks – unmatched (This describes IPS, which is not an option)
Leads to smaller holes in ACL – State full inspection (No need to authorize return traffic) Allows designated
users to gain temporary access- Lock-and-Key

You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about secure
Cisco IOS VPN technology. Match the technology with the appropriate benefit.
Use each technology once and only once.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 106

You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about firewall
features. Match the features with the appropriate descriptions.
Use each feature once and only once.

Correct Answer: Section: (none) Explanation

Cisco MARS is being used in the Certkiller network. What is a feature or function of Cisco Security MARS?
A. MARS enforces authorization policies and privileges
B. MARS determines security incidents based on device messages, events, and sessions
C. MARS configures, monitors, and troubleshoots Cisco security products
D. MARS supports AAA user login authentication
E. None of the above

Correct Answer: B Section: (none) Explanation
Explanation: With MARS, as events and data messages are received, the information is normalized against the topology, discovered device configurations, same source and destination applications (across Network Address Translation [NAT] boundaries), and similar attack types. Similar events are grouped into sessions in real time. System- and user-defined correlation rules are then applied to multiple sessions to identify incidents.
Cisco Clean Access has been implemented in the Certkiller network. What are the two main reasons for customers to implement Cisco Clean Access? (Choose two)
A. Enforcement of security policies by making compliance a condition of access
B. Focus on validated incidents, not investigating isolated events
C. Integrated network intelligence for superior event aggregation, reduction, and correlation
D. Provision of secure remote access
E. Significant cost savings by automating the process of repairing and updating user machines
F. Implementation of NAC phase 1

Correct Answer: AE Section: (none) Explanation
Explanation: Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network’s security policies and repairs any vulnerabilities before permitting access to the network. Networks with Cisco NAC Appliance can realize benefits such as:
Minimized network outages

Enforcement of security policies

Significant cost savings with automated device repairs and updates Reference: US/products/ps6128/index.html
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about Cisco
Security modules. Match the modules with the appropriate descriptions.
Not all descriptions are used.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 110

A new MARS appliance has been installed in the Certkiller network. What is the purpose of SNMP community strings when adding reporting devices into a newly installed Cisco Security MARS appliance?
A. To discover and display the full topology
B. To import the device configuration
C. To pull the log information from devices
D. To reconfigure managed devices

Correct Answer: A Section: (none) Explanation
Explanation: Cisco routers and switches that are running Cisco IOS Software release 12.2 can be configured to provide different types of data to MARS: Syslog messages. The syslog messages provide information about activities on the network, including accepted and rejected sessions. SNMP traffic. SNMP RO community strings support the discovery of your network’s topology. NAC-specific data. NAC logs events that are specific to its configuration, including Extensible Authentication Protocol (EAP) over UDP messages and 802.1x accounting messages. Access lists or NAT statements. You must enable SSH or Telnet access if the configuration on the Cisco router or swtich includes access lists or NAT statements. Spanning tree messages (Switch only). You must have STP (spanning tree protocol) configured correctly on the switches to enable L2 discovery and mitigation. STP provides MARS with access to the L2 MIB, which is required to identify L2 re-routes of traffic and to perform L2 mitigation. MARS also uses the MIB to identify trunks to other switches, which are used to populate VLAN information used in L2 path calculations. STP, which is enabled by default on Cisco Switches, should remain enabled, as it is required for L2 mitigation. Reference:
What could be a reason to implement Cisco Security Agent?
A. To prevent Day Zero attacks
B. To communicate the host posture validation to a policy server
C. To track the Internet usage of employees
D. To validate policy compliance

Correct Answer: A Section: (none) Explanation
Current supported versions of Cisco Security Agent 4.0.3.x, 4.5.1.x, 5.0.0.x, and 5.1.0.x are effective in
stopping all known exploits seen to date, thus providing “Zero-Day” protection at the end host. CSA host
intrusion prevention system software effectively stops both the initial buffer overflow attempt and any
subsequent steps to exploit the Microsoft Windows VML document arbitrary code execution vulnerability.
tsd_products_security_response09186a008074f075.h t

Which two are parts of the Network Security Lifecycle? (Choose two)
A. Purchase
B. Operate
C. Integrate
D. Design
E. Develop

Correct Answer: BD Section: (none) Explanation
The Network Security lifecycle is based on the lifecycle of the network itself as shown in the figure below. It
includes the Preparation, Planning, Design, Implementation, Operation, and Optimization components..
A new MARS appliance has been installed in the Certkiller network. On the Cisco Security MARS appliance, what is used to facilitate the management of Event, IP, Service and User management?
A. Groups
B. Custom parser
C. Rules
D. Signatures
E. Audit trail log

Correct Answer: A Section: (none) Explanation
Using a creating event groups is one of the most powerful ways to leverage rules. You can take any event
or series of events, group them, and use them with rules to concentrate your searches for attacks. Groups
are also used to facilitate the IP management, Service Management, and User Management tabs within
the MARS local and Global Controllers. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide,
Module 6, page 4-35 through 4-36.

Which two features work together to provide Anti-X defense? (Choose two)
A. Enhanced application inspection engines
B. Enhanced security state assessment
C. Cisco IPS version 5.0 technology
D. Network security event correlation
E. Cisco IOS AutoSecure

Correct Answer: AC Section: (none) Explanation
Explanation: The Cisco Intrusion Prevention System (IPS) Version 5.0 Solutions deliver a new generation of highly accurate and intelligent in-line prevention services complemented by new network anti-virus, anti-spyware and worm mitigation capabilities for improved threat defense across multiple form factors including appliances, switch-integrated modules, and Cisco IOSSoftware-based solutions using enhanced application inspection engines.
Which three components should be included in a security policy? (Choose three)
A. Identification and authentication policy
B. Incident handling procedure
C. Security best practice
D. Security product recommendation
E. Software specifications
F. Statement of authority and scope

Correct Answer: ABF Section: (none) Explanation
A Security policy is used to define and set a good foundation for securing the network, including:
Definition: Define the data assets to be covered by the security policy (statement of authority and scope).
Identity: How do you identify the hosts and applications affected by this policy. Trust: Under what
conditions is communication allowed between hosts. Enforceability: How will the policies implementation
be verified. Risk Assessment: What is the impact of a policy violation and how to detect them. Incident
Response: What actions are required upon violation of a security policy. Reference: Security Solutions for
SE (SSSE) v1.0 Student Guide, Module 1, page 1-25.

A new MARS appliance has been installed in the Certkiller network. Which statement is true about the Cisco Security MARS Global Controller?
A. The Global Controller receives detailed incidents information from the Local Controllers, and correlates the incidents between multiple Local Controllers.
B. The Global Controller centrally manages a group of Local Controllers.
C. Rules that are created on a Local Controller can be pushed to the Global Controller.
D. Most data archiving is done by the Global Controller.

Correct Answer: B Section: (none) Explanation
Explanation: The MARS GlobalController is a security threat mitigation (STM) appliance. Once you deploy multiple LocalControllers, you can deploy a GlobalController that summarizes the findings of two or more LocalControllers. In this way, the GlobalController enables you to scale your network monitoring without increasing the management burden. The GlobalController provides a single user interface for defining new device types, inspection rules, and queries, and it enables you to manage LocalControllers under its control. This management includes defining administrative accounts and performing remote, distributed upgrades of the LocalControllers. Reference:
Which Cisco IOS feature uses multipoint GRE and the Next Hop Resolution Protocol to create dynamic IPSec tunnels between spoke (branch) sites?
A. Easy VPN
D. Web VPN

Correct Answer: C Section: (none) Explanation
Explanation: The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). With DMVPN, The Dynamic Creation for Spoke-to-Spoke Tunnels feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them so data can be directly transferred. Reference: products_feature_guide09186a0080110ba1.html
When a FWSM is operating in transparent mode, what is true?
A. Each interface must be on the same VLAN.
B. The FWSM does not support multiple security contexts.
C. Each directly connected network must be on the same subnet.
D. The FWSM supports up to 256 VLANs.
Correct Answer: C Section: (none) Explanation

Explanation: In transparent mode, the FWSM acts like a “bump in the wire,” or a “stealth firewall,” and is not a router hop. The FWSM connects the same network on its inside and outside interfaces, but each interface must be on a different VLAN (only 2 VLANs). No dynamic routing protocols or NAT are required. However, like routed mode, transparent mode also requires ACLs to allow any traffic through aside from ARP packets. Transparent mode can allow certain types of traffic in an ACL that are blocked by routed mode, including unsupported routing protocols and multicast traffic. Transparent mode can also optionally use EtherType ACLs to allow non-IP traffic. Transparent mode only supports two interfaces, an inside interface and an outside interface, with each interface in the same IP subnet. Reference: products_module_configuration_guide_chapt e
Which three are included with the Cisco Security Agent? (Choose three)
A. Buffer overflow protection
B. Day Zero virus and worm protection
C. Cisco Easy VPN Client
D. Host-based intrusion prevention
E. Plug-in interface to query posture providers
F. Packet sniffer

Correct Answer: ABD Section: (none) Explanation
Explanation: The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal impact to the stability and performance of the underlying operating system. The software’s unique architecture intercepts all operating system calls to file, network, and registry sources, as well as to dynamic run-time resources such as memory pages, shared library modules, and COM objects. The agent applies unique intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications. This correlation and subsequent understanding of an application’s behavior is what allows the software-as directed by the security staff-to prevent new intrusions on the individual hosts. The Cisco Security Agent provides numerous benefits, including: The ability to aggregate and extend multiple endpoint security functions-the Cisco Security Agent provides host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation, all within a single agent Preventive protection against entire classes of attacks, including port scans, buffer overflows, Trojan horses, malformed packets, malicious HTML requests, and e-mail worms “Zero update” prevention for known and unknown attacks Reference: products_data_sheet0900aecd80440398.html
A new MARS appliance has been installed in the Certkiller network. What is a valid step when setting up the Cisco Security MARS appliance for data archiving?
A. Specify the remote CIFS server.
B. Specify the remote FTP server.
C. Specify the remote NFS server.
D. Specify the remote TFTP server.
Correct Answer: C Section: (none) Explanation

You can archive data from a MARS Appliance and use that data to restore the operating system (OS),
system configuration settings, dynamic data (event data), or the complete system. The appliance archives
and restores data to and from an external network-attached storage (NAS) system using the network file
system (NFS) protocol. Only a NFS or a NAS using the NFS protocol is supported on the Cisco MARS. Cisco 642-565 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with assistance.

Cisco 642-565 PDF, New Updated Cisco 642-565 Vce & PDF Is Your Best Choice