Cisco SAFE Implementation Exam : 642-542 Exam The Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.

Exam Number/Code: 642-542
Exam Name: Cisco SAFE Implementation Exam
VUE Code: 642-542
Questions Type: Single choice,
Real Exam Question Numbers: 70-80 questions
Exam Language(s): English

642-542 CSI
Cisco SAFE Implementation Exam
Exam Number: 642-542
Associated Certifications: CCSP
Duration: 105 minutes (70-80 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.
Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Security Fundamentals

* Need for network security
* Components of a complete security policy
* Primary network threats and attacks
* Common attacks and recommended mitigation techniques
* Security issues implicit in common management protocols

SAFE Blueprint Overview

* SAFE Blueprint Overview
* Design Fundamentals
* SAFE Axioms

The Cisco Security Portfolio

* Cisco Security Portfolio Overview
* Secure Connectivity-Cisco VPN 3000 Concentrator and Cisco VPN Optimized IOS
* Perimeter Security Firewalls-Cisco PIX Firewall and Cisco IOS Firewall
* Intrusion Protection-IDS
* Identity-CSACS
* Security Management-VMS
* Cisco AVVID

SAFE Small Network Design

* Small Network Design Overview
* Small Network Corporate Internet Module
* Small Network Campus Module
* Implementation-ISP Router
* Implementation-Cisco IOS Firewall
* Implementation-PIX Firewall
* Implementation-CSA

SAFE Midsize Network Design

* Midsize Network Design
* Midsize Network Corporate Internet Module Design Guidelines
* Midsize Network Campus Module
* Midsize Network Campus Module Design Guidelines
* Midsize Network WAN Module
* Implementation-ISP Router and Edge Router
* Implementation-Network IPS
* Implementation-VPN 3000 Concentrator
* Implementation-Layer 3 Switch

SAFE Remote Network Design

* Remote-User Network Overview
* Key Devices and Threat Mitigation
* Software Client Option
* Remote Site Firewall Option
* VPN 3002 Hardware Client Option
* Remote Site Router Option

SAFE Enterprise Network Design

* Enterprise Network Design Overview
* Enterprise Campus
* Enterprise Network Edge

SAFE IP Telephony Design

* IP Telephony Concepts, Caveats and Axioms
* IP Telephony Product Portfolio
* IP Telephony Design Considerations
* IP Telephony Design for Small, Medium and Large Network

SAFE Wireless LAN Design

* Wireless LAN Security Concepts, Caveats and Axioms
* WLAN Security Extensions
* Cisco WLAN Product Portfolio
* WLAN Design Approach
* Standard WLAN Design
* WLAN Design for Small, Medium, Enterprise and Remote Network
* WLAN Implementation

“Cisco SAFE Implementation Exam”, also known as 642-542 exam, is a Cisco certification.
Preparing for the 642-542 exam? Searching 642-542 Test Questions, 642-542 Practice Exam, 642-542 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 224 Q&A to your 642-542 Exam preparation. In the 642-542 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

QUESTION 1:
Threats that come from hackers who are more highly motivated and technically
competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Answer: D
Explanation: Structured threats come from adversaries that are highly motivated
and technically competent.
Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2:
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.

F. You can not determine the source.
Answer: C
Explanation: The worst attack is the one that you cannot stop. When performed
properly, DDoS is just such an attack.
QUESTION 3:
What type of network requires availability to the Internet and public networks as a major
requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Answer: A

The networks of today are designed with availability to the Internet and public networks,
which is a major requirement. Most of today’s networks have serverla access points to
other network both public and private;therefore,securing these networks has become
fundamentally important.
Reference: CSI Student guide v2.0 p.2-4
QUESTION 4:
The security team at Chinatag Inc. is working on network security design.
What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Answer: C
Explanation:
One of the key factors to building a successful network security design is to identify and
enforce a proper trust model. The proper trust model defines who needs to talk to whom
and what kind of traffic needs to be exchanged; all traffic should be denied. one
the proper trust model has been identified, then the security designer should decide how
to enforce the model. As more critical resources are globally available and new forms of

Free PassGuide Practice Engine Demo Download Pass4sure offers free demos for each certification exam, including all IT vendors. You can check out the testing engine software, or pdf file question quality and usability of our practice exams before you decide to buy it. We are the only one site that offers demos for almost all IT certification exams.If you want to try p4s exam practice engine demo. http://demo.passguide.com/download

network attacks evolve, the network security infrastructure tends to become more
sophisticated, and more products are available. Firewalls, routers, LAN switches,
intrusion detection systems, AAA servers, and VPNs are some of the technologies and
products that can help enforce the model. Of course, each one of these products and
technologies plays a particular role within the overall security implementation, and it is
essential for the designer to understand how these elements can be deployed.
Network File Sharing seems to be the best answer out of all the answers listed.
Reference: Securing Networks with Private VLANs and VLAN Access Control Lists

QUESTION 5:
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Answer: C
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic
Reference: Safe white papers; page 26
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6:
The security team at Chinatag Inc. is working on understanding attacks that happen in the
network. What type of attack is characterized by exploitation of well-known weaknesses,
use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Answer: D
Explanation: The primary problem with application layer attacks is that they often
use ports that are allowed through a firewall.
Reference: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7:
You are the security administrator at Chinatag and you need to know the attacks types to
the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Answer: A C
Explanation:
IP Spoofing
An IP spoofing attack occurs when a hacker inside or outside a network impersonates the
conversations of a trusted computer. A hacker can do this in one of two ways. The hacker
uses either an IP address that is within the range of trusted IP addresses for a network or
an authorized external IP address that is trusted and to which access is provided to
specified resources on a network. IP spoofing attacks are often a launch point for other
attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed
source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited
to the injection of malicious data or commands into an existing stream of data that is
passed between a client and server application or a peer-to-peer network connection. To
enable bidirectional communication, the hacker must change all routing tables to point to
the spoofed IP address. Another approach hackers sometimes take is to simply not worry
about receiving any response from the applications. If a hacker tries to obtain a sensitive
file from a system, application responses are unimportant.
However, if a hacker manages to change the routing tables to point to the spoofed IP
address, the hacker can receive all the network packets that are addressed to the spoofed
address and reply just as any trusted user can.
Reference:
Safe white papers; page 65
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8:
John the security administrator at Chinatag Inc. is working on securing the network with
strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain
cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the
product being used.
D. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and special characters.
Answer: D

Explanation:
Passwords should be at least eight characters long and contain uppercase letters,
lowercase
letters, numbers, and special characters (#, %, $, and so forth).
Reference: Safe white papers; page 67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9:
The two Denial of Service attack methods are: (Choose two)
A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload
Answer: A, D
Explanation:
When involving specific network server applications; such as a web
server or an FTP server, these attacks can focus on acquiring and keeping open all

the available connections supported by that server, effectively locking out valid
users of the server or service. Some attacks compromise the performance of your
network by flooding the network with undesired-and often useless-network packets
and by providing false information about the status of network resources.
REF; Safe white papers; page 66&67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about
networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10:
This program does something undocumented which the programmer intended, but that
the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Answer: C
Explanation: A Trojan horse is different only in that the entire application was
written to look like something else, when in fact it is an attack tool. An example of a
Trojan horse is a software application that runs a simple game on the user’s
workstation. While the user is occupied with the game, the Trojan horse mails a
copy of itself to every user in the user’saddress book. Then other users get the game
and play it, thus spreading the Trojan horse.
Ref: Safe White papers; Page 70
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Questions and Answers : 224 Q&A
Updated: 2008-2-12
Market Price: $125.99
Member Price: $79.99

Free down:Pass4sure ccsp 642-542 v2.93
Free down:testking ccsp 642-542

password:www.ciscoexams.org

PassGuide provides high-quality test materials, for example, Cisco CCNA CCNP CCIE, Comptia A + NETWORK + Security +, Juniper jncia, jncis, Vmware VCP-410,certification practice exams and so on.We are committed to give full refund to candidates if they fail the exam with use of our products.And we are confident to make such a guarantee. Buy Best Practice Exam,high-quality ,100% Guarantee ,Pls contact me,Mail:Sales@passguide.com

P4S Free Downloads

Type	Exam Braindumps	New Questions & Answers	Latest Updated	Available link
	All Pass4sure's Exam Pack	858	1 days ago	Download Free Testing Engines

PassGuide Braindumps-Free Test king Help You Quick Pass Any it Certifications Exams

Click links: www.testking.la/braindumps/free/down/crack/all/testking