“Implementing Cisco Security Monitoring, Analysis and Response System”, also known as 642-545 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 54 Q&As to your 642-545 Exam preparation. In the 642-545 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

Free Demo DownloadPass4sure offers free demo for 642-545 exam (Implementing Cisco Security Monitoring, Analysis and Response System). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.

Pass4sure Engine FeaturesQuality and Value for the 642-545 ExamPass4sure Practice Exams for Cisco CCSP 642-545 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.
100% Guarantee to Pass Your 642-545 ExamIf you do not pass the CCSP 642-545 exam (Implementing Cisco Security Monitoring, Analysis and Response System) on your first attempt using our pass4sure testing engine, we will give you a FULL REFUND of your purchasing fee.
Downloadable, Interactive 642-545 Testing enginesOur Implementing Cisco Security Monitoring, Analysis and Response System Exam Preparation Material provides you everything you will need to take a CCSP certification examination. Details are researched and produced by Cisco Certification Experts who are constantly using industry experience to produce precise, and logical.

Comprehensive questions with high quality about 642-545 exam 642-545 exam questions accompanied by exhibits Verified Answers Researched by Industry Experts and almost 100% correct 642-545 exam questions updated on regular basis Same type as the certification exams, 642-545 exam preparation is in multiple-choice questions (MCQs). Tested by multiple times before publishing Try free 642-545 exam demo before you decide to buy it in Pass4sure.com
642-545 MARS
Implementing Cisco Security Monitoring, Analysis, and Response System Exam
Exam Number: 642-545
Associated Certifications: CCSP
Duration: 75 minutes (60 Questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Register for Course: MARS Courses and other offerings

Exam Description Exam Topics Recommended Training Additional Resources

Exam DescriptionThe Implementing Cisco Security Monitoring, Analysis and Response System exam is associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the Implementing Cisco Security Monitoring, Analysis and Response System course. This exam tests a candidate’s knowledge of the Cisco Security Monitoring, Analysis and Response System.

Exam TopicsThe following topics are general guidelines for the content likely to be included. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Install and configure the Cisco Security MARS product
Describe, configure and verify features and functions of the Cisco Security MARS appliance
Describe, configure and verify the installation of the Cisco Security MARS appliance
Add supported Cisco reporting devices to the Cisco Security MARS appliance and verify the operations
Add supported third-party reporting devices to the Cisco Security MARS appliance and verify the operations
Perform incident investigation and mitigation from the Cisco Security MARS appliance
Configure the Cisco Security MARS appliance to send alerts and notifications
Generate queries and reports on the Cisco Security MARS appliance
Describe, configure and verify rules to detect interesting patterns of network activity and other anomalous network behavior
Use the Management options in the Cisco Security MARS appliance user interface to configure and verify Event, IP, Service, and User information
Describe and perform Cisco Security MARS appliance maintenance activities
Describe Cisco Security MARS Global Controller functionalities

More info:pass4sure 642-545
More info:testking 642-545

Exam Description Exam Topics Recommended Training Additional Resources

Exam DescriptionThe Securing Networks with Cisco Routers and Switches exam (SNRS 642-504) is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

Exam TopicsThe following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Cisco Layer 2 security
Utilize Cisco IOS commands to mitigate Layer 2 attacks
Implement Cisco Identity-Based Networking Services on Cisco Catalyst Switches
Implement Identity Management using ACS as the Authentication Server

Configure Cisco IOS Firewalls to mitigate network threats
Identify and describe the advanced capabilities of the IOS firewall feature set
Configure Classic IOS Firewall (CBAC) and NAT to dynamically mitigate identified threats to the network
Verify Classic IOS Firewall (CBAC) configuration and operation
Configure IOS Zone-Based Firewalls including advanced application inspections and URL filtering
Verify Zone-Based Firewall operations

Configure Cisco IOS-IPS to identify and mitigate threats to network resources
Identify and describe the advanced capabilities of the Cisco IOS-IPS feature set including Signature Event Action Processing
Configure Cisco IOS-IPS features to identify threats and dynamically block them from entering the network
Verify Cisco IOS-IPS operations
Maintain, update and tune Cisco IOS-IPS signatures

Configure Cisco VPNs to provide secure connectivity for site-to-site and remote access communications
Describe IPsec features and functionality
Describe GRE/IPsec features and functionality
Configure secure connectivity for site-to-site VPN using certificate authorities
Describe DMVPN features and functionality
Configure secure connectivity for site-to-site VPN using DMVPN
Verify secure site-to-site VPN operations
Implement IOS SSL VPN
Configure Cisco IOS Easy VPN Server with Dynamic Virtual Tunnel Interface (DVTI)
Configure Cisco IOS Easy VPN remote using both router and VPN software clients
Verify Cisco IOS Easy VPN implementations
Implement IOS GET VPN operations
Describe High Availability IPsec VPNs

Implement Network Foundation Protection using the CLI
Describe NFP features and functionality
Secure the management plane using Cisco IOS security features
Secure the data plane using Cisco IOS security features
Secure the control plane using Cisco IOS security features

Product DescriptionExam Number/Code: 642-504
Exam Name: Securing Networks with Cisco Routers and Switches

“Securing Networks with Cisco Routers and Switches”, also known as 642-504 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 150 Q&As to your 642-504 Exam preparation. In the 642-504 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

Free Demo DownloadPass4sure offers free demo for 642-504 exam (Securing Networks with Cisco Routers and Switches). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Hi friends

I passed the exam of 642-504 yesterday, my score is 966/1000.

The subjects of the exam are not as difficult as I expected, only some of which are complex.

I spent about five weeks on preparations for the exam.

I think the emphasis and the importance are this part: Configure Cisco VPNs to provide secure connectivity for site-to-site and remote access communications. I guess I lose points on this part.

Good luck!

George
” — George (Nov, 17 2008) “Hi all

I passed the SNRS exam last week, my score is 988/1000 which makes me very happy.

Of course, the most important thing is that I passing the exam. This is the result of my hard work and it confirms my effort.

The study materials I used are Study Guide and the P4S tests which are very helpful for understanding the knowledge points.

I hope the information I give can help you!

Herbert
” — Herbert (Nov, 15 2008) “Hi guys

I took the exam of 642-504 several days before. Nearly a month of preparations is end. My score is 942/1000 which is not predominant. This has relationship with my answering too fast. So I suggest that you are not anxious to answer. If you prepare completely, the time is very enough.

At last, I will tell you that doing tests is a very effective way to consolidate the knowledge points and know of the exam.

That’s all.

Good luck!

Downloadable, Interactive 642-504 Testing enginesOur Securing Networks with Cisco Routers and Switches Exam Preparation Material provides you everything you will need to take a CCSP certification examination. Details are researched and produced by Cisco Certification Experts who are constantly using industry experience to produce precise, and logical.

Comprehensive questions with high quality about 642-504 exam 642-504 exam questions accompanied by exhibits Verified Answers Researched by Industry Experts and almost 100% correct 642-504 exam questions updated on regular basis Same type as the certification exams, 642-504 exam preparation is in multiple-choice questions (MCQs). Tested by multiple times before publishing Try free 642-504 exam demo before you decide to buy it in Pass4sure

P4S 642-504
Questions and Answers : 150 Q&As Updated: November 14th , 2008 Price: $129.99 $99.99

Free down:pass4sure 642-504
Free down:Testking 642-504

Exam Description
The Securing Networks with ASA Foundation exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the SNAF course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco ASA Security Appliance product.

Exam Topics
The following topics are general guidelines for the content likely to be included. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Configure Security Appliances for secured network connectivity

* Configure and verify network and interface settings using ASDM and CLI
* Configure and verify NAT globals, statics, NAT exemption, and Identity NAT using ASDM
* Configure and verify access-lists with or without object groups using ASDM

Configure and verify routing and switching on Security Appliances

* Describe the routing capabilities of the Security Appliance
* Use ASDM to configure VLANs on a Security Appliance interface
* Use ASDM to configure the passive RIP routing functionality of the Security Appliance

Configure and verify Authentication, Authorization, & Accounting services for Security Appliances

* Configure ACS for Security Appliance support
* Use ASDM to configure the Security Appliance AAA features
* Configure and verify Auth-Proxy (cut-through proxy) using ASDM

Configure and verify Layer 3 & 4 protocol inspection, Modular Policy Framework, and threat detection for Security Appliances

* Configure and verify Layer 3 and Layer 4 protocol inspection using ASDM
* Configure and verify Modular Policy Framework using ASDM
* Use ASDM to configure and verify threat detection

Configure and verify secure connectivity using VPNs

* Configure and verify remote access VPNs using ASDM
* Configure and verify IPsec VPN clients with preshared keys using ASDM
* Configure and verify site-to-site VPNs with preshared keys using ASDM
* Verify IKE and IPsec using ASDM and CLI
* Configure and verify clientless SSL VPN using ASDM

Configure and verify active/standby and active/active failover features on Security Appliances

* Configure and verify active/standby failover using ASDM
* Configure and verify active/active failover using ASDM
* Configure and verify redundant Interface using ASDM

Configure transparent firewall and virtual firewall features on a Security Appliance

* Explain the purpose of virtual & transparent firewalls
* Configure and verify the transparent firewall feature of the Security Appliance using CLI
* Configure and verify the virtual firewall feature of the Security Appliance using ASDM

Monitor and manage installed Security Appliances

* Update, backup, and restore configurations and software images using ASDM and CLI
* Install and verify Licensing using ASDM
* Configure and verify Console and SSH/Telnet access
* Configure and utilize Logging using ASDM

Exam Number/Code: 642-524
Exam Name: Cisco Securing Networks with ASA Foundationn

“Cisco Data Center Application Services Implementation”, also known as 642-524 exam, is a Cisco certification.
Preparing for the 642-524 exam? Searching 642-524 Test Questions, 642-524 Practice Exam, 642-524 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 165 Q&As to your 642-524 Exam preparation. In the 642-524 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

QUESTION 24:
What does the csd enable command enable on the Cisco ASA?
A. It enables the Cisco Secure Desktop for IPSec VPN Clients when they connect to the
Cisco ASA
B. It enables the Cisco Secure Desktop on the host connecting to the Cisco ASDM
C. It enables the Cisco Secure Desktop on SSL VPN clients without a host-based firewall
D. It enables the Cisco Secure Desktop for SSL VPN clients when they connect
Answer: D
QUESTION 25:
Which of these commands will configure the adaptive security appliance to use an ACS
server fro console access authentication?
A. aaa authentication serial console SRVGRP1 LOCAL
B. aaa authentication serial console LOCAL
C. aaa authentication console SRVGRP1
D. aaa authentication console LOCAL
Answer: A
QUESTION 26:
Which command will set the default route for an adaptive security appliance to the IP
Address 10.10.10.1?
A. route outside 0 0 10.10.10.1.1
B. route add default 0 10.10.10.1
C. route management 10.10.10.0 0.0.0.255 10.10.10.1.1
D. route 0 0 10.10.10.1.1
Answer: A

Questions and Answers : 165 Q&As
Updated: 2008-07-14
Market Price: $125.99
Member Price: $99.99

Free download:pass4sure CCSP 642-524
Free download:testking CCSP 642-524
more info:www.ciscoexams.org

Exam Topics
The following topics are general guidelines for the content likely to be included. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Configure and verify NAT, dynamic routing, and switching on Security Appliances

* Configure and verify VLANS using ASDM
* Configure and verify dynamic routing protocols and route redistribution using ASDM
* Configure and verify policy NAT using ASDM

Configure and verify application layer protocol inspection and Modular Policy Framework for Security Appliances

* Describe the Layer 7 advanced protocol handling capabilities of the Security Appliance
* Configure and verify Layer 7 application layer protocol inspection using ASDM
* Configure and verify Modular Policy Framework using ASDM

Configure and verify secure connectivity using IPsec VPNs

* Describe the features and capabilities of digital certificates
* Describe how to use digital certificate enrollment with the Security Appliance and Cisco VPN client
* Configure and verify remote access VPNs with digital certificates using ASDM
* Configure and verify IPsec VPN clients with digital certificates using ASDM
* Configure and verify site-to-site VPNs with digital certificates using ASDM
* Configure and verify advanced remote access features using ASDM
* Configure and verify the ASA 5505 as a remote access client using ASDM
* Configure and verify QoS for tunnel traffic using ASDM

Configure and verify secure connectivity using SSL VPNs

* Describe the features and capabilities of SSL VPNs
* Configure and verify the local certificate authority using ASDM
* Configure and verify clientless access including smart tunnels, plug-ins and bookmarks using ASDM
* Configure and verify port forwarding using ASDM
* Configure the Security Appliance for SSL VPN client access using ASDM
* Configure and verify the AnyConnect VPN client
* Configure and verify CSD using ASDM
* Configure and verify DAP using ASDM

Configure and verify AIP-SSM and CSC-SSM modules

* Explain the function that AIP-SSM and CSC-SSM perform within a network
* Configure and verify AIP-SSM
* Configure and verify CSC-SSM

Exam Number/Code: 642-515
Exam Name: Cisco Data Center Application Services Implementation

“Cisco Data Center Application Services Implementation”, also known as 642-515 exam, is a Cisco certification.
Preparing for the 642-515 exam? Searching 642-515 Test Questions, 642-515 Practice Exam, 642-515 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 165 Q&As to your 642-515 Exam preparation. In the 642-515 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

QUESTION 24:
The Certkiller security administrator is cloning configurations in the CSA MC.
When a rule is cloned, which part of the rule is not cloned?
A. Sets
B. Rule modules
C. Hosts
D. Variables
E. None of the above
Answer: D
Explanation:
In the CSA MC, Use the Clone button in conjunction with the checkboxes beside each
list view item. To clone a particular configuration, select its checkbox and click the Clone
button. You can clone one item at a time. New links to the cloned configurations appear
in the list view.
Note:
When you clone an item that contains variable items like file sets or network services, the
cloned rule uses the same variables used in the original rule. The variables themselves are
not cloned.
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_configuration_guide_chapter09186a00805

a
QUESTION 25:
A new CSA is being installed on the Certkiller network. Which Agent kit should be
installed on the Certkiller CSA MC?
A. The default Windows Agent kit
B. The default UNIX Agent kit
C. The default CSA Agent kit
D. The Agent kit that is automatically installed
E. None of the above
Answer: D
Explanation:
The Management Center for Cisco Security Agents ships with preconfigured agent kits
you can use to download and install agents if they meet your initial needs (accessible
from System>Agent kits in the menu bar). There are prebuilt kits for desktops, servers,
CiscoWorks VMS Systems, and others. These kits place hosts in the corresponding
groups and enforce the associated policies of each group. (If you use a preconfigured
agent kit, you do not have to build your own kit
When an agent is installed on a host, the agent automatically and transparently registers
itself with CSA MC. It now appears in the CSA MC database as part of the groups
designated in the kit, and will enforce policies that are applied to those groups.
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_installation_guide_chapter09186a00805ae

b
QUESTION 26:
Groups have been configured in the Certkiller CSA MC. Which of these is a reason
for using groups to administer Agents?
A. To link similar devices together
B. To complete configuration changes on groups instead of hosts
C. To complete the same configuration on like items
D. To apply the same policy to hosts with similar security requirements
E. None of the above
Answer: D

Questions and Answers : 165 Q&As
Updated: 2008-07-14
Market Price: $125.99
Member Price: $99.99

Free download:pass4sure ccsp 642-515
Free download:testking ccsp 642-515
more info:www.ciscoexams.org

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The 642-591 CANAC Implementing Cisco NAC Appliance exam is associated with both the Cisco Certified Security Professional and the Cisco Network Admission Control Specialist certifications. Candidates can prepare for this exam by taking the Implementing Cisco NAC Appliance course. This exam tests a candidate’s knowledge of the Cisco NAC Appliance solution.
Exam Topics

The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Implement Cisco NAC Appliance

* Identify the components and features used for Cisco NAC Appliance
* Configure and verify NAM and NAS to support the Cisco NAC Appliance In-Band server solutions
* Configure and verify NAM and NAS to support the Cisco NAC appliance Out-of-Band server solutions
* Configure Single Sign on
* Configure and verify Cisco Switches as network access devices
* Configure and verify user roles
* Implement and verify rule based policies
* Configure Cisco NAC Appliance network scanning
* Configure NAM to implement NAA on user devices
* Implement and verify an HA solution
* Administer and monitor a Cisco NAC Appliance solutionExam Number/Code: 642-591
Exam Name: Implementing Cisco NAC Appliance

“Implementing Cisco NAC Appliance”, also known as 642-591 exam, is a Cisco certification.
Preparing for the 642-591 exam? Searching 642-591 Test Questions, 642-591 Practice Exam, 642-591 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&As to your 642-591 Exam preparation. In the 642-591 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

QUESTION 1
The NAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30,
beginning at address 192.166.10.0. Which IP address is leased to the end-user host on the
second subnet?
A. 192.166.10.4
B. 192.166.10.5
C. 192.166.10.6
D. 192.166.10.7
Answer: C
QUESTION 2
Which derault administrator group has delete permissions?
A. admin
B. help-desk
C. add-edit
D. full-control
Answer: D
QUESTION 3
What is the result when the condition statement in a Cisco NAA check for required software
evaluates to false on a client machine?
A. The required software is automatically downloaded to the user device.
B. The required software is made available after the user is quarantined.
C. The user is put in the unauthenticated role and the software is considered missing.
D. The user is placed in the temporary role and the software is made available.
Answer: B
QUESTION 4
Which three components comprise a Cisco NAC Appliance solution? (Choose three.)
A. a NAC-enabled Cisco router
B. a Linux server for in-band or out-of-band network admission control
C. a Linux server for centralized management of network admission servers
D. a Cisco router to provide VPN services
E. a read-only client operating on an endpoint device
F. a NAC-enabled Cisco switch
Answer: B, C, E
When configuring the Cisco NAM to implement Cisco NAA requirement checking on client

machines, what is the next step after configuring checks and rules?
A. retrieve updates
B. require the use of the Cisco NAA
C. configure session timeout and traffic policies
D. map rules to requirement
E. configure requirements
Answer: E
What are the two types of traffic policies that apply to user roles? (Choose two.)
A. IP-based
B. peer-based
C. host-based
D. manager-based
E. server-based
F. VLAN-based
Answer: A, C
QUESTION 10

Questions and Answers : 60 Q&As
Updated: March 17th , 2008
Market Price: $159.99

Free down:pass4sure ccsp 642-591 v2.93
Free down:testking 642-591
more info : www.ciscoexams.org

  Questions and Answers : 63 Q&As
Updated: May 15th , 2008
Market Price: $125.99
Member Price: $99.99

  Exam Number:     642-533
Associated Certifications: CCSP
Duration: 90 minutes (55 – 65 Questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description    Exam Topics    Recommended Training    Additional Resources
Exam Description
The 642-533 IPS Implementing Cisco Intrusion Prevention Systems exam is associated with the Cisco Certified Security Professional certification. This exam tests a candidate’s knowledge of implementing the Cisco IPS product. Candidates can prepare for this exam by taking the IPS Implementing Cisco Intrusion Prevention Systems v6.0 course.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Describe how Cisco IPS sensors are used to mitigate network security threats
List sensor requirements for inline operations
Explain the difference between inline and promiscuous mode sensor operations
Explain how Cisco IPS protects network devices from attacks (Describe signatures, alerts, and actions)
Explain the evasive techniques used by hackers and how Cisco IPS defeats those techniques
Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
Explain the Cisco IPS signature features
Install Cisco IPS sensors/modules and configure essential system parameters
Explain AIP-SSM functionalities
Use the CLI to initialize the sensor
Configure user accounts and explain the different user roles
Configure management access to the sensor appliance
Explain how allowed hosts are used and how they are configured
Describe sensor interfaces, interface pairs, VLAN-pairs, and VLAN-groups
Use the Cisco IDM to configure sensor interfaces (enable, create pairs, assign to virtual sensors)
Describe and configure software bypass
Describe sensor communications with external management and monitoring systems
Launch, navigate, and use the Cisco IDM to manage and monitor the sensor
Describe the various CLI configuration modes and sub modes and navigate between them
List the tasks for installing and configuring the IDSM-2 and AIP-SSM
Describe Cisco IPS sensor advanced system parameters
Plan the mitigation of specific network vulnerabilities and exploits
Describe sensor tuning
Explain IP fragment and TCP stream reassembly options
Explain how IP logging should be used and how it is configured
Explain the use of Event Variables
Describe signature engines and their functionality
Determine which response actions need to be configured for a given scenario
Describe the purpose of the Meta Event Generator
Explain Target Value Ratings and how they are used
Determine the need for Event Action Rules in a given scenario
Explain event Risk Ratings and how they are used
Tune Cisco IPS sensor advanced system parameters to optimize attack mitigation performance
Use the IDM to tune the sensor to work optimally in the network
Use the IDM to tune signatures to provide maximum protection for a network
Given a scenario, use the IDM to create custom signature to meet the requirements
Configure response actions for a signature
Configure the sensor to take response actions based on a risk rating
Use the Cisco IDM to create a Meta signature and disable alert production for the component signatures
Configure Event Action Filters
Configure Target Value Ratings
Configure general settings for Event Action Rules
Configure Event Variables
Use the sensor application policy enforcement feature
Configure passive OS fingerprinting (POSFP)
Explain the External Product Interface, its benefits, and specifications
Configure a virtual sensor
Configure anomaly detection
Use IDM/CLI to monitor advanced features such as POSFP and AD
Analyze Cisco IPS sensor events to determine the appropriate response to network attacks
Use the CLI and the Cisco IDM and IEV to monitor events
Upgrade and maintain Cisco IPS sensors
Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
Apply the appropriate system image to the sensor
Perform sensor password recovery
Explain sensor licensing and how to install a license
Describe service pack and signature update file names and how to install them
 
QUESTION 24
Which of the following statements best describes how IP logging should be used?
A. Be used to automatically correlate events with Cisco Security MARS for incident
investigations
B. Only be used when you are also using inline IPS mode
C. Be used sparingly because there is a 4-GB limit on the amount of data that can be
logged
D. Always be enabled since it uses a FIFO buffer on the Cisco IPS Sensor flash memory
E. Only be used temporarily for such purposes as attack confirmation, damange
assessment or the collection of forensic evidence because of its impact on performance
Answer: E
QUESTION 25
Which two of the following parameters affect the risk rating of an event? (Choose two.)
A. Engine type
B. Scanner threshold
C. Signature fidelity rating
D. Global summary threshold
E. Alert severity
F. Event count key
Answer: C,E
QUESTION 26
What is the best way to mitigate the risk that executable-code exploits will perform
malicious acts such as erasing your hard drive?
A. Assign the TCP reset action to signatures that are controlled by the Normalizer engine
B. Enable blocking
C. Assign blocking actions to signatures that are controlled by the state engine
D. Enable application policy enforcement
E. Assign deny actions to signatures that are controlled by the Trojan engines
Answer: E
 
Free down:Pass4sure ccsp 642-533 v2.93

Free down:testking  ccsp 642-533 exam

more info:www.ciscoexams.org

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Cisco Secure Virtual Private Networks exam (CSVPN 642-511) is one of the exams associated with the Cisco Certified Security Professional and the Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the CSVPN v4.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify, and manage the Cisco VPN 3000 Concentrator, Cisco VPN Software Client, and Cisco VPN 3002 Hardware Client feature set. CCNA or CCDA recertification candidates who pass the 642-511 CSVPN exam will be considered recertified at the CCNA or CCDA level.
Exam Topics

The following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Overview of Virtual Private Networks and IPSec Technologies

* Cisco products enable a secure VPN
* IPSec overview
* IPSec protocol framework
* How IPSec works

Cisco Virtual Private Network 3000 Concentrator Series Hardware

* Overview of the Cisco VPN 3000 Concentrator Series
* Cisco VPN 3000 Concentrator
* Cisco VPN 3000 Concentrator Series Client support

Configuring the Cisco VPN 3000 Series Concentrator for Remote Access Using Pre-shared Keys

* Overview of remote access using pre-shared keys
* Initial configuration of the Cisco VPN 3000 Concentrator Series for remote access
* Browser configuration of the Cisco VPN 3000 Series Concentrator
* Configure users and groups
* More in-depth configuration information
* Configure the Cisco Windows VPN Software Client

Configure Cisco Virtual Private Network 3000 Series Concentrator for Remote Access Using Digital Certificates

* CA support overview
* Certificate generation
* Validating certificates
* Configuring the Cisco VPN 3000 Concentrator Series for CA support

Configure the Cisco Virtual Private Network Firewall Feature for IPSec Software Client

* Overview of software client’s firewall feature
* Software Client’s Are You There feature
* Software Client’s Central Policy Protection feature
* Software Client’s firewall statistics
* Customizing firewall policy

Configure the Cisco Virtual Private Network Client Auto-Initiation Feature

* Overview of the Cisco VPN Software Client auto-initiation
* Configure the Cisco VPN Software Client auto-initiation

Monitor and Administer Cisco VPN 3000 Remote Access Networks

* Monitoring
* Administration
* Bandwidth Management

Configure the Cisco VPN 3002 Hardware Client for Remote Access

* Cisco VPN 3002 Hardware client remote access with pre-shared keys

Configure the Cisco Virtual Private Network 3002 Hardware Client

* Overview of the Hardware Client interactive unit and user authentication features
* Configuring the Hardware Client interactive unit authentication feature
* Configuring the Hardware Client user authentication feature
* Monitoring the Hardware Client user statistics

Configure the Cisco Virtual Private Network Client Backup Server and Load Balancing

* Configuring the Cisco VPN Client backup server feature
* Configuring the Cisco VPN Client load balancing feature
* Overview of the Cisco VPN Client Reverse Route Injection feature

Configure the Virtual Private Network 3002 Hardware Client for Software Auto-Update

* Overview and configuration of the VPN 3002 Hardware Client software auto-update feature
* Monitoring the Cisco VPN 3002 Hardware Client software auto-update feature

Configure the Cisco Virtual Private Network 3000 Series Concentrator for the IPSec Over UDP and IPSec Over TCP

* Overview of Port Address Translation
* Configuring IPSec over UDP
* Configuring NAT-Transversal
* Configuring IPSec over TCP

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with Pre-Shared Keys

* Cisco VPN 3000 Series Concentrator IPSec LAN-to-LAN
* LAN-to-LAN configuration

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN with NAT

* LAN-to-LAN overview
* Configuring the Concentrator LAN-LAN NAT feature

Cisco Virtual Private Network 3000 Series Concentrator LAN-to-LAN using Digital Certificates

* Root certificate installation
* Identify certificate installation

Exam Number/Code: 642-511
Exam Name: VPN and Security Cisco Secure Virtual Private Networks (CSVPN)
VUE Code: 642-511
Questions Type: Single choice, Multiple choice, Simulate,
Real Exam Question Numbers: 55-65 questions
Exam Language(s): English

“VPN and Security Cisco Secure Virtual Private Networks (CSVPN)”, also known as 642-511 exam, is a Cisco certification.
Preparing for the 642-511 exam? Searching 642-511 Test Questions, 642-511 Practice Exam, 642-511 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 174 questions to your 642-511 Exam preparation. In the 642-511 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

QUESTION 24:
What is the UDP port used for ISAKMP?
A. 50
B. 51
C. 500
D. 510
Answer: C
Explanation:
ISAKMP uses UDP port 500.
QUESTION 25:
James the security administrator for Certkiller Inc. is working on VPNs. IF the VPN is
owned and managed by the Certkiller Inc. corporate security, which product would he
choose?
A. 2900
B. 3030
C. 3660
D. PIX Firewall 500
E. PIX Firewall 515
Answer: E
Explanation:
A is clearly incorrect because the 2900 is a Catalyst Switch (Layer 2) and cannot offer
any VPN functionality. B and E are the only options available, and D just refers to the
500 PIX, when there are different flavors of the 500, like the retired 520, 501, 506E,
515E, 525 and 535.
QUESTION 26:
James the security administrator for Certkiller Inc. is working on the Cisco VPN 3005.
His job is to know the hardware and which feature is supported on the Cisco VPN 3005.
A. Cisco VPN 3005 supports up to 3 network ports.
B. Cisco VPN 3005 hardware is upgradeable.
C. Cisco VPN 3005 supports up to 100 sessions.
D. Cisco VPN 3005 64 MB of memory is standard.
Answer: C

Questions and Answers : 174 questions
Updated: 2008-2-8
Market Price: $69.99
Member Price: $59.99

Free download:pass4sure CCSP 642-511
Free download:testking CCSP 642-511
more info:www.ciscoexams.org

Exam Number/Code: 642-532
Exam Name: Securing Networks Using Intrusion Prevention Systems Exam (IPS)
VUE Code: 642-532
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

“Securing Networks Using Intrusion Prevention Systems Exam (IPS)”, also known as 642-532 exam, is a Cisco certification.
Preparing for the 642-532 exam? Searching 642-532 Test Questions, 642-532 Practice Exam, 642-532 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 63 questions to your 642-532 Exam preparation. In the 642-532 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
642-532 IPS
Securing Networks Using Intrusion Prevention Systems Exam
Retired January 16, 2008
Exam Number: 642-532
Associated Certifications: CCSP, Cisco IPS Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Securing Networks Using Intrusion Prevention Systems exam is one of the exams associated with the Cisco Certified Security Professional and the Cisco IPS Specialist certifications. Candidates can prepare for this exam by taking the IPS v5.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, verify and manage the Cisco IPS appliance products.
Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe how Cisco IDS/IPS sensors are used to mitigate network security threats

* Select the best sensor platform to protect a given network
* Describe the features of the IDSM-2
* Describe the features of the NM-CIDS
* List sensor requirements for inline operations
* List platforms on which the 50 image will run
* Explain the difference between inline and promiscuous mode sensor operations
* Select the most effective location for the sensor and other defense-in-depth components
* Explain how Cisco IDS/IPS protects network devices from attacks (Describe signatures, alerts, and actions)
* Explain the similarities and differences among the various intrusion detection technologies
* Explain the evasive techniques used by hackers and how Cisco IDS defeats those techniques
* Explain the differences between HIPS and Network IPS
* Describe the network sensors that are currently available and their features
* Describe the considerations necessary for selection, placement, and deployment of a network intrusion prevention system
* Explain the features, benefits, and system requirements of the IDM
* Describe traffic that is not inspected by the NM-CIDS
* Define intrusion detection
* Define intrusion prevention
* Explain the Cisco IDS/IPS signature features

Install Cisco IDS/IPS sensors and configure essential system parameters

* Install a sensor appliance in the network
* Use the IDM to configure SSH and TLS communications
* Use the CLI to install the sensor’s software image
* Select the appropriate image file for a sensor
* Select a router to host the NM-CIDS
* Configure communications between the router and the NM-CIDS
* Describe the functions of the various IDSM-2 ports
* Describe the tasks for configuring the NM-CIDS
* Describe the interfaces and components of the NM-CIDS
* Explain how the NM-CIDS works
* Explain how the IDSM-2 obtains access to network traffic
* Explain the importance of accurate time on the NM-CIDS and how the NM-CIDS should obtain the accurate time
* Explain the importance of accurate time on the IDSM-2 and how the IDSM-2 should obtain the accurate time
* Install the IDSM-2 in a switch
* Install the NM-CIDS in a router
* Select a switch to host the IDSM-2
* Use the CLI to initialize the sensor
* Describe user accounts and how they provide sensor security
* Use the IDM to configure and manage user accounts
* Use the IDM to verify secure management access to the sensor
* Obtain management access to the sensor appliance
* Obtain management access to the NM-CIDS
* Obtain management access to the IDSM-2
* Describe allowed hosts
* Use the IDM to configure allowed hosts
* Describe sensor interfaces and interface pairs
* Use the IDM to configure the sensor’s interfaces (enable, create pairs, assign to virtual sensor)
* Describe software bypass mode
* Use the IDM to configure software bypass mode
* Use the IDM to configure the sensor’s network settings (IP address, netmask, default gateway, etc)
* Describe sensor communications with external management and monitoring systems
* Launch, navigate, and use the IDM to manage and monitor the sensor
* Use the IDM to set the sensor’s time
* Define traffic flow notification
* Use the IDM to configure traffic flow notification
* Describe the various CLI modes
* Navigate the sensor CLI
* List the tasks for installing and configuring the IDSM-2

Describe Cisco IDS/IPS sensor advanced system parameters

* Plan the mitigation of specific network vulnerabilities and exploits
* Describe sensor tuning
* Describe sensor tuning methods
* Explain IP fragment and TCP stream reassembly options
* Describe the IP logging capabilities of the sensor
* Explain how IP logging should be used
* Explain the use of Event Variables
* Determine the need for a custom signature
* Describe the signature engines and their functionality
* Describe the types of signatures supported by each engine
* Describe common engine parameters and their effects on signatures
* Describe engine-specific parameters and their effects on signatures
* Describe the device management capability of the sensor and how it is used to perform blocking with a Cisco device
* Determine which response actions need to be configured for a given scenario
* Determine the need for Event Action Filters in a given scenario
* Describe the purpose of the Meta Event Generator
* Explain Target Value Ratings and how they are used
* Determine the need for Event Action Rules in a given scenario
* Explain event Risk Ratings and how they are used
* Explain the sensor’s SNMP support
* Determine if the sensor’s application policy enforcement feature is needed in a given scenario

Tune Cisco IDS/IPS sensor advanced system parameters to optimize attack mitigation performance

* Use the IDM to tune the sensor to work optimally in the network
* Use the IDM to tune signatures to provide maximum protection for a network
* Use the IDM to create custom signatures as needed
* Configure response actions for a signature
* Configure the sensor to take response actions based on a risk rating
* Configure the sensor to minimize false alerts
* Use the IDM to create a Meta signature and disable alert production for the component signatures
* Use the IDM to configure the sensor to support SNMP
* Configure Event Action Filters
* Configure Event Action Overrides
* Configure Target Value Ratings
* Configure general settings for Event Action Rules
* Use the IDM to configure IP logging
* Configure Event Variables
* Use the IDM to configure blocking for a given scenario
* Use the IDM to configure the sensor to use a Master Blocking Sensor
* Use the IDM to configure IP fragment and TCP stream reassembly options
* Use the sensor’s application policy enforcement feature

Analyze Cisco IDS/IPS sensor events to determine the appropriate response to network attacks

* Configure the IDM events display
* Analyze alerts and make configuration changes to respond to attacks
* Use the CLI and the IDM to monitor events
* Classify an alarm as true, false, positive or negative
* Explain the fields in a Cisco IDS/IPS alert
* Describe the various types of events generated by the sensor
* Explain the difference between true and false and positive and negative alarms

Upgrade and maintain Cisco IDS/IPS sensors

* Configure the sensor to allow an SNMP NMS to obtain its health and welfare information
* Use the CLI to recover the sensor’s software image
* Use the IDM to install signature updates and service packs
* Use the IDM to configure automatic signature and service pack updates
* Move software images/upgrades and configuration files via HTTP, HTTPS, SCP, and FTP
* Use the IDM to restore the default configuration to the sensor
* Select the correct software update file for a sensor
* Use the CLI to upgrade the software image
* Describe the various types of image files
* Apply the appropriate system image to the sensor
* Describe maintenance tasks specific to the NM-CIDS
* Use the CLI to obtain PEP information from the sensor
* Use the IDM to install a sensor license
* Describe PEP information and its purpose
* Explain the purpose of service packs and signature updates
* Describe service pack and signature update file names
* Explain why a sensor license is needed
* Obtain a license key

Troubleshoot Cisco IDS/IPS sensor operation and configuration errors

* Use the packet command to display and capture packets from the data interfaces
* Copy (to a location off the sensor) packets that have been captured from the data interfaces
* Use the IDM to verify the sensor’s configuration
* Use the CLI to back up the sensor configuration
* View IP logs for troubleshooting purposes
* Troubleshoot communications between the NM-CIDS and its host router
* Reset and power down the sensor
* Determine when resetting or powering down the sensor is necessary
* Describe the main components of the IPS 50 software architecture
* Verify functionality of the NM-CIDS
* Verify the Catalyst 6500 switch and Catalyst IDSM-2 functionality
* Use the IDM and the CLI to obtain sensor statistics
* Use the IDM to obtain a sensor diagnostic report
* Use the IDM to obtain sensor system information
* Use general troubleshooting commands
* Use the IDM to shut down and reboot the sensor
* Describe Cisco IDS/IPS configuration file format

QUESTION 24:
The Certkiller security policy states that network devices must be managed using
secure communication methods. Which Cisco IDS Sensor services must be disabled
to meet this requirement? (Choose two)
A. SSH
B. Telnet
C. TFTP
D. SNMP
E. FTP
F. RSH
Answer: B, E
Explanation:
The Sensor always provides secure shell services (including scp). Increase the security of
the Sensor by disabling two services that allow clear text password authentication: Telnet
and FTP. For maximum security disable both.
QUESTION 25:
The service pack file IDSk9-sp-3.1-2-S23.bin exists on the Certkiller Sensor.
Which command installs the service pack on the Sensor?
A. IDSk9-sp-3.1-2-S23 -install
B. IDSk9-sp-3.1-2-S23.bin -install
C. IDSk9-sp-3.1-2-S23.bin -i
D. IDSk9-sp-3.1-2-S23.bin -l
E. IDSk9-sp-3.1-2-S23-bin -apply
F. IDSk9-sp-3.1-2-S23 -apply
Answer: C
Explanation:
To install the version 3.1(5)S58 service pack, follow these steps:
1. Download the self-extracting binary file IDSk9-sp-3.1-5-S58.bin
to a directory on the target Sensor from the following website:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids3-app

CAUTION: You must preserve the original file name.
2. Log in as root on the Sensor.
3. Change directories to the location of the downloaded binary.
4. Change the binary file’s attributes to an executable by typing the
following:
chmod +x IDSk9-sp-3.1-5-S58.bin
5. Execute the binary file with the -l option by typing the following:
./IDSk9-sp-3.1-5-S58.bin -l
6. Review the file output.log in /usr/nr/sp-update for any error
messages.
7. Do not remove the /usr/nr/sp-update directory. This directory is
required for uninstallation and contains backups of files replaced by
the update.
QUESTION 26:
A Certkiller router is hosting an NM-CIDS. The router’s configuration contains an
output ACL. Which of the following best describes the action the router takes when
it receives a packet that should be dripped according to the output ACL?
A. The router drops the packet and does not forward it to the NM-CIDS.
B. The router sends the packet to the NM-CIDS for inspection, then performs
output-ACL check and drops the packet.
C. If the packet is an ICMP packet, the router sends it to the NM-CIDS for inspection,
then performs output ACL check and drops the packet. If the packet is not an ICMP
packet, the router performs output ACL check and drops the packet.
D. The router sends the packet to the NM-CIDS check and drops the packet.
Answer: B

Questions and Answers : 63 questions
Updated: 2008-2-22
Market Price: $129.99
Member Price: $79.99

Free download:pass4sure CCSP 642-532
Free download:testking CCSP 642-532
more info:www.ciscoexams.org

The Cisco SAFE Implementation exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the students to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.

The SAFE White Papers can be downloaded for free.

Exam Number/Code: 642-541
Exam Name: VPN and Security Cisco SAFE Implementation Exam (CSI)
VUE Code: 642-541
Questions Type: Single choice,
Real Exam Question Numbers: 60-70 questions
Exam Language(s): English

642-541 CSI
Cisco SAFE Implementation Exam
Retired
Exam Number: 642-541
Associated Certifications: CCSP
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Cisco SAFE Implementation exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the students to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.

The SAFE White Papers can be downloaded for free.
Exam Topics

The following information provides general guidelines for the content likely to be included on this exam. However, other related topics may also appear on any specific delivery of the exam.
Security Fundamentals

* Need for network security
* Components of a complete security policy
* Primary network threats and attacks
* Common attacks and recommended mitigation techniques
* Security issues implicit in common management protocols

SAFE Blueprint Overview

* SAFE Blueprint Overview
* Design Fundamentals
* SAFE Axioms

The Cisco Security Portfolio

* Cisco Security Portfolio Overview
* Secure Connectivity-Cisco VPN 3000 Concentrator and Cisco VPN Optimized IOS
* Perimeter Security Firewalls-Cisco PIX Firewall and Cisco IOS Firewall
* Intrusion Protection-IDS
* Identity-CSACS
* Security Management-VMS
* Cisco AVVID

SAFE Small Network Design

* Small Network Design Overview
* Small Network Corporate Internet Module
* Small Network Campus Module
* Implementation-ISP Router
* Implementation-Cisco IOS Firewall
* Implementation-PIX Firewall
* Implementation-CSA

SAFE Midsize Network Design

* Midsize Network Design
* Midsize Network Corporate Internet Module Design Guidelines
* Midsize Network Campus Module
* Midsize Network Campus Module Design Guidelines
* Midsize Network WAN Module
* Implementation-ISP Router and Edge Router
* Implementation-Network IPS
* Implementation-VPN 3000 Concentrator
* Implementation-Layer 3 Switch

SAFE Remote Network Design

* Remote-User Network Overview
* Key Devices and Threat Mitigation
* Software Client Option
* Remote Site Firewall Option
* VPN 3002 Hardware Client Option
* Remote Site Router Option

SAFE Enterprise Network Design

* Enterprise Network Design Overview
* Enterprise Campus
* Enterprise Network Edge

SAFE IP Telephony Design

* IP Telephony Concepts, Caveats and Axioms
* IP Telephony Product Portfolio
* IP Telephony Design Considerations
* IP Telephony Design for Small, Medium and Large Network

SAFE Wireless LAN Design

* Wireless LAN Security Concepts, Caveats and Axioms
* WLAN Security Extensions
* Cisco WLAN Product Portfolio
* WLAN Design Approach
* Standard WLAN Design
* WLAN Design for Small, Medium, Enterprise and Remote Network
* WLAN Implementation

“VPN and Security Cisco SAFE Implementation Exam (CSI)”, also known as 642-541 exam, is a Cisco certification.
Preparing for the 642-541 exam? Searching 642-541 Test Questions, 642-541 Practice Exam, 642-541 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 228 questions to your 642-541 Exam preparation. In the 642-541 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

QUESTION 24:
James the security administrator is working on cryptographic authentication.
What is the earliest version of NTP that supports a cryptographic authentication
mechanism between peers?
A. The earliest version is 5
B. The earliest version is 4
C. The earliest version is 3
D. The earliest version is 2
E. The earliest version is 1
Answer: C
Explanation:
Version 3 and above of NTP supports a cryptographic authentication mechanism between
peers.
Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User
Networks
QUESTION 25:
You are the administrator at Certkiller Inc. and you need to mitigate threats to the
network. How do you mitigate the threats presented when using TFTP?
A. TFTP traffic should use peer authentication for each session.
B. IP packet inspection should be enabled on all routers.
C. TFTP traffic should be encrypted within an IPSec tunnel.
D. IP verify reverse path should be enabled on all routers.
Answer: C
Explanation:
Where possible, TFTP traffic should be encrypted within an IPSec tunnel in order
to mitigate the chance of its being intercepted.
Ref: Safe White papers; Page 72
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 26:
You are the administrator at Certkiller Inc. and you need to checkout syslogs for
information. How do you check syslog information to ensure that it has not been altered
in transit?
A. Packets use CRC to ensure data has not been altered in transit.
B. Syslog has no checking to ensure that the packet contents have not been altered in
transit.
C. Host IDS inspects the packet to ensure time stamps are concurrent.
D. The firewall inspects the packet to ensure time stamps are concurrent.
E. IPSec inspects the packet to ensure time stamps are concurrent.
Answer: B

Questions and Answers : 228 questions
Updated: 2008-2-6
Market Price: $69.99
Member Price: $59.99

Free download:pass4sure CCSP 642-541
Free download:testking CCSP 642-541
more info:www.ciscoexams.org

Exam Number/Code: 642-542
Exam Name: Cisco SAFE Implementation Exam
VUE Code: 642-542
Questions Type: Single choice,
Real Exam Question Numbers: 70-80 questions
Exam Language(s): English

642-542 CSI
Cisco SAFE Implementation Exam
Exam Number: 642-542
Associated Certifications: CCSP
Duration: 105 minutes (70-80 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description

The Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.
Exam Topics

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Security Fundamentals

* Need for network security
* Components of a complete security policy
* Primary network threats and attacks
* Common attacks and recommended mitigation techniques
* Security issues implicit in common management protocols

SAFE Blueprint Overview

* SAFE Blueprint Overview
* Design Fundamentals
* SAFE Axioms

The Cisco Security Portfolio

* Cisco Security Portfolio Overview
* Secure Connectivity-Cisco VPN 3000 Concentrator and Cisco VPN Optimized IOS
* Perimeter Security Firewalls-Cisco PIX Firewall and Cisco IOS Firewall
* Intrusion Protection-IDS
* Identity-CSACS
* Security Management-VMS
* Cisco AVVID

SAFE Small Network Design

* Small Network Design Overview
* Small Network Corporate Internet Module
* Small Network Campus Module
* Implementation-ISP Router
* Implementation-Cisco IOS Firewall
* Implementation-PIX Firewall
* Implementation-CSA

SAFE Midsize Network Design

* Midsize Network Design
* Midsize Network Corporate Internet Module Design Guidelines
* Midsize Network Campus Module
* Midsize Network Campus Module Design Guidelines
* Midsize Network WAN Module
* Implementation-ISP Router and Edge Router
* Implementation-Network IPS
* Implementation-VPN 3000 Concentrator
* Implementation-Layer 3 Switch

SAFE Remote Network Design

* Remote-User Network Overview
* Key Devices and Threat Mitigation
* Software Client Option
* Remote Site Firewall Option
* VPN 3002 Hardware Client Option
* Remote Site Router Option

SAFE Enterprise Network Design

* Enterprise Network Design Overview
* Enterprise Campus
* Enterprise Network Edge

SAFE IP Telephony Design

* IP Telephony Concepts, Caveats and Axioms
* IP Telephony Product Portfolio
* IP Telephony Design Considerations
* IP Telephony Design for Small, Medium and Large Network

SAFE Wireless LAN Design

* Wireless LAN Security Concepts, Caveats and Axioms
* WLAN Security Extensions
* Cisco WLAN Product Portfolio
* WLAN Design Approach
* Standard WLAN Design
* WLAN Design for Small, Medium, Enterprise and Remote Network
* WLAN Implementation

“Cisco SAFE Implementation Exam”, also known as 642-542 exam, is a Cisco certification.
Preparing for the 642-542 exam? Searching 642-542 Test Questions, 642-542 Practice Exam, 642-542 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 224 Q&A to your 642-542 Exam preparation. In the 642-542 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

QUESTION 1:
Threats that come from hackers who are more highly motivated and technically
competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Answer: D
Explanation: Structured threats come from adversaries that are highly motivated
and technically competent.
Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2:
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.

F. You can not determine the source.
Answer: C
Explanation: The worst attack is the one that you cannot stop. When performed
properly, DDoS is just such an attack.
QUESTION 3:
What type of network requires availability to the Internet and public networks as a major
requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Answer: A

The networks of today are designed with availability to the Internet and public networks,
which is a major requirement. Most of today’s networks have serverla access points to
other network both public and private;therefore,securing these networks has become
fundamentally important.
Reference: CSI Student guide v2.0 p.2-4
QUESTION 4:
The security team at Chinatag Inc. is working on network security design.
What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Answer: C
Explanation:
One of the key factors to building a successful network security design is to identify and
enforce a proper trust model. The proper trust model defines who needs to talk to whom
and what kind of traffic needs to be exchanged; all traffic should be denied. one
the proper trust model has been identified, then the security designer should decide how
to enforce the model. As more critical resources are globally available and new forms of

network attacks evolve, the network security infrastructure tends to become more
sophisticated, and more products are available. Firewalls, routers, LAN switches,
intrusion detection systems, AAA servers, and VPNs are some of the technologies and
products that can help enforce the model. Of course, each one of these products and
technologies plays a particular role within the overall security implementation, and it is
essential for the designer to understand how these elements can be deployed.
Network File Sharing seems to be the best answer out of all the answers listed.
Reference: Securing Networks with Private VLANs and VLAN Access Control Lists

QUESTION 5:
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Answer: C
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic
Reference: Safe white papers; page 26
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6:
The security team at Chinatag Inc. is working on understanding attacks that happen in the
network. What type of attack is characterized by exploitation of well-known weaknesses,
use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Answer: D
Explanation: The primary problem with application layer attacks is that they often
use ports that are allowed through a firewall.
Reference: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7:
You are the security administrator at Chinatag and you need to know the attacks types to
the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Answer: A C
Explanation:
IP Spoofing
An IP spoofing attack occurs when a hacker inside or outside a network impersonates the
conversations of a trusted computer. A hacker can do this in one of two ways. The hacker
uses either an IP address that is within the range of trusted IP addresses for a network or
an authorized external IP address that is trusted and to which access is provided to
specified resources on a network. IP spoofing attacks are often a launch point for other
attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed
source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited
to the injection of malicious data or commands into an existing stream of data that is
passed between a client and server application or a peer-to-peer network connection. To
enable bidirectional communication, the hacker must change all routing tables to point to
the spoofed IP address. Another approach hackers sometimes take is to simply not worry
about receiving any response from the applications. If a hacker tries to obtain a sensitive
file from a system, application responses are unimportant.
However, if a hacker manages to change the routing tables to point to the spoofed IP
address, the hacker can receive all the network packets that are addressed to the spoofed
address and reply just as any trusted user can.
Reference:
Safe white papers; page 65
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8:
John the security administrator at Chinatag Inc. is working on securing the network with
strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain
cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the
product being used.
D. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and special characters.
Answer: D

Explanation:
Passwords should be at least eight characters long and contain uppercase letters,
lowercase
letters, numbers, and special characters (#, %, $, and so forth).
Reference: Safe white papers; page 67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9:
The two Denial of Service attack methods are: (Choose two)
A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload
Answer: A, D
Explanation:
When involving specific network server applications; such as a web
server or an FTP server, these attacks can focus on acquiring and keeping open all

the available connections supported by that server, effectively locking out valid
users of the server or service. Some attacks compromise the performance of your
network by flooding the network with undesired-and often useless-network packets
and by providing false information about the status of network resources.
REF; Safe white papers; page 66&67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about
networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10:
This program does something undocumented which the programmer intended, but that
the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Answer: C
Explanation: A Trojan horse is different only in that the entire application was
written to look like something else, when in fact it is an attack tool. An example of a
Trojan horse is a software application that runs a simple game on the user’s
workstation. While the user is occupied with the game, the Trojan horse mails a
copy of itself to every user in the user’saddress book. Then other users get the game
and play it, thus spreading the Trojan horse.
Ref: Safe White papers; Page 70
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Questions and Answers : 224 Q&A
Updated: 2008-2-12
Market Price: $125.99
Member Price: $79.99

Free down:Pass4sure ccsp 642-542 v2.93
Free down:testking ccsp 642-542

password:www.ciscoexams.org