Welcome to download the newest Pass4itsure 412-79 dumps: http://www.pass4itsure.com/412-79.html
Flydumps bring you the best Cisco 642-541 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Cisco 642-541 exam updates as Flydumps announces a change in its Cisco 642-541 exam syllabus,we inform you about it without delay.
QUESTION 159
Which are the attack mitigation roles for the VPN Concentrator in the SAFE standard VPN WLAN design? Choose three.
A. authenticate remote users
B. two-factor authentication
C. terminate IPsec
D. RFC 2827 filtering
E. DHCP relay
F. VPN client auto-initiate
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 160
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 161
Which IDS guidelines should be followed, according to SAFE SMR?
A. use TCP shunning as opposed to TCP resets
B. use shunning no longer than 15 minutes
C. use shunning on only UDP traffic, as it is more difficult to spoof than TCP
D. use shunning on only TCP traffic, as it is more difficult to spoof than UDP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Which three Cisco components encompass secure connectivity? Choose three.
A. Cisco IDS Sensors
B. Cisco PIX Firewalls
C. Cisco IDS Sensors
D. Cisco VPN Concentrators
E. Cisco IOS IDS
F. Cisco IOS VPN
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 163
According to the SAFE Layer 2 security white paper, which is not a threat to switches?
A. CAM table overflow
B. DHCP starvation
C. IP address spoofing
D. VLAN hopping
E. Spanning-Tree Protocol manipulation
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 164
What causes the default TCP intercept feature of the IOS Firewall to become more aggressive? Choose two.
A. the number of incomplete connections exceeds 1100
B. the number of connections arriving in the last 1 minute exceeds 1100
C. the number of incomplete connections exceeds 100
D. the number of connections arriving in the last 10 minutes exceeds 1000
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which is true about the PIX Firewall in the remote site firewall option in the SAFE SMR remote user design environment?
A. ISAKMP is enabled when the ISAKMP policy is created
B. ISAKMP is enabled when the crypto map is applied to the interface
C. ISAKMP is disabled by default
D. ISAKMP is enabled by default
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 166
Which are key devices in the SAFE SMR remote user network? Choose two.
A. firewall with VPN support
B. Layer 2 switch
C. broadband access device
D. NIDS
E. Layer 3 switch
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 167
What is the function of a crypto map on a PIX Firewall?
A. to configure a pre-shared authentication key and associate the key with an IKE peer address or host name
B. to configure a pre-shared authentication key and associate the key with an IPSec peer address or host name
C. to specify which algorithms to use with the selected security protocol
D. to filter and classify the traffic to be protected
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 168
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 169
How are password attacks mitigated in the SAFE SMR midsize network design corporate Internet module?
A. filtering at the ISP, edge router, and corporate firewall
B. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router
C. e-mail content filtering, HIDS, and host-based virus scanning
D. OS and IDS detection
E. CAR at the ISP edge and TCP setup controls at the firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 170
According to SAFE worm mitigation, which of the following is not a mitigation for MS Blaster?
A. private VLANs
B. NBAR
C. CAR
D. sink-hole routers
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 171
Which method will always compute the password if it is made up of the character set you selected to test?
A. brute force computation
B. strong password computation
C. password reassemble
D. brute force mechanism
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 172
Drag Drop question
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 173
What are the SAFE guidelines when routing information is exchanged with an outside routing domain? (Select two.)
A. Use exterior gateway protocols only
B. Use exterior gateway protocols that operate between routing domains and do not allow administrators to build and act on policies.
C. Use exterior gateway protocols because they allow administrators to build and act on policies rather than just on reachability information.
D. Do not use autonomous system path filters on every EBGP peering session in network
E. Use exterior gateway protocols or static routes.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 174
Which are key devices in the SAFE SMR midsize network design midsize network campus module? Choose three.
A. WAN router
B. VPN Concentrator
C. firewalls
D. NIDS host
E. corporate servers
F. layer 2 switches
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 175
According to SAFE SMR, what type of VPN connectivity is typically used with the Cisco PIX Firewall?
A. remote access
B. site-to-site
C. mobile user
D. corporate
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Flydumps is a specialized IT certification exam training website which provide you the targeted exercises and current exams. We focus on the popular Cisco 642-541 exam and has studied out the latest Cisco 642-541 exam dumps, which can meet the needs of many people. HP HP5-K03D certification is a reference of many well-known IT companies to hire IT employee. So this Cisco 642-541 exam is very popular now. Flydumps is also recognized and relied by many people. Flydumps can help a lot of people achieve their dream. If you choose Flydumps, but you do not successfully pass the examination, Flydumps will give you a full refund.
Welcome to download the newest Pass4itsure 412-79 dumps: http://www.pass4itsure.com/412-79.html
Cisco 642-541 Dumps, First-hand Cisco 642-541 Questions And Answers Are Based On The Real Exam