Exam 642-566 preparation questions
-
Upload
stuart-broad -
Category
Documents
-
view
216 -
download
0
description
Transcript of Exam 642-566 preparation questions
![Page 1: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/1.jpg)
Exam 642-566 study material
Made available by Testkingprep.com
Free 642-566 Exam Preparation Questions
Exam 642-566: Security Solutions for Systems Engineers
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html
![Page 2: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/2.jpg)
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html
![Page 3: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/3.jpg)
Question:1 Which one of the following methods can be used to scale Cisco Security MARS deployments?
A. Use the Cisco Security MARS syslog forwarding feature to offload the syslog storage requirement to an external server. B. Migrate from the Gen1 to Gen2 Cisco Security MARS platforms. C. Use redundant or duplicated Cisco Security MARS appliances to implement a multi-tier architecture. D. Divide the network into multiple zones, then use the global/local controllers approach.
Answer: D
Question:2 Which type of native encryption is supported by the LWAPP protocol?
A. RC5 B. IDEA C. ECC D. AES
Answer: D
Question:3 Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks. A component of the Cisco IOS Integrated Threat Control framework and complemented by Cisco IOS Flexible Packet Matching feature, Cisco IOS IPS provides your network with the intelligence to accurately identify, classify, and stop or block malicious traffic in real time .Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. It has a minimal impact on router memory. B. It uses a parallel signature-scanning engine to scan for multiple patterns within a signature micro-engine at any given time. C. It offers a wider signature coverage than the IDSM-2 module. D. It should be enabled to maximize the coverage, except for false-positives reduction. Answer: B
Question:4 Given: 1.IPsec VPNs 2.AAA 3.redundant WAN devices 4.host IPS 5.Cisco NAC appliance I.Denial of Sercice attacks II.breaking into the WAN routers III.network traffic eavesdropping Select the best security control to minimize the WAN security threats. Not all the security controls are required.
A. I-1, II-2, III-3 B. I-3, II-1, III-2 C. I-3, II-2, III-1 D. I-5, II-1, III-2
Answer: C
Question:5 Which two protocols can perform high-availability IPS design by use of the Cisco IPS 4200 Series Sensor appliance? (Choose two.)
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html
![Page 4: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/4.jpg)
A. Spanning tree B. HSRP C. EtherChannel load balancing D. SDEE
Answer: A, C
Question:6 IPS platform____ can operate in inline mode only.
A. Cisco IPS 4200 Series Sensor B. IDSM-2 C. Cisco IOS IPS D. Cisco ASA AIP SSM
Answer: C
Question:7 Which functionality can be used by the Cisco Security MARS security appliance to achieve events aggregation?
A. Events action filters B. Cisco Security Manager policy correlations C. Summarization D. Sessionization Answer: D
Question:8 Study the exhibit below carefully, which statement is true about the security architecture, which is used to protect the multi-tiered web application?
A. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth. B. This architecture supports application tiers that are dual homed. C. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls. D. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures.
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html
![Page 5: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/5.jpg)
Answer: D
Question:9 Deploying the NAC appliance in in-band mode is better than out-of-band ode. Why?
A. Bandwidth enforcement policy B. Nessus scanning C. NAC Appliance Agent deployment D. Higher number of users per NAC Appliance
Answer: A
Question:10 Study the exhibit below carefully, in order to support IPsec VPN, which three traffic types should ACL1 permit on the firewall in front of the IPsec VPN gateway? (Choose three.)
A. IP protocol 50 B. UDP port 10000 C. UDP port 500 D. UDP port 4500
Answer: A, C, D
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html
![Page 6: Exam 642-566 preparation questions](https://reader036.fdocuments.in/reader036/viewer/2022082519/568bd5ae1a28ab20349959fb/html5/thumbnails/6.jpg)
For complete Exam 642-566 Training kits and Self-Paced Study Material
Visit:http://www.testkingprep.com/642-566.html
http://www.testkingprep.com/
For Latest 642-566 Exam Questions and study guides- visit- http://www.testkingprep.com/642-566.html