Cisco 642-583 (Security Solutions for Systems Engineers) 시험을 어떻게 공부하면 패스할수 있을지 고민중이시면 근심걱정 버리시고 Pass4Test 의 Cisco 642-583 (Security Solutions for Systems Eng ineers) 덤프로 가보세요. 문항수가 적고 적중율이 높은 세련된 Cisco 642-583 (Security Solutions for Systems Engineers) 시험준비 공부자료는 Pass4Test제품이 최고입니다.
NO.1 Which countermeasure is best used to protect against rogue access points that are outside the
enterprise physical perimeter and that attempt to attract legitimate clients?
A. dedicated rogue detector access points with active and passive RLDP and radio containment
B. personal firewall
C. Management Frame Protection
D. wireless IDS/IPS
E. EAP-TLS bidirectional authentication
Answer: E
NO.2 DRAG DROP
Answer:
NO.3 Which Cisco ASA's Unified Communications proxy feature manipulates both the signaling and the
media channels?
A. TLS Proxy
B. H.323 Proxy
C. SIP Proxy
D. Phone Proxy
E. CUMA Proxy
Answer: D
NO.4 Deploying logical security controls such as firewall and IPS appliances is an example of which kind of
risk-management option.?
A. risk avoidance
B. risk transfer
C. risk retention
D. risk reduction
E. risk removal
Answer: A
NO.5 Which two protocols can be used to implement high-availability IPS design, using the Cisco IPS 4200
Series Sensor appliance? (Choose two.)
A. spanning tree
B. stateful failover
C. EtherChannel load balancing
D. WCCP
E. HSRP
F. SDEE
Answer: A,C
NO.6 Which series of steps illustrates how a challenge-and-response authentication protocol functions?
A. Exhibit A
B. Exhibit B
C. Exhibit C
Answer: A
NO.7 What is the benefit of the Cisco ASA phone proxy feature?
A. allows businesses to securely connect their Cisco Unified Presence clients back to their
enterprise networks or to share presence information between Cisco Unified Presence servers in different
enterprises
B. allows telecommuters to connect their IP phones to the corporate IP telephony network
securely over the Internet, without the need to connect over a VPN tunnel
C. allows businesses to configure granular policies for SCCP traffic, such as enforcing only registered
phone calls to send traffic through the Cisco ASA security appliance and filtering on message IDs to allow
or disallow specific messages
D. enables deep inspection services for SIP traffic for both User Datagram Protocol (UDP) and
TCP-based SIP environments, thus providing granular control for protection against unified
communications attacks
E. enables inspection of the RTSP protocols that are used to control communications between the client
and server for streaming applications
F. enables advanced H.323 inspection services that support H.323 versions 14 along with Direct Call
Signaling (DCS) and Gatekeeper-Routed Call Signaling (GKRCS) to provide flexible security integration
in a variety of H.323-driven VoIP environments
Answer: B
NO.8 What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for
redirecting traffic to ScanSafe?
A. Advantages: ease of deployment, especially for multiple breakout points Disadvantages: no user
granularity
B. Advantages: user granularity Disadvantages: requires additional hardware for each breakout point
C. Advantages: no browser changes required Disadvantages: not all browsers supported
Answer: A
NO.9 Which statement is true?
A. Three-year commitments cost less per year than three consecutive one-year commitments.
B. Three consecutive one-year commitments cost less than one three-year commitment.
C. Three-year commitments cost the same per year as three consecutive one-year commitments
D. CiscoIronPort does not sell three-year commitments.
Answer: A
NO.10 Which platform can support the highest number of SSL sessions?
A. Cisco 3845 with AIM-VPN/SSL-3
B. Cisco 7200 NPE-GE+VSA
C. Cisco 7200 NPE-GE+VAM2+
D. Cisco ASR1000-5G
E. Cisco 6500/7600 + VPN SPA
F. Cisco ASA 5580
Answer: F
NO.11 Which Cisco ASA configuration is required to implement active/active failover?
A. transparent firewall
B. modular policy framework (MPF)
C. virtual contexts
D. policy-based routing
E. redundant interfaces
F. VLANs
Answer: C
NO.12 The Cisco IPS Manager Express (IME) can be used to manage how many IPS appliances, at a
maximum?
A. 3
B. 5
C. 10
D. 15
E. 20
F. 25
Answer: B
NO.13 Which option best describes Dynamic Content Filtering on the web security appliance?
A. external DLP option for acceptable use scanning
B. filter for pages and frames with dynamic control asset HTML tags
C. content scanner for streaming videos
D. advanced rule engine for categorizing dark web sites
Answer: D
NO.14 Which statement regarding the Cisco ASA encrypted voice inspection capability is correct?
A. The Cisco ASA decrypts, inspects, then re-encrypts voice-signaling traffic; all of the existing VoIP
inspection functions for SCCP and SIP protocols are preserved.
B. The Cisco ASA acts as a non-transparent TLS proxy between the Cisco IP Phone and Cisco Unified
Communications Manager.
C. TLS proxy applies to the encryption layer and is configured by using a Layer 3/4 inspection policy on
the Cisco AS
D. D. The Cisco ASA does not support PAT and NAT for SCCP inspection.
E. The Cisco ASA serves as a proxy for both client and server, with the Cisco IP Phone and the Session
Border Controller.
Answer: A
NO.15 Which two settings can the Cisco Security Agent (release 5.2 and later) monitor to control user's
wireless access? (Choose two.)
A. protection types such as WEP, TKIP
B. wireless card type (802.11a, b, org)
C. SSIDs
D. antivirus version
E. lightweight versus autonomous mode
Answer: A,C
Cisco 642-583 (Security Solutions for Systems Engineers) 시험대비덤프
Posted 2013/7/16 6:34:11 | Category: 미분류 | Tag: