Pass4sure Cisco CCSP 642-552 Exam
Securing Cisco Networking Devices (SND) : 642-552 Exam
Exam Number/Code: 642-552
Exam Name: Securing Cisco Networking Devices (SND)
VUE Code: 642-552
Questions Type: Single choice,
“Securing Cisco Networking Devices (SND)”, also known as 642-552 exam, is a Cisco certification.
Preparing for the 642-552 exam? Searching 642-552 Test Questions, 642-552 Practice Exam, 642-552 Dumps?
The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager
What are two security risks on 802.11 WLANs that implement WEP using a static 40-bit key
with open authentication? (Choose two.)
A. The IV is transmitted as plaintext, and an attacker can sniff the WLAN to see the IV.
B. The challenge packet sent by the wireless AP is sent unencrypted.
C. The response packet sent by the wireless client is sent unencrypted.
D. WEP uses a weak-block cipher such as the Data Encryption Algorithm.
E. One-way authentication only where the wireless client does not authenticate the wireless-
access point.
Answer: A, E
QUESTION: 5
Which feature is available only in the Cisco SDM Advanced Firewall Wizard?
A. configure a router interface connected to a WLAN
B. create a firewall policy to block SDM access to the router from the outside interface
C. specify the router outside interface to use for remote management access
D. choose physical and logical interfaces connected to a WLAN E. configure DMZ interfaces
with access and inspection rules
Answer: E
QUESTION: 6
What is the primary type of intrusion prevention technology used by Cisco IPS security
appliances?
A. profile-based
B. rule-based
C. signature-based
D. protocol analysis-based
Answer: C
QUESTION: 7
Which IPsec protocol is the most popular and why?
A. AH, because it provides encryption and authentication
B. AH, because it supports tunnel mode
C. AH, because it works with PAT
D. ESP, because it provides encryption and authentication
E. ESP, because it supports tunnel mode
F. ESP, because it works with PAT
Answer: D
Remote users are having a problem using their Cisco VPN Client software to connect to a
Cisco Easy VPN Server. Which of the following could be causing the problem?
A. The Cisco Easy VPN Server is configured with more than one ISAKMP policy.
B. The Cisco Easy VPN Server is configured with only one ISAKMP policy specifying
Diffie-Hellman Group 5.
C. The Cisco Easy VPN Server transform set configuration includes both encryption and
authentication.
D. The Cisco Easy VPN Server is configured with more than one transform set using ESP.
E. The Cisco VPN Client software does not support ESP, so the Cisco VPN Server transform
set needs to use AH instead.
Answer: B
Using PassGuide online virtual CCSP practice engine, easy to know well CCSP Training knowledge and pass the Cisco CCSP certification exams. rapidshare 4shared links
QUESTION: 11
Why is TACACS+ the preferred AAA protocol to use with Cisco device authentication?
A. TACACS+ encryption algorithm is more recent than other AAA protocols
B. TACACS+ has a more robust programming interface than other AAA protocols
C. TACACS+ was initially developed as open-source software
D. TACACS+ provides true AAA functional separation and encrypts the entire body of the
packet
E. TACACS+ maintains authentication information in the local database of each Cisco IOS
router
F. TACACS+ combines authentication and authorization to provide more robust functionalities
Answer: D
QUESTION: 12
Using a stateful firewall, which information is stored in the stateful session flow table?
A. the outbound and inbound access rules (ACL entries)
B. the source and destination IP addresses, port numbers, TCP sequencing information, and
additional flags for each TCP or UDP connection associated with a particular session
C. all TCP and UDP header information only
D. all TCP SYN packets and the associated return ACK packets only
E. the inside private IP address and the translated global IP address
Answer: B
QUESTION: 14
Which of these is the strongest symmetrical encryption algorithm?
A. DES
B. 3DES
C. AES
D. RSA
E. SHA
F. Diffie-Hellman
Answer: C
QUESTION: 15
Router A can not establish a standard IPsec VPN tunnel with router B. An analysis reveals one or
more NAT points in the delivery path of each IPsec packet being sent to router B. What is the
problem and what is the solution?
A. IPsec encrypts Layer 4 port information and IKE NAT transversal needs to be configured on
this network.
B. The port number information in the ESP header is encrypted. Use ESP tunnel mode instead of
transport mode.
C. Router A needs to decrypt the Layer 4 port information. Configure ESP protocol on router A.
D. NAT changes the source IP address of the packets so IPSEC ESP integrity check will fail.
Use PAT instead of NAT.
Answer: A
QUESTION: 16
What does the MD5 algorithm do?
A. takes a message less than 2^64 bits as input and produces a 160-bit message digest
B. creates a variable-length message and produces a 168-bit message digest
C. takes a variable-length message and produces a 128-bit message digest
D. takes a fixed-length message and produces a 128-bit message digest
Answer: C
With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&A to your 642-552 Exam preparation. In the 642-552 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Questions and Answers : 60 Q&A
Updated: April 3rd , 2008
Market Price: $125.99
Member Price: $89.99
Free Down:Pass4sure Cisco CCSP 642-552 V2.93
password:www.ciscoexams.org
Recent Comments