Related Certifications: CCSP and Cisco NAC Specialist

Number of Questions: 60

Duration: 75 minutes

Exam Topics Include:

1. Implement Cisco NAC Appliance

2. Identify the components and features used for Cisco NAC Appliance

3. Configure and verify NAM and NAS to support the Cisco NAC Appliance In-Band server solutions

4. Configure and verify NAM and NAS to support the Cisco NAC appliance Out-of-Band server solutions

5. Configure and verify Cisco Switches as network access devices

6. Configure and verify user roles

The 642-591 CANAC exam is associated with both the Cisco Certified Security Professional and the Cisco Network Admission Control Specialist certifications. It is one of the optional exam choices for the CCSP. This exam tests a candidate’s knowledge of the Cisco NAC Appliance solution, including design, implementation, and configuration.
The NAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30,
beginning at address 192.166.10.0. Which IP address is leased to the end-user host on the
second subnet?
A. 192.166.10.4
B. 192.166.10.5
C. 192.166.10.6
D. 192.166.10.7
Answer: C
QUESTION 2
Which derault administrator group has delete permissions?
A. admin
B. help-desk
C. add-edit
D. full-control
Answer: D
QUESTION 3
What is the result when the condition statement in a Cisco NAA check for required software
evaluates to false on a client machine?
A. The required software is automatically downloaded to the user device.
B. The required software is made available after the user is quarantined.
C. The user is put in the unauthenticated role and the software is considered missing.
D. The user is placed in the temporary role and the software is made available.
Answer: B
QUESTION 4
Which three components comprise a Cisco NAC Appliance solution? (Choose three.)
A. a NAC-enabled Cisco router
B. a Linux server for in-band or out-of-band network admission control
C. a Linux server for centralized management of network admission servers
D. a Cisco router to provide VPN services
E. a read-only client operating on an endpoint device
F. a NAC-enabled Cisco switch
Answer: B, C, E
3
When configuring the Cisco NAM to implement Cisco NAA requirement checking on client

machines, what is the next step after configuring checks and rules?
A. retrieve updates
B. require the use of the Cisco NAA
C. configure session timeout and traffic policies
D. map rules to requirement
E. configure requirements
Answer: E
What are the two types of traffic policies that apply to user roles? (Choose two.)
A. IP-based
B. peer-based
C. host-based
D. manager-based
E. server-based
F. VLAN-based
Answer: A, C
QUESTION 10
After you implement a network scan and view the report, you notice that a plug-in did not access
6
any of its dependent plug-ins. What did you forget to do?
A. enable the Dependent Plug-in check box on the General Tab form
B. configure dependent plug-in support when you mapped the Nessus scan check to the Nessus
plug-in rule
C. install dependent plug-ins when you updated the Cisco NAC Appliance plug-in library
D. load the dependent plug-ins for that plug-in in the Plug-in Updates form
Answer: D
testking cisco
Interactive Testing Engine Included!
60 Questions
Updated : 03/15/2008
Price : $87.99 $79.99

Free Down:Testking Cisco 642-591 Exam
pass4sure cisco 642-591 v2.93

password:www.certbible.org

Implementing Cisco NAC Appliance : 642-591 Exam“Implementing Cisco NAC Appliance”, also known as 642-591 exam, is a Cisco certification.
Preparing for the 642-591 exam? Searching 642-591 Test Questions, 642-591 Practice Exam, 642-591 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&As to your 642-591 Exam preparation. In the 642-591 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.
Questions and Answers : 60 Q&As
Updated: March 17th , 2008
Market Price: $159.99
Member Price: $99.99Implementing Cisco NAC Appliance : 642-591 Exam

Free Down:pass4sure cisco ccsp 642-591 v2.93

Testking 642-591
password:www.pass4sure.org.cn

* Provides an overview of the security components used to design proactive network security
* Helps network security professionals understand what the latest tools and techniques can do and how they interact
* Presents detailed information on how to use integrated management to increase security
* Includes a design guide with step-by-step implementation instructions

Self-Defending Networks: The Next Generation of Network Security helps networking professionals understand how to deploy an end-to-end, integrated network security solution. It presents a clear view of the various components that can be used throughout the network to not only monitor traffic but to allow the network itself to become more proactive in preventing and mitigating network attacks. This security primer provides unique insight into the entire range of Cisco security solutions, showing what each element is capable of doing and how all of the pieces work together to form an end-to-end Self-Defending Network. While other books tend to focus on individual security components, providing in-depth configuration guidelines for various devices and technologies, Self-Defending Networks instead presents a high-level overview of the entire range of technologies and techniques that comprise the latest thinking in proactive network security defenses. This book arms network security professionals with the latest information on the comprehensive suite of Cisco security tools and techniques. Network Admission Control, Network Infection Containment, Dynamic Attack Mitigation, DDoS Mitigation, Host Intrusion Prevention, and Integrated Security Management are all covered, providing the most complete overview of various security systems. It focuses on leveraging integrated management, rather than including a device-by-device manual to implement self-defending networks.

This chapter covers the following topics:

* Network admission control overview
* NAC Framework benefits
* NAC Framework components
* Operational overview
* Deployment models

Network Admission Control (NAC) is a technology initiative led by Cisco Systems working in collaboration with many leading security vendors, including antivirus and desktop management. Their focus is the creation of solutions that limit security threats, such as worms and viruses.

This technology provides a framework using existing Cisco infrastructure to enforce network admission policies on NAC-enabled endpoint devices, guaranteeing software compliance before network access is granted. If an endpoint device is determined noncompliant, a variety of admission actions are available to administrators, and how the actions are implemented is at the discretion of the network administrator. For example, a noncompliant endpoint may be placed in a quarantine area of the network and redirected to a remediation server to load the necessary software or patches. A notification is displayed to the user warning that their device is not compliant or, in the worse case, that they are denied network access entirely.

This chapter describes the Cisco NAC Framework, identifies benefits, describes the solution components and how they interoperate, and describes common deployment models.
Network Admission Control Overview

Worms and viruses continue to be disruptive, even though many businesses have significantly invested in antivirus and traditional security solutions. Not all users stay up to date with the many needed software security patches of antivirus files. Noncompliant endpoints are frequent and the reasons vary; for example:

* A user might choose to wait and install a new update later because they don’t have the time
* A contractor, partner, or guest needs network access; however, the business may not control the endpoint
* The endpoints are not managed
* The business lacks the capability to monitor the endpoints and determine whether they are updated to conform to the business’s security policy

When infected endpoints connect to the network, they unsuspectingly spread their infections to other improperly protected devices. This has caused businesses to examine how they should implement endpoint compliance enforcement besides user authentication before granting access to their networks.

Cisco Systems provides two network admission control solution choices:

* NAC Appliance
* NAC Framework

Chapter 7, “Cisco Clean Access,” describes NAC Appliance, which was originally marketed as Cisco Clean Access (CCA). NAC Appliance is a turnkey self-sufficient package that does not rely on third-party products for determining and enforcing software compliance. This chapter focuses on NAC Framework.

NAC Framework is an integrated solution that enables businesses to leverage many of their existing Cisco network products, along with many third-party vendor products such as antivirus, security, and identity-based software. Vendor products must be NAC-enabled in order to communicate with the NAC-enabled network access devices. NAC Framework is extremely flexible because it can enforce more features available from other vendors’ products. A comparison of customer preferences for choosing the NAC Appliance and NAC Framework is shown in Table 6-1.
Table 6-1. NAC Customer Profile

NAC Framework

NAC Appliance

Uses an integrated framework approach, leveraging existing security solutions from other vendors

Prefers bundled, out-of-the-box functionality with preinstalled support for antivirus and Microsoft updates

Complex network environment, leveraging many types of Cisco network access products

Heterogeneous network infrastructure

Longer, phased-in deployment model

Rapid deployment model

Can integrate with 802.1x

Independent of 802.1x
Source: Cisco Systems, Inc.1
2. NAC Framework Benefits

NAC Framework Benefits

Following are some benefits that can be recognized by businesses that have implemented NAC Framework:

* Protects corporate assets—Enforces the corporate security software compliance policy for endpoints.
* Provides comprehensive span of control—All the access methods that endpoints use to connect to the network are covered, including campus switching, wireless, router WAN links, IP Security (IPSec), and remote access.
* Controls endpoint admission—Validates all endpoints regardless of their operating system, and it doesn’t matter which agents are running. Also provides the ability to exempt certain endpoints from having to be authenticated or checked.
* Offers a multivendor solution—NAC is the result of a multivendor collaboration between leading security vendors, including antivirus, desktop management, and other market leaders. NAC supports multiple security and patch software vendors through APIs.
* Leverages existing technologies and standards—NAC extends the use of existing communications protocols and security technologies, such as Extensible Authentication Protocol (EAP), 802.1x, and RADIUS services.
* Leverages existing network and antivirus investments—NAC combines existing investments in network infrastructure and security technology to provide a secure admission control solution.

more info:

Volume II: NAC Framework Deployment and Troubleshooting

The self-defending network in action

Jazib Frahim, CCIE® No. 5459

Omar Santos

David White, Jr., CCIE No. 12,021

When most information security professionals think about threats to their networks, they think about the threat of attackers from the outside. However, in recent years the number of computer security incidents occurring from trusted users within a company has equaled those occurring from external threats. The difference is, external threats are fairly well understood and almost all companies utilize tools and technology to protect against those threats. In contrast, the threats from internal trusted employees or partners are often overlooked and much more difficult to protect against.

Network Admission Control (NAC) is designed to prohibit or restrict access to the secured internal network from devices with a diminished security posture until they are patched or updated to meet the minimum corporate security requirements. A fundamental component of the Cisco® Self-Defending Network Initiative, NAC enables you to enforce host patch policies and to regulate network access permissions for noncompliant, vulnerable systems.

Cisco Network Admission Control, Volume II, helps you understand how to deploy the NAC Framework solution and ultimately build a self-defending network. The book focuses on the key components that make up the NAC Framework, showing how you can successfully deploy and troubleshoot each component and the overall solution. Emphasis is placed on real-world deployment scenarios, and the book walks you step by step through individual component configurations. Along the way, the authors call out best practices and tell you which mistakes to avoid. Component-level and solution-level troubleshooting techniques are also presented. Three full-deployment scenarios walk you through application of NAC in a small business, medium-sized organization, and large enterprise.

“To successfully deploy and troubleshoot the Cisco NAC solution requires thoughtful builds and design of NAC in branch, campus, and enterprise topologies. It requires a practical and methodical view towards building layered security and management with troubleshooting, auditing, and monitoring capabilities.”

—Jayshree V. Ullal, Senior Vice President, Datacenter, Switching and Security Technology Group, Cisco Systems®

Jazib Frahim, CCIE® No. 5459, is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He is responsible for guiding customers in the design and implementation of their networks with a focus on network security.

Omar Santos is a senior network security engineer in the Worldwide Security Services Practice of the Cisco Advanced Services for Network Security team. He has more than 12 years of experience in secure data communications.

David White, Jr., CCIE No. 12,021, has more than 10 years of networking experience with a focus on network security. He is currently an escalation engineer in the Cisco TAC, where he has been for more than six years.

* Effectively deploy the Cisco Trust Agent
* Configure Layer 2 IP and Layer 2 802.1x NAC on network access devices
* Examine packet flow in a Cisco IOS NAD when NAC is enabled, and configure Layer 3 NAC on the NAD
* Monitor remote access VPN tunnels
* Configure and troubleshoot NAC on the Cisco ASA and PIX security appliances
* Install and configure Cisco Secure Access Control Server (ACS) for NAC
* Install the Cisco Security Agent Manage-ment Center and create agent kits
* Add antivirus policy servers to ACS for external antivirus posture validation
* Understand and apply audit servers to your NAC solution
* Use remediation servers to automatically patch end hosts to bring them in compliance with your network policies
* Monitor the NAC solution using the Cisco Security Monitoring, Analysis, and Response System (MARS)

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press—Security

Covers: Network Admission Control

More info:Cisco Network Admission Control, Volume II: NAC Deployment and Troubleshooting (Networking Technology)

Volume I: NAC Framework Architecture and Design

A guide to endpoint compliance enforcement

Today, a variety of security challenges affect all businesses regardless of size and location. Companies face ongoing challenges with the fight against malware such as worms, viruses, and spyware. Today’s mobile workforce attach numerous devices to the corporate network that are harder to control from a security policy perspective. These host devices are often lacking antivirus updates and operating system patches, thus exposing the entire network to infection. As a result, worms and viruses continue to disrupt business, causing downtime and continual patching. Noncompliant servers and desktops are far too common and are difficult to detect and contain. Locating and isolating infected computers is time consuming and resource intensive.

Network Admission Control (NAC) uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from emerging security threats. NAC allows network access only to compliant and trusted endpoint devices (PCs, servers, and PDAs, for example) and can restrict the access of and even remediate noncompliant devices.

Cisco Network Admission Control, Volume I, describes the NAC architecture and provides an in-depth technical description for each of the solution components. This book also provides design guidelines for enforcing network admission policies and describes how to handle NAC agentless hosts. As a technical primer, this book introduces you to the NAC Framework solution components and addresses the architecture behind NAC and the protocols that it follows so you can gain a complete understanding of its operation. Sample worksheets help you gather and organize requirements for designing a NAC solution.

Denise Helfrich is a technical program sales engineer that develops and supports global online labs for the World Wide Sales Force Development at Cisco®.

Lou Ronnau, CCIE® No. 1536, is a technical leader in the Applied Intelligence group of the Customer Assurance Security Practice at Cisco.

Jason Frazier is a technical leader in the Technology Systems Engineering group for Cisco.

Paul Forbes is a technical marketing engineer in the Office of the CTO, within the Security Technology Group at Cisco.

* Understand how the various NAC components work together to defend your network
* Learn how NAC operates and identifies the types of information the NAC solution uses to make its admission decisions
* Examine how Cisco Trust Agent and NAC-enabled applications interoperate
* Evaluate the process by which a policy server determines and enforces a policy
* Understand how NAC works when implemented using NAC-L2-802.1X, NAC-L3-IP, and NAC-L2-IP
* Prepare, plan, design, implement, operate, and optimize a network admission control solution

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.

Category: Cisco Press–Security

Covers: Network Admission Control

More info:Cisco Network Admission Control, Volume I: NAC Framework Architecture and Design (Networking Technology)

Exam Description
The 642-591 CANAC Implementing Cisco NAC Appliance exam is associated with both the Cisco Certified Security Professional and the Cisco Network Admission Control Specialist certifications. Candidates can prepare for this exam by taking the Implementing Cisco NAC Appliance course. This exam tests a candidate’s knowledge of the Cisco NAC Appliance solution.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Implement Cisco NAC Appliance

* Identify the components and features used for Cisco NAC Appliance
* Configure and verify NAM and NAS to support the Cisco NAC Appliance In-Band server solutions
* Configure and verify NAM and NAS to support the Cisco NAC appliance Out-of-Band server solutions
* Configure Single Sign on
* Configure and verify Cisco Switches as network access devices
* Configure and verify user roles
* Implement and verify rule based policies
* Configure Cisco NAC Appliance network scanning
* Configure NAM to implement NAA on user devices
* Implement and verify an HA solution
* Administer and monitor a Cisco NAC Appliance solution
The leader among the providers of ccsp 642-591 preparatory materials is TestKing products such as ccsp 642-591 Braindumps, ccsp 642-591 Study Guides, Tutorial,Torrent, ccsp 642-591 Exam Questions with Answers, ccsp 642-591 Trainings, ccsp 642-591 Online Course and free PDF. It obtained its leadership and trust of the users from the very beginning of its work on the TestKing ccsp 642-591 training materials market. All the ccsp 642-591 braindumps aids have been created by people who are personally familiar with ccsp 642-591 exams and who know all the difficulties and popular mistakes made by those who take a ccsp 642-591 test. The entire material is logically composed in such a way that everything becomes easy to understand for anyone. Many ccsp 642-591 guides include audio and video material. It is really easy to acquire TestKing ccsp 642-591 exams becausy of great variety of methods of payment.

Recommended Training about ccsp 642-591 exam PDF vce
The following courses are the recommended training for ccsp 642-591 exam PDF.
cisco ccsp 642-591 Q & A with Explanations
cisco ccsp 642-591 Audio Exam
cisco ccsp 642-591 Study Guide
cisco ccsp 642-591 Preparation Lab
Cisco ccsp 642-591 rapidshare 4shared books