Testking Cisco CCSP 642-552 Exam
Exam 642-552: Securing Cisco Network Devices Exam (SND)
Testking Interactive Testing Engine Included!
128 Questions
Updated : 03/07/2008
Price : $87.99 $79.99
Related Certifications: CCSP/Cisco Firewall/IPS/VPN Specialist
Duration: 75 minutes
Exam Topics Include:
1. Describe the security threats facing modern networks
2. Secure Cisco routers
3. Implement basic AAA using Cisco routers
4. Mitigate threats to Cisco routers and networks using ACLs
5. Implement secure network management and reporting
6. Mitigate common Layer 2 attacks
7. Implement the Cisco IOS firewall feature set using SDM
8. Implement IPsec VPN on Cisco routers using SDM
Topic 1, Describe the security threats facing modern network infrastructures (16
Questions) 3
Topic 2, Secure Cisco routers (15 Questions) 15
Topic 3, Implement basic AAA using Cisco routers (6 Questions) 25
Topic 4, Mitigate threats to Cisco routers and networks using ACLs (6 Questions) 27
Topic 5, Implement secure network management and reporting (9 Questions) 31
Topic 6, Mitigate common Layer 2 attacks (1 Questions) 35
Topic 7, Implement the Cisco IOS firewall features set using SDM (16 Questions) 35
Topic 8, Implement the Cisco IOS IPS feature set using SDM (11 Questions) 44
Topic 9, Implement IPSec VPN on Cisco routers using SDM (20 Questions) 51
Topic 10, TestKing.com Questions (4 Questions) 64
Topic 11, TestKing.com Madrid, Scenario 65
Topic 11, TestKing.com Spain (3 Questions) 68
Topic 12, Practice Questions (19 Questions) 69
A malicious program is disguised as another useful program; consequently, when
the user executes the program, files get erased and then the malicious program
spreads itself using emails as the delivery mechanism. Which type of attack best
describes how this scenario got started?
A. DoS
B. worm
C. virus
D. trojan horse
E. DDoS
Answer: D
QUESTION NO: 2
What is the key function of a comprehensive security policy?
A. informing staff of their obligatory requirements for protecting technology and
information assets
B. detailing the way security needs will be met at corporate and department levels
C. recommending that Cisco IPS sensors be implemented at the network edge
D. detailing how to block malicious network attacks
Answer: A
Which building blocks make up the Adaptive Threat Defense phase of Cisco SDN
strategy?
A. VoIP services, NAC services, Cisco IBNS
B. network foundation protection, NIDS services, adaptive threat mitigation services
C. firewall services, intrusion prevention, secure connectivity
D. firewall services, IPS and network antivirus services, network intelligence
E. Anti-X defense, NAC services, network foundation protection
Answer: D
Which of these two ways does Cisco recommend that you use to mitigate
maintenance-related threats? (Choose two.)
A. Maintain a stock of critical spares for emergency use.
B. Ensure that all cabling is Category 6.
C. Always follow electrostatic discharge procedures when replacing or working with
internal router and switch device components.
D. Always wear an electrostatic wrist band when handling cabling, including fiber-optic
cabling.
E. Always employ certified maintenance technicians to maintain mission-critical
equipment and cabling.
Answer: A,C
What are two security risks on 802.11 WLANs that implement WEP using a static
40-bit key with open authentication? (Choose two.)
A. The IV is transmitted as plaintext, and an attacker can sniff the WLAN to see the IV.
B. The challenge packet sent by the wireless AP is sent unencrypted.
C. The response packet sent by the wireless client is sent unencrypted.
D. WEP uses a weak-block cipher such as the Data Encryption Algorithm.
E. One-way authentication only where the wireless client does not authenticate the
wireless-access point.
Answer: A,E
Which method of mitigating packet-sniffer attacks is the most effective?
A. implement two-factor authentication
B. deploy a switched Ethernet network infrastructure
C. use software and hardware to detect the use of sniffers
D. deploy network-level cryptography using IPsec, secure services, and secure protocols
Answer: D
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate
access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your
computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in
identity theft
Answer: B
Explanation: Attackers and hackers can employ social engineering techniques to pose as
legitimate people seeking out information. A few well structured telephone calls to
unsuspecting employees can provide a significant amount of information
Incorrect:
A – Is called ’Access attacks’
C – Is called ’Worms, Viruses and Trojan Horses’
D – Is called ’Denial of Service (DOS) attacks’
E – This is an example of social engineering
The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager
The TestKing 642-552 exam products are designed to maximize your learning productivity and focus only on the important aspects that will help you to pass your exam, the first time. We will provide you with exam questions and verified answers, with detailed explanations, that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. Our exam guides are not just questions and answers. Our questions have detailed explanations provided by our certified industry experts, ensuring that you fully understand the questions and the concept behind the questions.
Free Down:Testking Cisco CCSP 642-552
password:www.testking.name
Recent Comments