Test 4 Exam

Exam: Cisco 642-583

Title: Security Solutions for Systems

Engineers

Demo

Test4Exam- Leading the way in studying IT certificaiton

 Test 4 Exam
1. The LWAPP protocol supports which type of native encryption?

A. DES

B. 3DES

C. RC5

D. IDEA

E. ECC

F. AES

Answer: F

2. Which Cisco software agent uses content scanning to identify sensitive content and controls the
transfer of sensitive content off the local endpoint over removable storage, locally or network-attached
hardware, or network applications?

A. Cisco Trust Agent 2.0

B. Cisco NAC Appliance Agent 4.1.3

C. Cisco NAC Appliance Web Agent 1.0

D. Cisco Security Agent 6.0

E. Cisco IronPortAgent 3.0

Answer: D

3. Cisco Security MARS and Cisco Security Manager can work together to perform which two
functions? (Choose two.)

A. centralized attacks mitigation commands management

B. centralized syslog storage and management

C. firewall events-to-Cisco Security MARS events correlations

D. IPS events-to-Cisco Security MARS events correlations

E. false-positive tuning

F. incident-vector analysis

Answer: CD

4. Which is used to authenticate remote IPsec VPN users?

Test4Exam help you Test any it exam! http://www.Test4Exam.com
 Test 4 Exam
A. PFS

B. XAUTH

C. mode configuration

D. single sign-on (SSO)

E. Diffie-Hellman (DH)

F. pre-shared key

Answer: B

5. Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs
is correct?

A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames
and passwords.

B. VPN servers authenticate by using digital certificates, and users authenticate by using
usernames and passwords.

C. VPN servers authenticate by using digital certificates, and users authenticate by using
pre-shared keys.

D. VPN servers and users authenticate by using digital certificates.

E. VPN servers and users authenticate by using pre-shared keys.

Answer: B

6. Cisco IOS Flexible Packet Matching (FPM) is an example of which kind of network security
technology?

A. Layer 37 stateless packet filter

B. stateful Layer 7 (application) firewall

C. deep packet inspection (DPI) firewall

D. stateful packet inspection

E. proxy firewall

F. IPS

Answer: A

Test4Exam help you Test any it exam! http://www.Test4Exam.com

 Test 4 Exam
7. Cisco SSL VPN solution uses the Cisco Secure Desktop to provide which four functionalities?
(Choose four.)

A. pre-login assessment

B. application plug-ins

C. secure vault

D. Cache Cleaner

E. Advanced Endpoint Assessment

F. smart tunnel

Answer: ACDE

8. Which of the followings are two of the key criteria to use when sizing which Cisco Security
MARS model to deploy? (Choose two.)

A. monitoring and reporting protocols being used (e.g., syslog versus SNMP)

B. using a one-, two-, or three-tier Cisco Security MARS architecture

C. events-storage requirements

D. database-reporting requirements

E. incoming events per second rate

F. auto-mitigation requirements

Answer: CE

9. What should be configured to maintain symmetric flow of traffic when using the Gateway Load
Balancing Protocol to enable high-availability Cisco IOS firewalls?

A. policy-based routing

B. static routing

C. dynamic routing

D. CEF

E. network address translation (NAT)

F. reflexive ACL

Answer: E
Test4Exam help you Test any it exam! http://www.Test4Exam.com
 Test 4 Exam
10. Which Cisco Security Management product supports both Cisco and third party security
products?

A. Cisco IME

B. Cisco ASDM

C. Cisco Security Manager

D. Cisco Security MARS

E. Cisco Configuration Professional

F. Cisco SDM

Answer: D

11. What is the primary reason that GET VPN is not deployed over the public Internet?

A. because GET VPN supports re-keying using multicast only

B. because GET VPN preserves the original source and destination IP addresses, which may be
private addresses that are not routable over the Internet

C. because GET VPN uses IPsec transport mode, which would expose the IP addresses to the
public if using the Internet

D. because the GET VPN group members use multicast to register with the key servers

E. because the GET VPN key servers and group members requires a secure path to exchange the
Key Encryption Key (KEK) and the Trafflc Encryption Key (TEK)

Answer: B

12. What are two differences between symmetric and asymmetric encryption algorithms?
(Choose two.)

A. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk
encryption.

B. Asymmetric encryption is slower than symmetric encryption.

C. Asymmetric encryption requires a much larger key size to achieve the same level of protection
as symmetric encryption.

D. Symmetric encryption is used in digital signatures and asymmetric encryption is used in

HMACs.

Answer: BC
Test4Exam help you Test any it exam! http://www.Test4Exam.com
 Test 4 Exam
13. What is implemented on Cisco IP Phones so that they can authenticate itself before gaining
network access?

A. Cisco Secure Services Client

B. Cisco NAC Appliance Agent (NAA)

C. IEEE 802.1X supplicant

D. AAA client

E. Cisco Security Agent

F. one-time password

Answer: C

14. The Cisco ASA can use which three network controls or technologies to filter network traffic?
(Choose three.)

A. stateful packet filters with Application Inspection and Control

B. network IPS with the AIP-SSM

C. adaptive control protocol

D. zone-based policy firewall

E. XML firewalling

F. proxy services with the CSC-SSM

Answer: ABF

15. The Cisco ACE 4710 Appliance can be used in the enterprise data center to provide which
three functions? (Choose three.)

A. SYN flooding attacks protection

B. anti-spoofing protection

C. XML firewalling

D. HTTPS session decryption through SSL/TLS termination

E. HTTP protocol verification

Answer: ADEr: C

Test4Exam help you Test any it exam! http://www.Test4Exam.com

 Test 4 Exam

Test4Exam help you Test any it exam! http://www.Test4Exam.com