Cisco 642-551 Prep Guide, Latest Updated Cisco 642-551 Study Guide Book Latest Version PDF&VCE

Flydumps is one of the leading exam preparation material providers.We have a complete range of exams offered by the top vendors of their respective industries.You can download free Cisco 642-551 demos in PDF files that are the latest.

QUESTION 30
Which type of VPN is considered an extension of a classic WAN?
A. remote-access VPN
B. site-to-site VPN
C. GRE VPN
D. L2TP VPN

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 31
What should be the first step in migrating a network to a secure infrastructure?
A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 32
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which authentication method is based on the 802.1x authentication framework, and mitigates several of the weaknesses by using dynamic WEP and sophisticated key management on a per-packet basis?
A. PAP
B. CHAP
C. LEAP
D. ARAP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which connections does stateful packet filtering handle?
A. TCP and UDP
B. packet
C. TCP only
D. ICMP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 35
What is considered the main administrative vulnerability of Cisco Catalyst switches?
A. SNMP
B. Telnet
C. poor passwords
D. poor encryption

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which command globally disables CDP?
A. no cdp
B. cdp disable
C. no cdp enable
D. no cdp run

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 37
At which location in an access control list is it recommended that you place the more specific entries?
A. in the middle of the access control list
B. higher in the access control list
C. lower in the access control list
D. at the bottom of the access control list

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 38
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 39
How does HIPS inspect for attacks?
A. by intercepting traffic that is incoming to the network interface card
B. by inspecting syslog messages
C. by inspecting traffic that is outgoing from the network interface card
D. by intercepting calls to the OS kernel
E. by inspecting API messages between applications

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 40
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN?
A. remote-access VPN
B. overlay VPN
C. WAN-to-WAN VPN
D. site-to-site VPN
E. SSL VPN

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Where is the Cisco Security Agent installed?
A. on a router
B. on a switch
C. on a host
D. on a hub
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 42
What are the four critical services of IPSec functions? (Choose four.)
A. replay protection
B. confidentiality
C. data integrity
D. data mining
E. origin authentication
F. anti-replay protection

Correct Answer: BCEF Section: (none) Explanation
Explanation/Reference:
QUESTION 43
Which management protocol is used to synchronize the clocks across a network?
A. SNMP
B. syslog
C. NTP
D. TFTP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Which encryption method uses a 56-bit key to ensure high-performance encryption?
A. 3DES
B. AES
C. RSA
D. DES

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Which command is used to configure syslog on a Cisco router?
A. syslog
B. logging
C. logging-host D. syslog-host

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which method of mitigating packet-sniffer attacks is most effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Which command sets the minimum length of all Cisco IOS passwords?
A. password min-length length
B. min-length security length
C. enable secret min-length
D. security passwords min-length length

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 49
The DH exchange used to generate the shared secret keys occurs in which IKE and exchange phase?
A. first exchange
B. second exchange
C. third exchange
D. fourth exchange

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 50
What would the following command indicate if it were used on the Cisco PIX Security Appliance? nameif ethernet2 dmz security50
A. The administrator is naming an Ethernet interface only.
B. The administrator is assigning a security level only.
C. The administrator is removing a named interface.
D. The administrator is naming an interface and assigning a security level to it.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Cisco 642-551 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-551. We provide our customers with the excellent 7×24 hours customer service.We have the most professional Cisco 642-551 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-551 free pdf