Cisco 642-583 certification Dump, Prepare for the Cisco 642-583 Exam Materials 100% Pass With A High Score

Flydumps is the best place for preparing IT Certifications as we are providing latest and guaranteed questions for all certifications. We offer you the ultimate preparation resource of Cisco 642-583 exam question. Wondering what could be this effective? It is our training material which serves as a guide to achieving your dream as a certified professional.

QUESTION 51
Which two Cisco products can be used to provide a captive portal to authenticate wireless users? (Choose two.)
A. Cisco Secure ACS
B. WLAN Controller
C. Cisco NAC Guest Server
D. Cisco NAC Profiler
E. Cisco ASA

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 21 Cisco 642-583: Practice Exam
QUESTION 52
Cisco SSL VPN solution uses which method to provide connections between a Winsock 2, TCP- based application and a private site without requiring administrative privileges?
A. application plug-ins
B. port forwarding
C. CiscoAnyConnect VPN Client
D. smart tunnels
E. Cisco Secure Desktop

Correct Answer: D Section: (none) Explanation
QUESTION 53
What is implemented on Cisco IP Phones so that they can authenticate itself before gaining network access?
A. Cisco Secure Services Client
B. Cisco NAC Appliance Agent (NAA)
C. IEEE 802.1X supplicant
D. AAA client
E. Cisco Security Agent
F. one-time password

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which Cisco ASA SSL VPN feature requires a special license?
A. prelogin assessment
B. Basic Host Scan
C. smart tunnels
D. Advanced Endpoint Assessment
E. client plug-ins
F. CiscoAnyConnect VPN Client

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 22 Cisco 642-583: Practice Exam
QUESTION 55
Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs is correct?
A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames and passwords.
B. VPN servers authenticate by using digital certificates, and users authenticate by using usernames and passwords
C. VPN servers authenticate by using digital certificates, and users authenticate by using pre- shared keys.
D. VPN servers and users authenticate by using digital certificates.
E. VPN servers and users authenticate by using pre-shared keys.

Correct Answer: B Section: (none) Explanation
QUESTION 56
Which two logical controls are available on Cisco lOS routers to limit the damage of physical intrusions? (Choose two.)
A. USB smart token key storage
B. security stickers
C. disabling of password recovery
D. digitally signed CiscolOS image
E. port security

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When SSL uses TCP encapsulation on Cisco SSL VPNs, the user’s TCP session is transported over another TCP session, thus making flow control inefficient if a packet is lost. Which solution solves this problem?
A. smart tunnel
B. application plug-ins
C. DTLS
D. Cisco Secure Desktop
E. DAP
F. SSL traversal “Pass Any Exam. Any Time.” 23 Cisco 642-583: Practice Exam

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which three security components can be found in today’s typical single-tier firewall system? (Choose three.)
A. Stateful Packet Filtering with Application Inspection and Control
B. IPS
C. Network Admission Control
D. application proxy
E. cache engine
F. server load balancing

Correct Answer: ABD Section: (none) Explanation QUESTION 59
Cisco SSL VPN solution uses the Cisco Secure Desktop to provide which four functionalities? (Choose four.)
A. pre-login assessment
B. application plug-ins
C. secure vault
D. Cache Cleaner
E. Advanced Endpoint Assessment
F. smart tunnel

Correct Answer: ACDE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which algorithm is recommended for implementing automatic symmetric key exchange over an unsecured channel?
A. public key infrastructure (PKI)
B. Diffie-Hellman (DH)
C. RSA
D. EAP
E. SHA-512
F. AES “Pass Any Exam. Any Time.” 24 Cisco 642-583: Practice Exam

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which platform has the highest IPsec throughput and can support the highest number of tunnels?
A. Cisco 3845 with AIM-VPN/SSL-3
B. Cisco 7200 NPE-GE+VSA
C. Cisco 7200 NPE-GE+VAM2+
D. Cisco ASR 1000-5G
E. Cisco 6500/7600 + VPN SPA
F. Cisco ASA 5580

Correct Answer: E Section: (none) Explanation
QUESTION 62
Which Cisco software agent uses content scanning to identify sensitive content and controls the transfer of sensitive content off the local endpoint over removable storage, locally or network- attached hardware, or network applications?
A. Cisco Trust Agent 2.0
B. Cisco NAC Appliance Agent 4.1.3
C. Cisco NAC Appliance Web Agent 1.0
D. Cisco Security Agent 6.0
E. CiscoIronPort Agent 3.0

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
When implementing QoS, which Cisco product can be used to provide endpoint-based trusted- traffic marking?
A. Cisco NAC Appliance Agent (Cisco NAA)
B. Cisco Trust Agent
C. Cisco Secure Services Client
D. Cisco Secure Desktop
E. Cisco Security Agent

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 25 Cisco 642-583: Practice Exam
QUESTION 64
An OSPF router (routerA) on the network is running at an abnormally high CPU rate. Using various OSPF debug commands on routerA, the network administrator determines that routerA is receiving many OSPF link state packets from an unknown OSPF neighbor, thus forcing many OSPF path recalculations and affecting routerA’s CPU usage. Which OSPF configuration should the administrator enable to prevent this kind of attack on routerA?
A. OSPF stub area
B. OSPF link state advertisement (LSA) filtering
C. OSPF MD5 authentication
D. multi-area OSPF
E. OSPF not-so-stubby area

Correct Answer: C Section: (none) Explanation
QUESTION 65
IPsec peer authentication is typically implemented through which two methods? (Choose two.)
A. pre-shared key
B. Diffie-Hellman (DH)
C. non-encryptedNounce
D. digital certificate
E. AAA
F. one-time password

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Which two Cisco products are best positioned for data loss prevention? (Choose two.)
A. CiscoIronPort C-Series appliances
B. Cisco ASA Software version 8.0
C. Cisco IPS 6.0
D. Cisco NAC Appliance
E. Cisco Security Agent 6.0
F. Cisco Security MARS “Pass Any Exam. Any Time.” 26 Cisco 642-583: Practice Exam

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which Cisco Catalyst Series switch feature is used for integrating a tap-mode (promiscuous mode) IDS/ IPS sensor into the network?
A. PVLAN
B. PVLAN Trunk
C. PVLAN Edge
D. Cisco Express Forwarding Switching
E. Switch PortANalyzer (SPAN)
F. Remote Network Monitoring (RMON)

Correct Answer: E Section: (none) Explanation
QUESTION 68
Cisco Security MARS and Cisco Security Manager can work together to perform which two functions? (Choose two.)
A. centralized attacks mitigation commands management
B. centralizedsyslog storage and management
C. firewall events-to-Cisco Security MARS events correlations
D. IPS events-to-Cisco Security MARS events correlations
E. false-positive tuning
F. incident-vector analysis

Correct Answer: CD Section: (none) Explanation Explanation/Reference:
QUESTION 69
Which methods are used when implementing a proxy component within a firewall system?
A. transparent or non-transparent
B. inline or tap mode
C. Layer 2 or Layer 3
D. routed or bridged
E. in-band or out-of-band

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 27 Cisco 642-583: Practice Exam
QUESTION 70
Which Cisco NAC Appliance design is the most scalable architecture for campus LANs because it provides high performance after posture verification?
A. Layer 2 out-of-band
B. Layer 2 edge deployment
C. Layer 3 in-band
D. Layer 3 centraldeployment
E. in-band real-IP gateway
F. in-band virtual gateway

Correct Answer: A Section: (none) Explanation
QUESTION 71
Which EAP authentication method requires both a client and a server digital certificate?
A. PEAP-GTC
B. EAP-FAST
C. EAP-TLS
D. EAP-MD5
E. EAP-MS-CHAP

Correct Answer: C Section: (none) Explanation
QUESTION 72
Which of the followings are two of the key criteria to use when sizing which Cisco Security MARS model to deploy? (Choose two.)
A. monitoring and reporting protocols being used (e.g.,syslog versus SNMP)
B. using a one-, two-, or three-tier Cisco Security MARS architecture
C. events-storage requirements
D. database-reporting requirements
E. incoming events per second rate
F. auto-mitigation requirements

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 28 Cisco 642-583: Practice Exam
QUESTION 73
Using Cisco ASA active/active stateful failover, what happens if the return packet of an existing connection is not found in the local Cisco ASA connection table?
A. The local Cisco ASA will drop the packet.
B. If the local Cisco ASA is the active Cisco ASA, then it will forward the packet.
C. The local Cisco ASA will forward the packet if it is permitted by the inbound ACL.
D. The local Cisco ASA will perform a reverse path forwarding check to determine whether to forward or drop the packet.
E. The local Cisco ASA will determine, based on its routing table, whether to forward or drop the packet.
F. The local Cisco ASA will examine the copy of the other Cisco ASA’s connection table and, if a match is found, will forward the packet to the other Cisco ASA.

Correct Answer: F Section: (none) Explanation
QUESTION 74
Cisco IOS Control Plane Protection can be used to protect traffic to which three router control plane subinterfaces? (Choose three.)
A. host
B. aggregate
C. cpu
D. transit
E. CEF-exception
F. fast-switched

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 75
Which two Cisco application-layer firewall products are based on proxy technology that can analyze the SOAP protocol and its payloads (XML messages), used in web services applications? (Choose two.)
A. Cisco FWSM
B. Cisco ACE XML Gateway
C. Cisco ASA
D. Cisco AON Software modules
E. CiscoIronPort C-Series appliance “Pass Any Exam. Any Time.” 29 Cisco 642-583: Practice Exam
F. Cisco Application Velocity System (AVS)

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 76
What happens if a preconfigured usage threshold is exceeded when using the Cisco IOS Network Foundation Protection (NFP) Memory Thresholding Notification and CPU Thresholding Notification features?
A. The router will automatically limit the memory or CPU usage on a per process basis.
B. The router will send an SNMP trap to a management station.
C. The router will reboot.
D. The router will start generatingNetFlow accounting records to track the memory and CPU usage per each running process.
E. The router will switch from process switching to Cisco Express Forwarding switching.
F. The router will switch from Cisco Express Forwarding switching to process switching.

Correct Answer: B Section: (none) Explanation
QUESTION 77
Which uRPF option allows for asymmetrical routing?
A. strictuRPF
B. staticuRPF
C. looseuRPF
D. dynamicuRPF
E. unidirectionaluRPF

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 78
MPLS VPN does not provide or support which of the following?
A. customer’s isolation
B. the use of private IP addresses
C. confidentiality
D. any-to-any connectivity
E. customer’s IGP routing “Pass Any Exam. Any Time.” 30 Cisco 642-583: Practice Exam
Correct Answer: C Section: (none)

Explanation Explanation/Reference:
QUESTION 79
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

“Pass Any Exam. Any Time.” 31 Cisco 642-583: Practice Exam
QUESTION 80
When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot be used?
A. Virtual RoutingForwardings (VRFs)
B. Virtual Tunnel Interfaces (VTIs)
C. dynamic crypto maps
D. GET VPN
E. MPLS VPN

Correct Answer: B Section: (none) Explanation
QUESTION 81
Which method is used to scale Cisco Security MARS deployments?
A. Migrate from the Gen1 to Gen2 Cisco Security MARS platforms.
B. Use redundant or duplicated Cisco Security MARS appliances to implement a multi-tier architecture.
C. Use the Cisco Security MARSsyslog forwarding feature to offload the syslog storage requirement to an external server.
D. Divide the network into multiple zones,then use the global/local controllers approach.
E. Centralize all the incomingsyslog messages to a single syslog server, which will then relay all the syslog messages to Cisco Security MARS.

Correct Answer: D Section: (none) Explanation
QUESTION 82
The LWAPP protocol supports which type of native encryption?
A. DES
B. 3DES
C. RC5
D. IDEA
E. ECC
F. AES

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 32 Cisco 642-583: Practice Exam
QUESTION 83
DRAG DROP A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 84
Which functionality does the Cisco Security MARS security appliance use to achieve events aggregation?
A. summarization
B. false positive tuning
C. syslog forwarding
D. sessionization
E. events action filters
F. Cisco Security Manager policy correlations “Pass Any Exam. Any Time.” 33 Cisco 642-583: Practice Exam

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 85
Refer to the exhibit. Which statement correctly describes this security architecture, which is used to protect the multi-tiered web application?
A. This architecture supports application tiers that are dual homed.
B. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls.
C. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth.
D. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures.

Correct Answer: D Section: (none) Explanation
QUESTION 86
Refer to the exhibit. To support IPsec VPN, which three traffic types should ACL1 permit on the firewall in front of the IPsec VPN gateway? (Choose three.)

A. IP protocol 50
B. TCP port 50
C. IP protocol 10000
D. UDP port 10000
E. UDP port 500
F. UDP port 4500 “Pass Any Exam. Any Time.” 34 Cisco 642-583: Practice Exam

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which Cisco Security Management product can perform (syslog) events normalization?
A. Cisco Secure ACS
B. Cisco Secure ACS View
C. Cisco Security MARS
D. Cisco Security Manager
E. Cisco ASDM
F. Cisco IME

Correct Answer: C Section: (none) Explanation
QUESTION 88
Which three statements correctly describe the perimeter-endpoint security architecture? (Choose three.)
A. The network is partitioned into security domains.
B. The network is regarded as anuntrusted transport mechanism.
C. The architecture uses a restrictive access model.
D. The architecture is easy to operate and to maintain and is flexible for adding new services.
E. The architecture offers integration of network and endpoint security.

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 89
DRAG DROP

“Pass Any Exam. Any Time.” 35 Cisco 642-583: Practice Exam
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

QUESTION 90
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 36 Cisco 642-583: Practice Exam Explanation:
QUESTION 91
What is the primary reason that GET VPN is not deployed over the public Internet?
A. because GET VPN supports re-keying using multicast only
B. because GET VPN preserves the original source and destination IP addresses, which may be private addresses that are not routable over the Internet
C. because GET VPN usesIPsec transport mode, which would expose the IP addresses to the public if using the Internet
D. because the GET VPN group members use multicast to register with the key servers
E. because the GET VPN key servers and group members requires a secure path to exchange the Key Encryption Key (KEK) and the Traffic Encryption Key (TEK)

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 92
What is used to enable IPsec usage across Port Address Translation (PAT) devices?
A. port forwarding “Pass Any Exam. Any Time.” 37 Cisco 642-583: Practice Exam
B. static NAT/PAT
C. NAT-T
D. IPsec tunnel mode E. RRI

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which function can the Cisco Security Agent data access control feature perform?
A. detects changes to system files by examining the file signature
B. detects attempts to modify the file registry
C. detectsrootkit by examining attempts to modify the kernel functionality
D. detects malformed HTTP requests by examining the URI in the HTTP request
E. enables trustedQoS marking at the end host
F. provides the ability for administrators to write scripts to perform a subset of configuration actions on the management console

Correct Answer: D Section: (none) Explanation
QUESTION 94
Which two Cisco products/features offer the best security controls for a web server which has applications running on it that perform inadequate input data validation? (Choose two.)
A. Cisco Security Agent data access controls
B. Cisco ASA Application Inspection and Control (AIC)
C. Cisco IPS appliance Meta Event Generator
D. Cisco Application Velocity System (AVS)
E. Cisco IOS Flexible Packet Matching (FPM)
F. Cisco ACE XML Gateway

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 95
DRAG DROP
“Pass Any Exam. Any Time.” 38 Cisco 642-583: Practice Exam A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

“Pass Any Exam. Any Time.” 39
QUESTION 96
Cisco Security MARS and Cisco Security Manager can work together to perform which two functions? (Choose two.)
A. centralized attacks mitigation commands management
B. centralizedsyslog storage and management
C. firewall events-to-Cisco Security MARS events correlations
D. IPS events-to-Cisco Security MARS events correlations
E. false-positive tuning F. incident-vector analysis

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Cisco IOS Control Plane Protection can be used to protect traffic to which three router control plane subinterfaces? (Choose three.)
A. host
B. aggregate
C. cpu
D. transit
E. CEF-exception
F. fast-switched

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 98
When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot be used?
A. Virtual RoutingForwardings (VRFs)
B. Virtual Tunnel Interfaces (VTIs)
C. dynamic crypto maps
D. GET VPN
E. MPLS VPN

Correct Answer: B Section: (none) Explanation
QUESTION 99
DRAG DROP A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” 36 Cisco 642-583: Practice Exam

Explanation:

QUESTION 100
DRAG DROP
“Pass Any Exam. Any Time.” 38 Cisco 642-583: Practice Exam A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

“Pass Any Exam. Any Time.” 39