Actualtests 642-502
642-502: Cisco Rich Media Communications Last Updated Monday, April 21, 2008 with 99 Questions
Securing Networks with Cisco Routers and Switches Exam(SNRS)
Exam Number: 642-502 Exam
Associated Certifications: Securing Networks with Cisco Routers and Switches Exam(SNRS)
Duration: 63 Q&A we offer correct answe
Available Language(s): English
Exam Details
The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.
Free 642-502 Exams’s PDF Download
Free Actualtests offers free demo for 642-502 PDF(Securing Networks with Cisco Routers and Switches Exam(SNRS)). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Securing Networks with Cisco Routers and Switches Exam(SNRS).
Recommended Training about 642-502 exam PDF
The following courses are the recommended training for 642-502 exam PDF.
642-502 Q & A with Explanations
642-502 Audio Exam
642-502 Study Guide
642-502 Preparation Lab
642-502 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
642-502 Exam: Actualtests’s Securing Networks with Cisco Routers and Switches Exam(SNRS) PDF
The Securing Networks with Cisco Routers and Switches Exam(SNRS) PDF for preparing for the 642-502 exam - Actualtests’s Securing Networks with Cisco Routers and Switches Exam(SNRS). Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.
QUESTION 1:
A new Certkiller switch has been installed and you wish to secure it. Which Cisco
Catalyst IOS command can be used to mitigate a CAM table overflow attack?
A. switch(config-if)# port-security maximum 1
B. switch(config)# switchport port-security
C. switch(config-if)# port-security
D. switch(config-if)# switchport port-security maximum 1
E. switch(config-if)# switchport access
F. switch(config-if)# access maximum 1
Answer: D
Explanation:
Enabling and Configuring Port Security:
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface
by limiting and identifying MAC addresses of the stations allowed to access the port:
To ensure that only a single station’s MAC address is allowed on a given port, specify the
value of the “switchport port-security maximum” command to 1. This will safeguard
against CAM overflow attacks.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_guide_chapter09186a00801
c
QUESTION 2:
SIMULATION
The following diagram displays a portion of the Certkiller network:
642-502
Actualtests.com - The Power of Knowing
You work for the Certkiller .com, which has a server connected to their
infrastructure through a switch named Houston. Although Certkiller .com uses
VLANs for security, an attacker is trying to overflow the CAM table by sending out
spoofed MAC addresses through a port on the same switch as the server. Your task
is to configure the switch to protect the switch from a CAM table overflow attack.
For purposes of this test, we will assume that the attacker is plugged into port
Fa0/12. The topology is pictured in the exhibit. The enable password for the switch
is Certkiller . The following passwords have been assigned to the Houston switch:
Console passwords: california
VTY lines 0-4 password: city
Enable passwords: Certkiller
Start the simulation by clicking on the host.
Answer:
Explanation:
Switch1(config)# interface fastethernet0/12
Switch1(config-if)# switchport mode access
Switch1(config-if)# switchport port-security
Switch1(config-if)# switchport port-security maximum 1
Switch1(config-if)# end
Enabling and Configuring Port Security:
Beginning in privileged EXEC mode, follow these steps to restrict input to an interface
by limiting and identifying MAC addresses of the stations allowed to access the port:
642-502
Actualtests.com - The Power of Knowing
To ensure that only a single station’s MAC address is allowed on a given port, specify the
value of the “switchport port-security maximum” command to 1. This will safeguard
against CAM overflow attacks.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_guide_chapter09186a00801
c
QUESTION 3:
You want to increase the security of a newly installed switch. Which Cisco Catalyst
IOS command is used to mitigate a MAC spoofing attack?
A. switch(config-if)# port-security mac-address 0000.ffff.aaaa
B. switch(config)# switchport port-security mac-address 0000.ffff.aaaa
C. switch(config-if)# switchport port-security mac-address 0000.ffff.aaaa
D. switch(config)# port-security mac-address 0000.ffff.aaaa
E. switch(config-if)# mac-address 0000.ffff.aaaa
F. switch(config)# security mac-address 0000.ffff.aaaa
Answer: C
Explanation:
You can use the port security feature to restrict input to an interface by limiting and
identifying MAC addresses of the workstations that are allowed to access the port. When
you assign secure MAC addresses to a secure port, the port does not forward packets with
source addresses outside the group of defined addresses. If you limit the number of
secure MAC addresses to one and assign a single secure MAC address, the workstation
attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC
addresses is reached, when the MAC address of a workstation attempting to access the
port is different from any of the identified secure MAC addresses, a security violation
occurs. If a workstation with a secure MAC that is address configured or learned on one
secure port attempts to access another secure port, a violation is flagged.
After you have set the maximum number of secure MAC addresses on a port, the secure
addresses are included in an address table in one of these ways:
You can configure all secure MAC addresses by using the switchport port-security
mac-address mac_address interface configuration command.
You can allow the port to dynamically configure secure MAC addresses with the MAC
addresses of connected devices.
You can configure a number of addresses and allow the rest to be dynamically
configured.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800d
a
Note: there is no ability to use “copy running-config startup-config” or “write memory”,
642-502
Actualtests.com - The Power of Knowing
so each solution should use the “end” command in config mode to save the current
configuration.
QUESTION 4:
The security administrator for Certkiller Inc. is working on defending the network
against SYN flooding attacks. Which of the following are tools to protect the
network from TCP SYN attacks?
A. Route authentication
B. Encryption
C. ACLs
D. TCP intercept
E. None of the above.
Answer: D
Explanation:
The TCP intercept feature implements software to protect TCP servers from TCP
SYN-flooding attacks, which are a type of denial-of-service attack.
A SYN-flooding attack occurs when a hacker floods a server with a barrage of requests
for connection. Because these messages have unreachable return addresses, the
connections cannot be established. The resulting volume of unresolved open connections
eventually overwhelms the server and can cause it to deny service to valid requests,
thereby preventing legitimate users from connecting to a web site, accessing e-mail,
using FTP service, and so on.
The TCP intercept feature helps prevent SYN-flooding attacks by intercepting and
validating TCP connection requests. In intercept mode, the TCP intercept software
intercepts TCP synchronization (SYN) packets from clients to servers that match an
extended access list. The software establishes a connection with the client on behalf of
the destination server, and if successful, establishes the connection with the server on
behalf of the client and knits the two half-connections together transparently. Thus,
connection attempts from unreachable hosts will never reach the server. The software
continues to intercept and forward packets throughout the duration of the connection. The
number of SYNs per second and the number of concurrent connections proxied depends
on the platform, memory, processor, and other factors
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800
c
QUESTION 5:
Which of the following IOS commands will you advise the Certkiller trainee
technician to use when setting the timeout for router terminal line?
A. exec-timeout minute [seconds]
642-502
Actualtests.com - The Power of Knowing
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds]
Answer: A
Explanation:
The exec timeout command prevents unauthorized users from misusing abandoned
sessions (for instance if the network administrator went on vacation and left an enabled
login session active on his desktop system). There is a trade-off here between security
(shorter timeouts) and usability (longer timeouts). Check your local policies and
operational needs to determine the best value. In most cases, this should be no more than
10 minutes. To configure the timeout values, perform the following steps:
router(config)# line INSTANCE
router(config-line)# exec-timeout $(EXEC_TIMEOUT)
router(config-line)# exit
Reference: http://www.cisco.com/warp/public/793/access_dial/comm_server.html
QUESTION 6:
The Certkiller network is implementing IBNS. In a Cisco Identity-Based Networking
Service (IBNS) implementation, the endpoint that is seeking network access is
known as what?
A. Host
B. Authentication
C. PC
D. Authentication server
E. Client
F. Supplicant
Answer: F
Explanation:
In IBNS, the supplicant is the end device that is seeking network access. The supplicant
is a software component on the user workstation that answers a challenge from the
authenticator. Supplicant functionality may also be implemented on network devices to
authenticate to upstream devices.
Reference: Securing Networks with Cisco Routers and Switches (SNRS) Courseware
Page 3-30.
QUESTION 7:
A new IBNS system is being installed in the Certkiller network. The Cisco
Identity-Based Networking Services (IBNS) solution is based on which two standard
implementations? (Choose two.)
642-502
Actualtests.com - The Power of Knowing
A. TACACS+
B. RADIUS
C. 802.11
D. 802.1x
E. 802.1q
F. IPSec
Answer: B, D
Explanation:
The Cisco IBNS solution is based on standard RADIUS and 802.1X implementations. It
interoperates with all IETF authentication servers that comply with these two standards.
Cisco has enhanced the Cisco Secure ACS to provide a tight integration across all Cisco
switches.
Reference: Securing Networks with Cisco Routers and Switches (SNRS) Courseware
Page 3-24.
QUESTION 8:
You wish to configure 802.1X port control on your switch. Which three keywords
are used with the dot1x port-control command? (Choose three.)
A. enable
B. force-authorized
C. force-unathorized
D. authorized
E. unauthorized
F. auto
Answer: B, C, F
Explanation:
To enable manual control of the authorization state on a port, use the “dot1x port-control”
command. To return to the default setting, use the no form of this command.
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control {auto | force-authorized | force-unauthorized}
Syntax Description:
642-502
Actualtests.com - The Power of Knowing
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_command_reference_chapter09186a00803
QUESTION 9:
The Certkiller network has rolled out an 802.1X based system. In an 802.1x
implementation, the authenticator acts as a gateway to which device?
A. Host
B. Authenticator
C. PC
D. Authentication server
E. Client
F. Supplicant
Answer: D
Explanation:
The table below outlines the definitions for the authentication server and the
authenticator:
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008020
6
QUESTION 10:
The Certkiller network is using an 802.1X implementation. In an 802.1x
implementation, the supplicant directly connects to, and obtains network access
permission through which device?
A. Host
B. Authenticator
C. PC
642-502
Actualtests.com - The Power of Knowing
D. Authentication server
E. Client
F. Supplicant
Answer: B
Explanation:
In Identity Based Networking Services, the supplicant is the end device that is seeking
network access. The supplicant is a software component on the user workstation that
answers a challenge from the authenticator.
The authenticator is the entity at one end of a point-to-point LAN segment that enforces
host authentication. The authenticator is independent of the actual authentication method
and functions only as a pass-through for the authentication exchange. It communicates
with the host, submits the information from the host to the authentication server, and
authorizes the host when instructed to do so by the authentication server.
Reference: Securing Networks with Cisco Routers and Switches (SNRS) Courseware
Page 3-30.
Free download:pass4sure 642-502
Free download:testking 642-502
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Random Posts
[...] Switches Exam(SNRS)”, also known as 642-502 exam, is a Cisco certification. Preparing for the 642-502 exam Searching 642-502 Test Questions, 642-502 Exam, 642-502 [...]
[...] Networks with Cisco Routers and Switches Exam(SNRS)”, also known as 642-502 exam, is a Cisco certification. Preparing for the 642-502 exam? Searching 642-502 Test Questions, [...]