Actualtests 642-542
642-542 : Cisco SAFE Implementation Last Updated Wednesday, April 23, 2008 with 253 Questions
Cisco SAFE Implementation Exam
Exam Number: 642-542 Exam
Associated Certifications: Cisco SAFE Implementation Exam
Duration: 224 Q&A
Available Language(s): English
Exam Details
The Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.
Free 642-542 Exams’s PDF Download
Free Actualtests offers free demo for 642-542 PDF(Cisco SAFE Implementation Exam). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Cisco SAFE Implementation Exam.
Recommended Training about 642-542 exam PDF
The following courses are the recommended training for 642-542 exam PDF.
642-542 Q & A with Explanations
642-542 Audio Exam
642-542 Study Guide
642-542 Preparation Lab
642-542 Exam Preparation from Actualtests with FULL explanations include:
Comprehensive questions with complete details
Detailed explanations of all the questions
Questions accompanied by exhibits
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Questions updated on regular basis
These questions and answers are backed by our GUARANTEE.
Like actual certification exams our product is in multiple-choice questions (MCQs).
642-542 Exam: Actualtests’s Cisco SAFE Implementation Exam PDF
The Cisco SAFE Implementation Exam PDF for preparing for the 642-542 exam - Actualtests’s Cisco SAFE Implementation Exam. Actualtests is your premier source for practice tests, and true testing environment. Nothing will prepare you for your next exam like a Actualtests. You find it all here at ciscoexams.org.
are more highly motivated and technically
competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Answer: D
Explanation: Structured threats come from adversaries that are highly motivated
and technically competent.
Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2:
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.
F. You can not determine the source.
Answer: C
Explanation: The worst attack is the one that you cannot stop. When performed
properly, DDoS is just such an attack.
QUESTION 3:
What type of network requires availability to the Internet and public networks as a major
requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Answer: A
Explanation:
642-542
Actualtests.com - The Power of Knowing
The networks of today are designed with availability to the Internet and public networks,
which is a major requirement. Most of today’s networks have serverla access points to
other network both public and private;therefore,securing these networks has become
fundamentally important.
Reference: CSI Student guide v2.0 p.2-4
QUESTION 4:
The security team at Certkiller Inc. is working on network security design.
What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Answer: C
Explanation:
One of the key factors to building a successful network security design is to identify and
enforce a proper trust model. The proper trust model defines who needs to talk to whom
and what kind of traffic needs to be exchanged; all traffic should be denied. one
the proper trust model has been identified, then the security designer should decide how
to enforce the model. As more critical resources are globally available and new forms of
network attacks evolve, the network security infrastructure tends to become more
sophisticated, and more products are available. Firewalls, routers, LAN switches,
intrusion detection systems, AAA servers, and VPNs are some of the technologies and
products that can help enforce the model. Of course, each one of these products and
technologies plays a particular role within the overall security implementation, and it is
essential for the designer to understand how these elements can be deployed.
Network File Sharing seems to be the best answer out of all the answers listed.
Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 5:
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Answer: C
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic
642-542
Actualtests.com - The Power of Knowing
Reference: Safe white papers; page 26
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6:
The security team at Certkiller Inc. is working on understanding attacks that happen in the
network. What type of attack is characterized by exploitation of well-known weaknesses,
use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Answer: D
Explanation: The primary problem with application layer attacks is that they often
use ports that are allowed through a firewall.
Reference: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7:
You are the security administrator at Certkiller and you need to know the attacks types to
the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Answer: A C
Explanation:
IP Spoofing
An IP spoofing attack occurs when a hacker inside or outside a network impersonates the
conversations of a trusted computer. A hacker can do this in one of two ways. The hacker
uses either an IP address that is within the range of trusted IP addresses for a network or
an authorized external IP address that is trusted and to which access is provided to
specified resources on a network. IP spoofing attacks are often a launch point for other
attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed
source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited
to the injection of malicious data or commands into an existing stream of data that is
passed between a client and server application or a peer-to-peer network connection. To
enable bidirectional communication, the hacker must change all routing tables to point to
the spoofed IP address. Another approach hackers sometimes take is to simply not worry
642-542
Actualtests.com - The Power of Knowing
about receiving any response from the applications. If a hacker tries to obtain a sensitive
file from a system, application responses are unimportant.
However, if a hacker manages to change the routing tables to point to the spoofed IP
address, the hacker can receive all the network packets that are addressed to the spoofed
address and reply just as any trusted user can.
Reference:
Safe white papers; page 65
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8:
John the security administrator at Certkiller Inc. is working on securing the network with
strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain
cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the
product being used.
D. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and special characters.
Answer: D
Explanation:
Passwords should be at least eight characters long and contain uppercase letters,
lowercase
letters, numbers, and special characters (#, %, $, and so forth).
Reference: Safe white papers; page 67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9:
The two Denial of Service attack methods are: (Choose two)
A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload
Answer: A, D
Explanation:
When involving specific network server applications; such as a web
server or an FTP server, these attacks can focus on acquiring and keeping open all
642-542
Actualtests.com - The Power of Knowing
the available connections supported by that server, effectively locking out valid
users of the server or service. Some attacks compromise the performance of your
network by flooding the network with undesired-and often useless-network packets
and by providing false information about the status of network resources.
REF; Safe white papers; page 66&67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about
networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10:
This program does something undocumented which the programmer intended, but that
the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Answer: C
Free download:pass4sure 642-542
Free download:testking 642-542
TestKing - TestKing.com Help you pass Cisco exams
Pass4sure -Pass4sure.com The Worldwide Renowned Cisco Certification Material Provider .
Random Posts
