Pass4sure Cisco 642-591 Exam
Implementing Cisco NAC Appliance : 642-591 Exam
Exam Number/Code: 642-591
Exam Name: Implementing Cisco NAC Appliance
Exam : Cisco 642591
Title :
Implementing Cisco NAC
Appliance
Update : Demo
1.The NAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30,
beginning at address 192.168.10.0. Which IP address is leased to the enduser host on the second subnet?
A.192.168.10.4
B.192.168.10.5
C.192.168.10.6
D.192.168.10.7
Correct:C
2.Which default administrator group has delete permissions?
A.admin B.helpdesk C.addedit D.fullcontrol Correct:D
3.What is the result when the condition statement in a Cisco NAA check for required software evaluates to false on a client machine?
A.The required software is automatically downloaded to the user device. B.The required software is made available after the user is quarantined.
C.The user is put in the unauthenticated role and the software is considered missing. D.The user is placed in the temporary role and the software is made available. Correct:B
4.Which three components comprise a Cisco NAC Appliance solution? (Choose three.)
A.a NACenabled Cisco router
B.a Linux server for inband or outofband network admission control
C.a Linux server for centralized management of network admission servers
D.a Cisco router to provide VPN services
E.a readonly client operating on an endpoint device
F.a NACenabled Cisco switch
Correct:B C E
5.Drop
Correct:
Green choice1>Yellow Choice3
Green choice6>Yellow Choice2
Green choice4>Yellow Choice1
6.Drop
Correct:
Green choice1>Yellow Choice6
Green choice2>Yellow Choice4
Green choice3>Yellow Choice5
Green choice4>Yellow Choice1
Green choice5>Yellow Choice2
Green choice6>Yellow Choice3
7.When configuring the Cisco NAM to implement Cisco NAA requirement checking on client machines, what is the next step after configuring checks and rules?
A.retrieve updates
B.require the use of the Cisco NAA
C.configure session timeout and traffic policies
D.map rules to requirement E.configure requirements Correct:E
8.Refer to the exhibit. When logging in to a Cisco NAC Appliance solution, an end user is prompted for a username, password, and provider. What should be entered in the Provider dropdown field shown in the exhibit?
A.the authenticating NAS
B.the authorizing NAM C.the name of the ISP
D.the external authenticating server
Correct:D
9.What are the two types of traffic policies that apply to user roles? (Choose two.)
A.IPbased B.peerbased C.hostbased D.managerbased E.serverbased F.VLANbased Correct:A C
10.After you implement a network scan and view the report, you notice that a plugin did not access any of its dependent plugins. What did you forget to do?
A.enable the Dependent Plugin check box on the General Tab form
B.configure dependent plugin support when you mapped the Nessus scan check to the Nessus plugin rule
C.install dependent plugins when you updated the Cisco NAC Appliance plugin library
D.load the dependent plugins for that plugin in the Plugin Updates form
Correct:D
11.A client has a network with wireless and wired users. The wired users run missioncritical bandwidthsensitive applications. The wireless users access webbased support portals within the central office. Given only this information, which Cisco NAC Appliance solution would provide the most faulttolerant option for this client?
A.one Cisco NAM and one inband highly available Cisco NAS cluster
B.one loadbalanced highly available Cisco NAM cluster and one outofband highly available Cisco NAS
cluster
C.one highly available Cisco NAM cluster, one outofband highly available Cisco NAS cluster, and one inband Cisco NAS
D.one highly available Cisco NAM cluster and one inband highly available Cisco NAS cluster
Correct:C
12.Based on the Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule? AdAwareLogRecent&(NorAVProcessIsActiveymAVProcessIsActive)
A.(The Norton Antivirus is active and there is a recent Ad Aware log entry) or (the Symantec antivirus process is active).
B.There is a recent Ad Aware log entry, the Norton Antivirus is active, and the Symantec antivirus process
is active.
C.(Either the Norton Antivirus or the Symantec antivirus process is active) and (there is a recent Ad Aware log entry).
D.There is a recent Ad Aware log entry or the Norton Antivirus is active, or the Symantec antivirus process
is active.
Correct:C
13.How do you ensure that the Cisco NAS has the most recent version of the Cisco NAA to install on user devices?
A.Each time the Cisco NAA is upgraded, the Cisco NAM automatically downloads the new version of
Cisco NAA to all Cisco NAS servers.
B.From the Cisco NAS Web Admin Console, enable Cisco NAA autoupdate on the Administration > Software Update form.
C.The Cisco NAA is upgraded directly to each Cisco NAS using the Upgrade Server form available on the
Cisco NAM web console GUI.
D.Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form.
Correct:A
14.LAB
Correct:
15.A search of available switches has been performed and a list of switches is presented. Which two SNMP attributes need to match what is configured in the Cisco switch profile for a listed switch to be added to the Cisco NAM? (Choose two.)
A.SNMP read community string B.SNMP write community string C.SNMP read version
D.SNMP write version E.SNMP trap Correct:A C
16.In a Cisco NAC Appliance Windows Active Directory SSO deployment, what are the cached credentials and Kerberos TGT from the clientmachine Windows login used for?
A.They are used to validate the user with the Cisco NAS.
B.They are used to validate the user authentication with the backend Windows Active Directory server. C.They are used to validate user access with the Cisco NAA.
D.They are used to validate the user authentication and access with the Cisco NAM.
Correct:B
17.Drop
Correct:
Green choice1>Yellow Choice1
Green choice1>Yellow Choice1
Green choice2>Yellow Choice3
Green choice3>Yellow Choice7
Green choice6>Yellow Choice4
Green choice7>Yellow Choice6
Green choice4>Yellow Choice2
Green choice5>Yellow Choice5
18.What must you check on the switches for an outofband Cisco NAC Appliance deployment?
A.The Cisco or nonCisco switch must support port security and SNMPv2 or SNMPv3. B.The Cisco switch must support VACL (VLAN ACL).
C.If you have stacked Cisco Catalyst 3750 Series Switches, you are using Cisco IOS Release
12.1(25)SEC or above.
D.The Cisco switch must use at least the minimum supported version of Cisco IOS or Catalyst OS
supporting macnotification or linkuplinkdown SNMP traps.
Correct:D
19.When using Windows Active Directory SingleSignON (SSO), the Cisco NAA on the client machine will ask the client machine for a Service Ticket (ST) with which username to communicate with the Cisco NAS?
A.the Cisco NAA username
B.the Microsoft Windows Active Directory server username
C.the Cisco NAS username D.the client username Correct:C
20.A small public library wants to implement network admission control for their public wireless network and their internal wired network. Their network contains switches from a variety of
vendors. Which Cisco NAC Appliance solution would best suit this client?
A.an outofband Cisco NAS deployment with a Cisco NAM cluster
B.a combination of an outofband and an inband Cisco NAS deployment with a Cisco NAM cluster
C.an inband Cisco NAS deployment and a Cisco NAM
D.a hybrid solution using inband Cisco NAS for the wireless and outofband Cisco NAS for the wired deployment
Correct:C
21.You are implementing switch management in a Cisco NAM for outofband deployment. Once communication between the switch and the Cisco NAM has been verified, what is configured next? A.configure group, switch, and port profiles on the Cisco NAM
B.configure the Cisco NAM SNMP receiver settings
C.configure the switches to use the appropriate SNMP settings
D.add the switches that you want to control to the Cisco NAM domain
Correct:C
22.When configuring an inband centraldeployment virtual gateway on the Cisco NAS, what must
be configured to ensure that the interface traffic on the same Layer 2 switch does not create a loop?
A.in the Network form, select the passthrough VLAN ID option for the untrusted and trusted management
VLAN
B.in the VLAN Mapping form, map the untrusted interface VLAN ID to a trusted network VLAN ID
C.in the Managed Subnet form, enter the IP address that is assigned to the Cisco NAS to route the subnet, not the calculated network address
D.configure the first switch downstream of the Cisco NAS with spanning tree
Correct:B
23.Which Cisco NAC Appliance component performs network scanning?
A.Cisco NAC Appliance Manager B.Cisco NAC Appliance Server C.Cisco NAC Appliance Agent D.Cisco NAC Trust Agent Correct:B
24.How does the Cisco NAM determine the presence of vulnerability without using the Cisco NAA
on the client machine?
A.The enduser Cisco Trust Agent capability summary message does not match the defined rolebased security policy requirement on the Cisco NAM.
B.The Cisco NAM receives a Cisco Security Agent vulnerability alert from the Cisco NAS.
C.The Nessus network scan report matches a defined rolebased or OSbased vulnerability on the Cisco
NAM.
D.The Cisco NAM will perform an agentless scan and interpret the results to determine if the client machine is vulnerable.
Correct:C
25.Which two functions can a Cisco NAC Appliance Agent be configured to perform? (Choose two.)
A.initiate periodic virus scans
B.check for uptodate antivirus and antispam files
C.detect the presence of worms and viruses before permitting network access to an end user
D.perform registry, service, and application checks
E.quarantine an end user until the client machine complies with company policy
Correct:B D
26.Which Cisco NAC Appliance outofband solution statement is correct?
A.All client traffic flows through the CAS while access switch VLAN management is performed out of band. B.Access switch to Cisco NAM configuration and status change messages are communicated via a proprietary protocol.
C.The switchport access and authentication VLAN information is sent to the access switch from the Cisco
NAM.
D.As a laptop device accesses the Cisco NAC Appliance network, the access switch sends the device
MAC address to the Cisco NAS.
Correct:C
27.Which highavailability option is supported by a Cisco NAC Appliance solution?
A.Cisco NAM and Cisco NAS load balancing B.Cisco NAM and Cisco NAS redundancy C.Cisco NAA backup server
D.Cisco NAS backup network scanning
Correct:B
28.Which three steps are required when you are implementing an outofband virtual gateway deployment? (Choose three.)
A.enable VLAN mapping
B.configure a default route to managed subnets on the Layer 3 switch
C.enable SNMP between the switches and the Cisco NAM
D.enable the Cisco NAM to send SNMP trap notifications to the switch
E.configure switch and port profiles
F.enable the Cisco NAS for DHCP server mode
Correct:A C E
29.When configuring a requirement, what does ruletorequirement mapping accomplish? A.associates a rule set to the remediation steps that a user follows to comply with the requirement B.ensures that Nessus scanbased requirements are satisfied before the user can log in to the network C.associates the rules for operating systembased checks to the requirement list
D.associates the requirement to a normal user role
Correct:A
30.Why is it critically important to maintain clock synchronization between Cisco NAC Appliance components?
A.Log files will not show the actual time of system events.
B.Cisco NAC Appliance components communicate using SSL certificates, which rely on accurate time to function correctly.
C.Cisco switches that are being managed by SNMP messages need to be time synchronized to function. D.Accurate time is required when performing vulnerability assessment and remediation.
Correct:B
“Implementing Cisco NAC Appliance”, also known as 642-591 exam, is a Cisco certification.
Preparing for the 642-591 exam? Searching 642-591 Test Questions, 642-591 Practice Exam, 642-591 Dumps?
With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&As to your 642-591 Exam preparation. In the 642-591 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.
Questions and Answers : 60 Q&As
Updated: March 17th , 2008
Market Price: $159.99
Member Price: $99.99
Free down:Pass4sure Cisco 642-591 v2.93
Free down:Testking 642-591
password:www.ccnp.cc
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
[...] download: testking 642-591 Free download: pass4sure 642-591 Free download: actualtest 642-591 Free download: testinside [...]