Flydumps Shares Updated Cisco 642-587 Exam Questions And Answers Of Flydumps For Free Download

Do not you know how to choose the Cisco https://www.pass4itsure.com/642-587.html exam dumps? Being worried about your Cisco 642-587 exam? Just try Flydumps new version Cisco 642-587 exam dumps.High pass rate and money back guarantee!

Exam A
QUESTION 1
In order for a controller-based access point to be allowed to participate in aggressive load balancing, it must have heard the client within how many seconds?
A. 1
B. 5
C. 10
D. 15

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 3
You are troubleshooting a problem with a Cisco 7920 wireless IP phone on a standalone WLAN. The phone rings but, when you answer, the call is dropped. What may have caused this problem?
A. The minimum data rate is not set to 11 Mbps.
B. An address resolution protocol is enabled.
C. Publicly Secure Packet forwarding is enabled.
D. The access point is set to the least congested channel.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 4
When configuring QoS on a wireless controller, the per-user, real-time bandwidth contract is enforced for which of the following protocols?
A. IP
B. IPX
C. UDP
D. TCP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
A Cisco Wireless Location Appliance has been added to track RFID tags placed on laptops being used in a school. Classrooms at the school have concrete block walls. During testing, you discover that the accuracy of the system needs to be improved. You decide to edit the map in the Cisco WCS to add the interior walls. How many interior walls can you add to improve the accuracy of the location appliance?
A. 50
B. 100
C. 150
D. 200

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
The IOS of a North American Cisco Aironet 1130AG Series standalone access point has become corrupt. You must therefore reload the TFTP firmware. Before you press and hold the MODE button, you should verify that the file name is which of the following?
A. c1130-k9w7-tar.boot
B. c1130-k9w7-tar.default
C. c1130-k9w7-tar.recover
D. c1130-k9w7-tar.123-7.JA1.tar

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 7

How many WLANs can a Cisco Aironet 1242 in H-REAP mode support when actively connected to a wireless controller?
A. 4
B. 8
C. 16
D. 32

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Cisco WCS version 4.0 is supported on which operating system?
A. Solaris 10
B. Vista
C. Windows XP Pro
D. Windows 2000 SP4
E. Windows Server 2003

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 9
A mobility group is created by a Cisco WLCM and 4402 Series Wireless LAN Controller. A client that is anchored on the Cisco WLCM roams to an access point on the 4402 controller.
You then run a debug command on the 4402 controller. Which message would best describe the establishment of the tunnel from the foreign controller’s perspective?
A. Transmit Mobile Anchor Export message
B. Received Mobile Anchor Export message
C. Transmit Plumbing duplex mobility tunnel message
D. Received Plumbing duplex mobility tunnel message

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 10
You are configuring an RF group of controllers that coordinate Radio Resource Management calculations. What is the maximum number of WLAN controllers that you can add?
A. 12
B. 17
C. 20
D. 24

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which Cisco Aironet Series devices can be powered using 802.3af inline power?
A. Cisco Aironet 1100 Series
B. Cisco Aironet 1300 Series
C. Cisco Aironet 1400 Series
D. Cisco Aironet 1240AG Series

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 12
You are installing a Cisco Aironet 1000 Series controller-based access point.
When you boot it, all the LEDs on the access point blink together. What does this indicate about the access point?
A. normal operation
B. duplicate IP address
C. code upgrade in progress
D. searching for primary controller

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which three of these user groups are available on Cisco WCS version 4.0? (Choose three.)
A. Admin
B. Power Users
C. Administrators
D. Users Assistant
E. Network Operator
F. System Monitoring

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 14
You have very few Cisco 7920 wireless IP phones on your network, but lots of wireless laptops. You want to increase the bandwidth available for the laptops by decreasing the bandwidth reserved for the Cisco 7920 phones. What is the lowest percentage of voice-allocated bandwidth you can select on the WLAN controller?
A. 25 percent
B. 40 percent
C. 55 percent
D. 75 percent

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which set of RF characteristics is directly monitored by CiscoWorks WLSE?
A. noise, interference, and coverage holes
B. noise, interference, and multipath interference
C. clients, utilization, and multipath interference
D. interference, utilization, and RF diffraction

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which of the following statements explains why it is normally best to have more than one controller-based access point participate in the containment of one rogue access point?
A. Multiple controller-based access points will load-balance the containment task using fewer resources than a single access point.
B. Clients connected to the rogue access point may be out of the range of the controller-based access point providing containment.
C. Each controller-based access point can handle only a limited amount of clients connected to the rogue access points.
D. Clients connected to the rogue access point must be able to connect to the containment controller-based access point.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which authentication types are allowed with the Cisco ADU when selecting WPA/WPA2/CCKM under the security options?
A. Cisco-LEAP, EAP-FAST, EAP-PEAP (GTC), EAP-TLS
B. Cisco-LEAP, EAP-MD5, EAP-PEAP (GTC), EAP-TTLS
C. Cisco-LEAP, EAP-PSK, EAP-PEAP (MS-CHAP v2), EAP-TLS D. Cisco-LEAP, EAP-FAST, EAP-PEAP (MS-CHAP v2), EAP-TTLS

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 18
On a Cisco Aironet 802.11 a/b/g wireless LAN client adapter, the status LED and activity LED are alternating on and off. What does this indicate?
A. The client card has failed.
B. The client card is not associated to the network.
C. The driver has been installed incorrectly.
D. The client card has awakened from power-save mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
You have just finished aligning a Cisco Aironet 1400 Series Wireless Bridge link using installation mode. When you set the link back to operational mode you loose association to the root bridge. Which action will correct the problem?
A. Configure the proper channel.
B. Enable passwords on both bridges.
C. Configure the distance parameter value.
D. Configure the bridge to force infrastructure devices to associate only to the SSID parameter.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which of these statements is true about SSIDs configured in Cisco ADU?
A. SSIDs must be listed in the same order in the ADU as they are in the access point.
B. A maximum of three SSIDs may be configured.
C. SSIDs may have a maximum of 16 characters.
D. SSIDs are not case-sensitive.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

CCNA Exam Certification Guide is a best-of-breed Cisco https://www.pass4itsure.com/642-587.html exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and Cisco 642-587 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.Cisco 642-587 Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

 

Continue Reading

Newest PDF And VCE Cisco 642-587 Exam Dumps With New Added Questions Of Flydumps

Passed with high score today for pass for it sure Cisco 642-587 Exam. Windows 8.1 new questions will be added so I’m lucky to pass today.Almost all questions were the same includes the new question, DirectAccess, EFS, AD CS..Only used Flydumps premium vce file.

Exam A QUESTION 1
Look at the picture.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 2
To implement the optional phase zero when using EAP-FAST for authentication, which of the following parameters must be set on the Cisco Secure ACS?
A. authority ID info
B. client initial message
C. EAP-FAST master server
D. Allow automatic PAC provisioning

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 3
An 802.1X client cannot authenticate to an autonomous access point configured for multiple VLANs. The native VLAN does not have an SSID configured. Which one of the following links being down would prevent the clients from authenticating?
A. between the client’s VLAN and the WLSE
B. between the native VLAN and the WLSE
C. between the RADIUS and the access point
D. between the client’s VLAN and the RADIUS

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 4

How many WLANs can a REAP support when actively connected to a wireless controller?
A. 4
B. 8
C. 16
D. 32

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which of the following power settings represents 50 percent power in a lightweight access point?
A. 1
B. 2
C. 3
D. 4
E. 5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 6
A blinking green power LED indicates which of the following conditions on a Cisco Series 1000 lightweight access point?
A. startup
B. site survey mode
C. duplicate IP address
D. lost connection to the controller

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
On the WLSE, which of the following tasks must be completed before Interference Detection can be enabled?
A. Enable Self-Healing.
B. Conduct Radio Scan.
C. Conduct Client Walkabout.
D. Configure Location Manager.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 8
An REAP was supporting 16 WLANs, but now it only supports one. What happened to cause the change?
A. An access point firmware upgrade is in progress.
B. The access point lost its configuration.
C. Controller connectivity has been lost.
D. The access point was rebooted.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
You are installing a Cisco 4402 Series Wireless LAN Controller. What type of interface is used on the uplink port?
A. 10/100 Mbps RJ45
B. 1000Base-X Mini-GBIC
C. 10/100/1000 Mbps RJ45
D. 1000Base-SX

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
You are trying to deploy a configuration job to an IOS access point using the WLSE, but the job fails. Which of the following would cause this failure?
A. SNMP communities
B. WLCCP credentials
C. HTTP user/password
D. Telnet/SSH user/password

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
You are conducting a CDP-based discovery using an edge switch for the seed. There is a router between the switch and the WLSE. None of the access points are discovered, and the discovery log shows the switch is SNMP unreachable. What is the problem?
A. The SNMP communities on the router do not match the WLSE.
B. The SNMP communities on the switch do not match the WLSE.
C. The SNMP communities on the access points do not match the WLSE.
D. The SNMP communities on the access points do not match the switch.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
When installing a Cisco WCS, which two ports can be changed during installation? (Choose two.)
A. HTTPS
B. HTTP
C. TFTP
D. RMI
E. FTP

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Using the WLSE, you are trying to push out a configuration job to an access point, but the job does not start. Which of the following would cause this failure?
A. invalid parameter in the template
B. pop-up blocker enabled in the browser
C. incorrect SNMP communities on the access point
D. unsupported version of IOS firmware in the access point

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Client exclusion policies are used to mitigate which of the following attacks?
A. dictionary
B. MAC spoofing
C. man-in-the-middle
D. bit-flip and replay

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
To keep performance optimal on a lightweight access point, what can be done?
A. Disable Auto RF and configure manually.
B. Power access point to full power.
C. Disable all 802.11b data rates.
D. Hard code the channel.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Your client has deployed a Cisco Wireless Location Appliance within their warehouse environment. They
have been experiencing problems with tracking objects using active RFID tags. The RFID beacon rate is
10 seconds. You have discovered an issue with the RFID timeout value.
How should this value be changed?

A. Change the value on the Cisco WCS to 95 seconds.
B. Change the value on the Cisco WCS to 45 seconds.
C. Change the value on the wireless controller to 95 seconds.
D. Change the value on the wireless controller to 45 seconds.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Two access points running the core feature set are connected to the same switch and are providing guest services. If PSPF is enabled, what must be enabled on the switch to prevent clients from seeing one another’s data?
A. inline power
B. protected port
C. 802.1q trunking
D. port-based RADIUS

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
There are 30 managed access points on the WLSE. A radio scan is started but fails. Upon inspection of the device list in the reports tab, you notice a red indicator on the WDS access point. Upon inspection of the WDS access point through its GUI, it is discovered that the security keys are not set up between the WDS access point and the WLSE. Which of the following is misconfigured?
A. SNMP communities
B. WLCCP credentials
C. HTTP user/password
D. Telnet/SSH user/password

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
VLANs have been enabled on an autonomous access point. In order for clients associating to VLANs other than the native VLAN to receive an IP address, which of the following must be configured?
A. switchport set to SSL trunking
B. switchport set to 802.1q trunking
C. access point Ethernet port set to SSL trunking
D. access point Ethernet port not set to 802.1q trunking

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What three search criteria does Cisco WCS use to search for wireless controllers? (Choose three.)
A. MAC address
B. outdoor area
C. controller name
D. floor area
E. IP address
F. networks

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
We provide Cisco 642-587 help and information on a wide range of issues.Cisco 642-587 is professional and confidential and your issues will be replied within 12 hous.Cisco 642-587 free to send us any questions and we always try our best to keeping our Customers Satisfied.

Continue Reading

The Latest Free Official Cisco 642-587 Exam Training Questions And Answers

GOOD NEWS:Pass4itsure has published the new version with all the new added questions and answers.By training the Cisco https://www.pass4itsure.com/642-587.html VCE dumps, you can pass the exam easily and quickly.

Exam A
QUESTION 1
The Cisco Wireless Location Appliance can track up to how many devices?
A. 1000
B. 2000
C. 2500
D. 1500
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which of the following functions on the wireless LAN controller is used to determine whether or not a rogue access point is connected to the same Layer 2 network?
A. rogue detector
B. rogue containment
C. RLDP
D. RIDP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
On a Cisco Aironet 1130 Series autonomous access point, the status indicator is blinking dark blue. What does this indicate?
A. The access point is booting.
B. A firmware upgrade is in progress.
C. The internal radio has failed.
D. An access point buffer overflow is occurring.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 4
How many WLANs can a REAP support when actively connected to a wireless controller?
A. 8
B. 32
C. 4
D. 16
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
On a Cisco Aironet 1230 Series autonomous access point, the Status LED is solid red, and the Ethernet and Radio LEDs are both off. What does this indicate?
A. A firmware upgrade is in progress.
B. The internal radio has failed.
C. An access point buffer overflow is occurring.
D. The access point is booting.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
A wireless controller can reside in how many mobility groups?
A. two
B. three
C. four
D. one
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 7
To implement the optional phase zero when using EAP-FAST for authentication, which of the following parameters must be set on the Cisco Secure ACS?
A. EAP-FAST master server
B. Allow automatic PAC provisioning
C. client initial message
D. authority ID info
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When conducting an Assisted Site Survey, the WLSE does which of the following during the Radio Scan process?
A. chooses the least congested channel
B. uses the configured channel
C. sets all access points to the same channel D. steps through each of the allowed channels
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 9
The wireless LAN controller maintains up to how many controller crash files?
A. 20
B. 5
C. 15
D. 10
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
In a network using Cisco autonomous access points running WDS, what port is used for authentication by the local authentication service on an access point?
A. 1813
B. 1645
C. 1646
D. 1812
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
On the WLSE, Radio Management must be enabled to use most of the features of which one of the following?
A. Devices
B. IDS
C. Configure
D. Reports
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Client association using EAP-Cisco Wireless (LEAP) is failing, but EAP-PEAP is functioning on an autonomous access point. Which of the following needs to be enabled on the access point so EAP-Cisco Wireless (LEAP) is enabled?
A. open authentication plus MAC
B. open authentication plus EAP
C. shared key
D. network EAP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
What is the maximum number of users that can be added to an autonomous access point that is being used as a local authenticator?
A. 75
B. 100
C. 25
D. 50
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Using the WLSE, you are trying to push out a configuration job to an access point, but the job does not start. Which of the following would cause this failure?
A. invalid parameter in the template
B. incorrect SNMP communities on the access point
C. unsupported version of IOS firmware in the access point
D. pop-up blocker enabled in the browser
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which of the following are true about SSIDs configured in the ADU?
A. SSIDs are not case sensitive.
B. SSIDs must be listed in the same order in the ADU as they are in the access point.
C. A maximum of three SSIDs may be configured.
D. SSIDs may have a maximum of 16 characters.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 16
WLSE uses SNMP communication with an Ethernet switch for what purpose?
A. shut down rogue access points
B. configure access points
C. discover access points
D. inventory access points
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17
When installing a Cisco WCS, which two ports can be changed during installation? (Choose two.)
A. HTTPS
B. TFTP
C. RMI
D. HTTP
E. FTP
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Client exclusion policies are used to mitigate which of the following attacks?
A. dictionary
B. bit-flip and replay
C. MAC spoofing
D. man-in-the-middle
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which of the following show commands would be used on the WDS to display the access points participating in fast secure roaming?
A. router# show wlccp ap
B. router# show wlccp wds ap
C. router# show wlccp cckm
D. router# show wlccp wds cckm
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 20
On a Series 1010 lightweight access point, the alarm LED is flashing red, and all other LEDs are off. What is the lightweight access point indicating?
A. It has lost contact with controller.
B. Its IP address already exists.
C. It requires a code upgrade.
D. It is operating normally.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Preparing Cisco 642-587 exam is not difficult now.You can prepare from Cisco 642-587 Certification or Cisco https://www.pass4itsure.com/642-587.html dumps.Here we have mentioned some sample questions.You can use our Cisco 642-587 study material notes for test preparation.Latest Cisco 642-587 study material available.

Continue Reading

Flydumps Recently Updated Cisco 642-542 Real Exam Questions Ensure High Pass Rate

Flydumps is one of the leading exam preparation material providers.We have a complete range of exams offered by the top vendors of their respective industries. You can download Cisco https://www.pass4itsure.com/642-542.html free demos in PDF files that are the latest.

Exam A
QUESTION 1
Threats that come from hackers who are more highly motivated and technically competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Structured threats come from adversaries that are highly motivated and technically competent. Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.
F. You can not determine the source.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The worst attack is the one that you cannot stop. When performed properly, DDoS is just such an attack.
QUESTION 3
What type of network requires availability to the Internet and public networks as a major requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The networks of today are designed with availability to the Internet and public networks, which is a major requirement. Most of today’s networks have serverla access points to other network both public and private;therefore,securing these networks has become fundamentally important. Reference: CSI Student guide v2.0 p.2-4
QUESTION 4
The security team at Certkiller Inc. is working on network security design. What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all traffic should be denied. one the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 5
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic Reference: Safe white papers; page 26 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6
The security team at Certkiller Inc. is working on understanding attacks that happen in the network. What type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Reference: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7
You are the security administrator at Certkiller and you need to know the attacks types to the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP Spoofing An IP spoofing attack occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. A hacker can do this in one of two ways. The hacker uses either an IP address that is within the range of trusted IP addresses for a network or an authorized external IP address that is trusted and to which access is provided to specified resources on a network. IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. To enable bidirectional communication, the hacker must change all routing tables to point to the spoofed IP address. Another approach hackers sometimes take is to simply not worry about receiving any response from the applications. If a hacker tries to obtain a sensitive file from a system, application responses are unimportant. However, if a hacker manages to change the routing tables to point to the spoofed IP address, the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can. Reference: Safe white papers; page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8
John the security administrator at Certkiller Inc. is working on securing the network with strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the product being used.
D. The definition of a strong password is at least eight characters long;contains uppercase letters, lowercase letters, numbers, and special characters.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Passwords should be at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters (#, %, $, and so forth). Reference: Safe white papers; page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9
The two Denial of Service attack methods are: (Choose two) A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation: When involving specific network server applications; such as a web server or an FTP server, these attacks can focus on acquiring and keeping open all the available connections supported by that server, effectively locking out valid users of the server or service. Some attacks compromise the performance of your network by flooding the network with undesired-and often useless-network packets and by providing false information about the status of network resources. REF; Safe white papers; page 66&67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10
This program does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on the user’s workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user’s address book. Then other users get the game and play it, thus spreading the Trojan horse. Ref: Safe White papers; Page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 11
Choose the true statements regarding IP spoofing attack and DoS attack. (Choose all that apply)
A. IP spoofing attack is a prelude for a DoS attack.
B. DoS attack is a prelude for a IP spoofing attack.
C. IP spoofing attack is generally performed by inserting a string of malicious commands into the data that is passed between a client and a server.
D. A DoS attack is generally performed by inserting a string of malicious command into the data that is passed between a client and a server.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity.
Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. REF; Safe white papers;page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 12
What method helps mitigate the threat of IP spoofing?
A. Access control
B. Logging
C. SNMP polling
D. Layer 2 switching
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The most common method for preventing IP spoofing is to properly configure access control. To reduce the effectiveness of IP spoofing, configure access control to deny any traffic from the external network that has a source address that should reside on the internal network. REF;Safe white papers;page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 13
What is an example of a trust model?
A. NTFS
B. NFS
C. NTP
D. NOS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all other traffic should be denied. Once the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 14
Which type of attack is usually implemented using packet sniffers?
A. Man-in-the-middle
B. DoS
C. Brute force
D. IP spoofing
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Man-in-the-middle attacks are often implemented using network packet sniffers and routing and transport protocols. REF;Safe white papers;page 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 15
Which type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Application layer
C. Man-in-the-middle
D. Trust exploitation
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 16
What is the only way to effectively prevent the Man-in-the-middle attacks?
A. Firewalls
B. ISP filtering and rate limiting
C. HIDS & Firewall filtering
D. Encryption
E. Access Control
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography. If someone hijacks data in the middle of a cryptographically private session, all the hacker will see is cipher text, and not the original message. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 17
What is not a specific type of attack, but refers to most attacks that occur today?
A. DoS
B. Brute force password
C. IP spoofing
D. Unauthorized access
Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation: Although unauthorized-access attacks are not a specific type of attack, they refer to most attacks executed in networks today. REF;Safe white papers;page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 18
This method of attack will always compute the password if it is made up of the character set you have selected to test.
A. What is LOphtCracks
B. What is brute force computation
C. What is dictionary lookup
D. What is brute force mechanism
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What is the primary method of mitigating port redirection attacks?
A. Keep firewalls up to date with the latest patches and fixes.
B. Do not allow trust models.
C. Keep OS and applications up to date with the latest patches and fixes.
D. Use proper trust models.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Port redirection can be mitigated primarily through the use of proper trust models (as mentioned earlier). If we assume that a system is under attack, host-based IDS can help detect and prevent a hacker installing such utilities on a host. Ref: Safe white papers;page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 2-28
QUESTION 20
What are two characteristics of a packet sniffer designed for attack purposes? (Choose two)
A. Captures first 300 to 400 bytes.
B. Typically captures login sessions.
C. Captures the last 300 to 400 bytes.
D. Deciphers encrypted passwords.
E. Enable to capture UDP packets.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

Both PDF and software format demos for Cisco https://www.pass4itsure.com/642-542.html exam dumps are offered by Flydumps for free.You can try Cisco 642-542 free demo before you decide to buy the full version practice test.Cisco 642-542 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-542 exam dumps will not only help you pass in one attempt,but also save your valuable time.

Continue Reading

100% New Questions Flydumps New Updated Cisco 642-541 Exam Questions

Exam A Flydumps is one of the leading exam preparation material providers. We have a complete range of exams offered by the top vendors of their respective industries. You can download https://www.pass4itsure.com Cisco 642-541  free demos in PDF files that are the latest.

Exam A
QUESTION 1
Which routing protocol does not support the use of MD5 authentication?
A. BGP
B. IGRP
C. EIGRP
D. OSPF
E. IS-IS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What is an assumption of SAFE SMR?
A. implementing SAFE SMR guarantees a secure environment
B. the security policy is already in place
C. network contains only Cisco devices
D. SAFE SMR does not assume application and OS security
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Why are all providers of Internet connectivity urged to implement the filtering described in RFC 2827?
A. to prohibit attackers from using source addresses that reside within a range of legitimately advertised prefixes
B. to prohibit attackers from using forged source addresses that do not reside within a range of legitimately advertised prefixes
C. to filter Java applications that come from a source that is not trusted
D. to stop internal users from reaching web sites that violate the established security policy
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 4
The VPN acceleration module (VAM) is available on what series of VPN optimized routers? Choose two.
A. 1700 Series
B. 2600 Series
C. 3600 Series
D. 7100 Series
E. 7200 Series
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two devices in the SAFE SMR small network campus module should have HIDS installed? Choose two.
A. Layer 2 switches
B. firewalls
C. management hosts
D. desktop workstations
E. corporate servers
F. lab workstations
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 6
In which module does the firewall exist in the SAFE SMR small network design?
A. Internet
B. campus
C. corporate Internet
D. edge
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 7
What is the NIDS primary function in the SAFE SMR midsize network design corporate Internet module?
A. provide connectivity to the campus module
B. provide connectivity to the WAN module
C. provide connectivity to the LAN module
D. provides detection of attacks on ports that the firewall is configured to permit
E. provide the demarcation point between the ISP and the medium network
F. provide connection state enforcement and detailed filtering for sessions initiated through the firewall
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which two general IP spoofing techniques does a hacker use? Choose two.
A. an IP address within the range of trusted IP addresses
B. an unknown IP address which cannot be traced
C. an RFC 1918 address
D. an authorized external IP address that is trusted

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which model is recommended for an IDS with at least 100 Mbps performance?
A. 4210
B. 4220
C. 4250
D. 4260
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which is a key server found in SAFE Enterprise network design edge corporate internet module?
A. database server
B. application server
C. URL filtering server
D. proxy server
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What is the purpose of BGP TTL Security Hash (BTSH)?
A. encrypts private network data when it is being passed through a public network
B. prevents attacker from creating a routing black hole
C. helps to prevent information overload from causing a network to melt
D. prevents attackers from disrupting peering sessions between routers
E. reduces the change rate in the Internet’s routing tables
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 12
What are two characteristics of a packet sniffer designed for attack purposes? Choose two.
A. captures first 300 to 400 bytes
B. typically captures login sessions
C. captures the last 300 to 400 bytes
D. deciphers encrypted passwords
E. unable to capture UDP packets
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 13
In the SAFE SMR midsize network design, which module does dial-in traffic terminate?
A. campus module
B. WAN module
C. ISP edge module
D. corporate Internet module
E. PSTN module
F. frame/ATM module
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 15
Which type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. network reconnaissance
B. application layer
C. man-in-the-middle
D. trust exploitation
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 16
LAB

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 17
Which three models of the Cisco 3000 Series Concentrator can have redundant power supplies? Choose three.
A. 3005
B. 3020
C. 3030
D. 3060
E. 3080
F. 3090
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 18
What are the SAFE guidelines when routing information is exchanged with an outside routing domain? (Select two.)
A. Use exterior gateway protocols only.
B. Use exterior gateway protocols that operate between routing domains and do not allow administrators to build and act on policies.
C. Use exterior gateway protocols because they allow administrators to build and act on policies rather than just on reachability information.
D. Do not use autonomous system path filters on every EBGP peering session in network.
E. Use exterior gateway protocols or static routes
F. Make certain that your outside peer advertises your routes to other peers for maximum reachability
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What services does EAP provide?
A. EAP provides wireless gateway and complementary code keying.
B. EAP provides centralized authentication and dynamic key distribution.
C. EAP provides open authentication and shared key distribution
D. EAP provides message integrity check and wireless domain service
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What is not a specific type of attack, but refers to most attacks that occur today?
A. DoS
B. brute force password
C. IP spoofing
D. unauthorized access
Correct Answer: D Section: (none) Explanation
Explanation/Reference:

PDF format– Printable version, print Cisco 642-541  exam dumps out and study anywhere. Software format– Simulation version, test yourself like Cisco 642-541  exam real test.Credit Guarantee– Passtcert never sell the useless Cisco 642-541 exam dumps out. You will receive our Cisco 642-541  exam dumps in time and get CCIE Certified easily.

Continue Reading

100% Valid Free Download 2016 New Questions for Cisco 642-541 Exam

We are committed on providing you with the latest and most accurate Cisco 642-541 exam preparation products.If you want to pass Cisco https://www.pass4itsure.com/642-541.html  exam successfully, do not miss to read latest Cisco 642-541  brain dumps on Flydumps.

Exam A
QUESTION 1
Threats that come from hackers who are more highly motivated and technically competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Structured threats come from adversaries that are highly motivated and technically competent. Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.
F. You can not determine the source.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The worst attack is the one that you cannot stop. When performed properly, DDoS is just such an attack.
QUESTION 3
What type of network requires availability to the Internet and public networks as a major requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The networks of today are designed with availability to the Internet and public networks, which is a major requirement. Most of today’s networks have serverla access points to other networks both public and private; therefore, securing these networks has become fundamentally important. Reference: CSI Student guide v2.0 p.2-4
QUESTION 4
The security team at Certkiller Inc. is working on network security design. What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all other traffic should be denied. Once the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 5
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic Reference: Safe White papers; Page 26 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6
The security team at Certkiller Inc. is working on understanding attacks that happen in the network. What type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Reference: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7
You are the security administrator at Certkiller and you need to know the attacks types to the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP Spoofing An IP spoofing attack occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. A hacker can do this in one of two ways. The hacker uses either an IP address that is within the range of trusted IP addresses for a network or an authorized external IP address that is trusted and to which access is provided to specified resources on a network. IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. To enable bidirectional communication, the hacker must change all routing tables to point to the spoofed IP address. Another approach hackers sometimes take is to simply not worry about receiving any response from the applications. If a hacker tries to obtain a sensitive file from a system, application responses are unimportant. However, if a hacker manages to change the routing tables to point to the spoofed IP address, the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can. Reference: Safe White papers; Page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8
John the security administrator at Certkiller Inc. is working on securing the network with strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain cryptographic characters.
B. The definition of a strong password is at least eight characters long; contains uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the product being used.
D. The definition of a strong password is at least eight characters long; contains uppercase letters, lowercase letters, numbers, and special characters.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Passwords should be at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters (#, %, $, and so forth). Reference: Safe White papers; Page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9
The two Denial of Service attack methods are: (Choose two)
A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation: When involving specific network server applications; such as a Web server or an FTP server, these attacks can focus on acquiring and keeping open all the available connections supported by that server, effectively locking out valid users of the server or service. Some attacks compromise the performance of your network by flooding the network with undesired-and often useless-network packets and by providing false information about the status of network resources. Ref: Safe White papers; Page 66 & 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10
This program does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on the user’s workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user’s address book. Then other users get the game and play it, thus spreading the Trojan horse. Ref: Safe White papers; Page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 11
Choose the true statements regarding IP spoofing attack and DoS attack. (Choose all that apply)
A. IP spoofing attack is a prelude for a DoS attack.
B. DoS attack is a prelude for a IP spoofing attack.
C. IP spoofing attack is generally performed by inserting a string of malicious commands into the data that is passed between a client and a server.
D. A DoS attack is generally performed by inserting a string of malicious command into the data that is passed between a client and a server.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. Ref: Safe White papers; Page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 12
What method helps mitigate the threat of IP spoofing?
A. Access control
B. Logging
C. SNMP polling
D. Layer 2 switching
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The most common method for preventing IP spoofing is to properly configure access control. To reduce the effectiveness of IP spoofing, configure access control to deny any traffic from the external network that has a source address that should reside on the internal network. Ref: Safe White papers; Page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 13
What is an example of a trust model?
A. NTFS
B. NFS
C. NTP
D. NOS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all other traffic should be denied. Once the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 14
Which type of attack is usually implemented using packet sniffers?
A. Man-in-the-middle
B. DoS
C. Brute force
D. IP spoofing
Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation: Man-in-the-middle attacks are often implemented using network packet sniffers and routing and transport protocols. Ref: Safe White papers; 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 15
Which type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Application layer
C. Man-in-the-middle
D. Trust exploitation
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 16
What is the only way to effectively prevent the Man-in-the-middle attacks?
A. Firewalls
B. ISP filtering and rate limiting
C. HIDS & Firewall filtering
D. Encryption
E. Access Control
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography. If someone hijacks data in the middle of a cryptographically private session, all the hacker will see is cipher text, and not the original message. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 17
What is not a specific type of attack, but refers to most attacks that occur today?
A. DoS
B. Brute force password
C. IP spoofing
D. Unauthorized access
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Although unauthorized-access attacks are not a specific type of attack, they refer to most attacks executed in networks today. Ref: Safe White papers; Page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 18
This method of attack will always compute the password if it is made up of the character set you have selected to test.
A. What is LOphtCracks
B. What is brute force computation
C. What is dictionary lookup
D. What is brute force mechanism
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What is the primary method of mitigating port redirection attacks?
A. Keep firewalls up to date with the latest patches and fixes.
B. Do not allow trust models.
C. Keep OS and applications up to date with the latest patches and fixes.
D. Use proper trust models.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Port redirection can be mitigated primarily through the use of proper trust models (as mentioned earlier). If we assume that a system is under attack, host-based IDS can help detect and prevent a hacker installing such utilities on a host. Ref: Safe White papers; Page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 2-28
QUESTION 20
What are two characteristics of a packet sniffer designed for attack purposes? (Choose two)
A. Captures first 300 to 400 bytes.
B. Typically captures login sessions.
C. Captures the last 300 to 400 bytes.
D. Deciphers encrypted passwords.
E. Enable to capture UDP packets.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

Try Cisco 642-541  exam free demo before you decide to buy it in Flydumps. After you buy Flydumps Cisco https://www.pass4itsure.com/642-541.html exam dumps, you will get free update for ONE YEAR!

Continue Reading

New Dumps- Free Download Of Cisco 642-503 VCE And PDF Certification

Why not try Flydumps Cisco 642-503 vce or pdf exam dumps? All the new questions and answers were timely added to the Pass4itsure Cisco 642-503 study guide.Visit Flydumps.com to get free Cisco 642-503 VCE and PDF.

Exam A
QUESTION 1
Which of these statements is correct regarding user setup on ACS 4.0?
A. In the case of conflicting settings, the settings at the group level override the settings configured at the user level.
B. A user can belong to more than one group.
C. The username can contain characters such as “#” and “?”.
D. By default, users are assigned to the default group.
E. The ACS PAP password cannot be used as the CHAP password also.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two commands are used to only allow SSH traffic to the router Eth0 interface and deny other management traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. interface eth0
B. control-plane host
C. policy-map type port-filter policy-name
D. service-policy type port-filter input policy-name
E. management-interface eth0 allow ssh
F. line vty 0 5 transport input ssh

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit. Why is the Cisco IOS Firewall authentication proxy not working?

A. The aaa authentication auth-proxy default group tacacs+ command is missing in the configuration.
B. The router local username and password database is not configured.
C. Cisco IOS authentication proxy only supports RADIUS and not TACACS+.
D. HTTP server and AAA authentication for the HTTP server is not enabled.
E. The AAA method lists used for authentication proxy should be named “pxy” rather than “default” to match the authentication proxy rule name.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
When troubleshooting site-to-site IPsec VPN on Cisco routers, you see this console message:
%CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
Which configuration should you verify?
A. the crypto ACL
B. the crypto map
C. the IPsec transform set
D. the ISAKMP policies
E. the pre-shared key
F. the DH group

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 5
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 6
When verifying Cisco IOS IPS operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. immediately after you configure the ip ips sdf location flash:filename command
B. immediately after you configure the ip ips sdf builtin command
C. after you configure a Cisco IOS IPS rule in the global configuration
D. after traffic reaches the interface with Cisco IOS IPS enabled
E. when the first Cisco IOS IPS rule is enabled on an interface
F. when the SMEs are put into active state using the ip ips name rule-name command

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Why is the Total Active Signatures count zero?

A. The 128MB.sdf file in flash is corrupted.
B. IPS is in fail-open mode.
C. IPS is in fail-closed mode.
D. IPS has not been enabled on an interface yet.
E. The flash:/128MB.sdf needs to be merged with the built-in signatures first.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Define a stack of protocol headers.
B. Define a traffic policy.
C. Define a service policy.
D. Define a class map of type “access-control” for classifying packets.
E. Reload the router.
F. Save the PHDFs to startup-config.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. Which two statements are correct? (Choose two.)
A. Cisco IOS IPS will fail-open.
B. The basic signatures (previously known as 128MB.sdf) will be used if the built-in signatures fail to load.
C. The built-in signatures will be used.
D. SDEE alert messages will be enabled.
E. syslog alert messages will be enabled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit. When you configure DHCP snooping, which ports should be configured as trusted ?

A. port A only
B. port E only
C. ports B and C
D. ports A, B, and C
E. ports B, C, and E
F. ports A, B, C, and E

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1x guest VLAN functionality?

A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What does this command do?
router(config)# ip port-map user-1 port tcp 4001
A. enables application firewall inspection on a user-defined application that is mapped to TCP port 4001
B. enables NBAR to recognize a user-defined application on TCP port 4001
C. enables the Cisco IOS Firewall to inspect TCP port 4001 as part of the ip inspect name xxx TCP inspection rule
D. defines a user application in the PAM table where the user-defined application is called “user-1” and that application is mapped to TCP port 4001

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
What are the three authentication methods that you can use during IKE Phase 1? (Choose three.)
A. AAA or Local Authentication
B. Kerberos
C. pre-shared key
D. RSA signature
E. RSA encrypted nonce
F. DH

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference: QUESTION 14
The PHDF stored in the router flash memory is required for which of these applications to function?
A. NBAR
B. CPPr
C. FPM
D. PAM
E. CoPP
F. Zone-Based Firewall

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS
F. OWA

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What are two benefits of using an IPsec GRE tunnel? (Choose two.)
A. It allows dynamic routing protocol to run over the tunnel interface.
B. It has less overhead than running IPsec in tunnel mode.
C. It allows IP multicast traffic.
D. It requires a more restrictive crypto ACL to provide finer security control.
E. It supports the use of dynamic crypto maps to reduce configuration complexity.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 18
When you enter the switch(config)#aaa authentication dot1x default group radius command on a Cisco Catalyst switch, the Cisco IOS parser returns with the “invalid input detected” error message. What can be the cause of this error?
A. You must use the dot1x system-auth-control command first to globally enable 802.1x.
B. You must define the RADIUS server IP address first, using the switch(config)# radius-server host ip-address command.
C. You must enter the aaa new-model command first.
D. The method-list name is missing in the command.
E. The local option is missing in the command.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Cisco IOS Zone-Based Firewall uses which of these to identify a service or application from traffic flowing through the firewall?
A. NBAR
B. extended access list
C. PAM table
D. deep packet inspection
E. application layer inspection
F. CEF table

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 20
Refer to the DMVPN topology diagram in the exhibit. Which two statements are correct? (Choose two.)

A. The hub router needs to have EIGRP split horizon disabled.
B. At the Spoke A router, the next hop to reach the 192.168.2.0/24 network is 10.0.0.1.
C. Before a spoke-to-spoke tunnel can be built, the spoke router needs to send an NHRP query to the hub to resolve the remote spoke router physical interface IP address.
D. At the Spoke B router, the next hop to reach the 192.168.1.0/24 network is 172.17.0.1.
E. The spoke routers act as the NHRP servers for resolving the remote spoke physical interface IP address.
F. At the Spoke A router, the next hop to reach the 192.168.0.0/24 network is 172.17.0.1.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

The actual Cisco 642-503 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your Cisco 642-503 certification exam. You will find we are a trustful partner if you choose us as your assistance on your Cisco 642-503 certification exam. Now we add the latest Cisco 642-503 content and to print and share content.

Continue Reading

2016 New Updated — Latest Cisco 642-503 Exam Questions with PDF and VCE 100% Pass Gurantee

If you want to pass Cisco 642-503 successfully, do not missing to read Flydumps latest Cisco https://www.pass4itsure.com/642-503.html practice tests. 100% Guarantee! All the dumps are updated timely.

Exam A QUESTION 1
:
Please study the exhibit carefully.
What traffic will be matched to the “qt-class” traffic class?
A. all traffic matched by the “host-protocols” named access list
B. all other traffic arriving at the interface where the “qt-policy” policy map is applied
C. all TCP and UDP protocol ports open on the router not specifically matched
D. all traffic other than SNMP and Telnet to the router
E. all traffic matched by the “host-protocols” nested class map

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
:

DRAG DROP You work as a network technician at Certkiller .com. Your boss, miss Certkiller, is interested
in IBNS 802.1x authentication features. Match the proper features with appropriate descriptions.
Note: not all features are used.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 3
:
Please study the exhibit carefully.
Which two statements are true about the configurations shown? (Choose two.)
A. The clickable links will have a heading entitled “MYLINKS”.
B. ACS will be used for remote-user authentication by default.
C. This is an example of a clientless configuration.
D. The home page will have three clickable links on it.
E. Thin client (port forwarding) has been enabled using the url-text command.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
:

What can you determine about the configuration?
A. 3DES encryption will be used.
B. The authentication method used between the IPsec peers is pre-shared key.
C. This is a dynamic crypto map.
D. Traffic matched by ACL 101 will not be encrypted.
E. HMAC-MD5 authentication will be used.
F. ESP tunnel mode will be used.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Cisco Easy VPN Server pushes parameters such as the client internal IP address, DHCP server IP address, and WINS server IP address to the Cisco Easy VPN Remote client during which of these phases?
A. IKE mode configuration
B. IKE XAUTH
C. IKE Phase 1 first message exchange
D. IKE quick mode
E. IKE Phase 2 last message exchange
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
The PHDF stored in the router flash memory is required for which of these applications to function?
A. PAM
B. Zone-Based Firewall
C. CPPr
D. CoPP
E. NBAR
F. FPM
Correct Answer: F Section: (none) Explanation
Explanation/Reference:

We help you do exactly that with our high quality Cisco 642-503 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco https://www.pass4itsure.com/642-503.html PDF readers that are available for free.

Continue Reading

Cisco 642-481 New Questions-100% Valid New Updated Questions for Cisco 642-481

ATTENTION:With the change of the Cisco 642-481 exam,Flydumps has updated the Cisco https://www.pass4itsure.com/642-481.html exam dumps with all the new added questions and answers by experts.With the Cisco 642-481 vce dumps training, you can pass the exam easily and quickly.

Exam A
QUESTION 1
Which two operations can be performed through the Cisco Unified MeetingPlace Express Administration web interface? (Choose two.)
A. Configure the SMTP servers and e-mail templates and languages that are used for meeting notifications.
B. Configure H.323, MGCP, SIP, SCCP, dialing, and audio parameters for Cisco Unified MeetingPlace Express.
C. Extract reports from Cisco Unified MeetingPlace Express on Cisco Unified CallManager conference server usage.
D. Configure usage and meeting values for scheduled and reservationless meetings.
E. Diagnose network problems.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Highland Properties is deploying Cisco VT Advantage to enable executives to participate in video calls with customers and suppliers. Which two devices can be used to allow these external calls to be placed over a dedicated PRI? (Choose two.)
A. Cisco IPVC 3521
B. Cisco IPVC 3526
C. Cisco IPVC 3540
D. Cisco Multiservice IP-to-IP Gateway
E. Cisco MCM proxy

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:

QUESTION 3
How should the IP-to-IP gateway be configured to support video codecs across all dial peers?
A. Use the codec transparency enable command under the voice class codec in the Cisco Multiservice IP-to-IP Gateway.
B. Configure codec class transparent in the gateway configuration page in Cisco CallManager.
C. Use the codec preference command under the voice class codec in the Cisco Multiservice IP-to-IP Gateway.
D. Use the codec command to configure codec transparency for the Cisco Multiservice IP-to-IP Gateway.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 4
In which order does a H.323 client send H.225 setup messages to the servers in a Cisco CallManager cluster?
A. The H.323 client will request a route to a destination from the gatekeeper, and the gatekeeper will send the call to the Cisco CallManager server that is configured with the highest priority.
B. The H.323 client will send H.225 messages to the primary, secondary, and tertiary servers in the Cisco CallManager group in sequential order; the first server that responds will handle the call.
C. The H.323 client will send the H.225 setup message to a different server in the cluster for each call, to facilitate load balancing and redundancy.
D. The H.323 client will send H.225 setup messages to the terminating H.323 endpoint to set up the call.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Identify the three different voice-integration options that are available with Cisco Unified MeetingPlace Express voice conferencing. (Choose three.)
A. Cisco Unified Survivable Remote Site Telephony Router
B. Cisco CallManager Release 3.3 and higher
C. Cisco Linksys Voice System 9000 Series
D. Cisco voice gateway (T1/E1) to any TDM PBX
E. Cisco Catalyst 6500 Series Wireless LAN Services Module
F. Cisco Unified CallManager Express

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Bob’s Bicycles recently implemented a H.323 videoconferencing solution, and wishes to conduct videoconferences with the main supplier over the extranet using the existing four-digit numbering plan at each company. Due to overlapping dial plans, the called digits must be manipulated to allow the video calls to be completed. Which solution can support this?
A. H.323 proxy
B. gatekeeper
C. directory gatekeeper
D. IP-to-IP gateway

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which three methods can system administrators use to create a user profile in Cisco Unified MeetingPlace Express? (Choose three.)
A. manually create groups and profiles through the web interface
B. integrate to a Cisco Unified CallManager and Cisco Unified CallManager Express or IP PBX database through standard LDAP, and end users must log in to Cisco Unified MeetingPlace Express to create a
profile automatically
C. integrate to only a Cisco Unified CallManager directory and other supported third-party LDAPs, and end users must log in to Cisco Unified MeetingPlace Express to create a profile automatically
D. integrate to any PBX or Cisco SIP or Cisco Unified CallManager platform through the LDAP integrations, and end users must log in to Cisco Unified MeetingPlace Express to create a profile automatically
E. import a Microsoft Excel .csv formatted file from any downloaded customer database
F. import a Microsoft Excel .csv formatted file from only certain tested databases

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 8
You have a customer that has a legacy H.320 videoconferencing system. The customer recently migrated to a converged network for voice and data, and would now like to include video. New ISDN gateways have been deployed to connect the legacy H.320 systems to the IP network.
How should the Cisco CallManager cluster be configured so that the gatekeeper can provide Call Admission Control and resolve E.164 addresses?
A. E.164 addresses will be managed by the Cisco CallManager cluster, and the gatekeeper will manage the CAC for the LAN and WAN.
B. An intercluster trunk will be configured from the Cisco CallManager cluster to each of the new video gateways, and E.164 addressing and CAC will be managed by the gatekeeper.
C. Each new gateway will be included in the Cisco CallManager configuration through an MRG and an MRGL, and use locations-based CAC.
D. A H.225 trunk will be configured between the gatekeeper and the Cisco CallManager cluster; the gatekeeper will resolve the E.164 addresses and manage CAC for the IP WAN.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 9
When deploying a Cisco Unified MeetingPlace Express system in a centralized Cisco Unified CallManager with SRST sites using G.729A codecs, what must be provided for the system to connect successfully?
A. must use DSP transcoding from G.729a to G.722
B. must use DSP transcoding from G.729a to G.711
C. must use DSP recoding from G.729a to G.729b
D. must use DSP transcoding from G.729a to G.728
E. must use voice gateways to translate from TDM signaling to IP H.323/SCCP signaling

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which device manages a H.323 zone that is composed of terminals, gateways, and MCUs?
A. Media Termination Point
B. Cisco IOS Gateway
C. gatekeeper
D. firewall
E. proxy

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which feature automatically switches between a range of video layouts according to the number of participants joining or leaving a conference?
A. continuous presence
B. dynamic presence
C. dynamic layout
D. rate matching
E. automatic down-speeding

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 12
A customer has deployed a centralized call-processing model in the organization. The customer would now like to deploy a Cisco VT Advantage camera on each IP phone to facilitate video calls and videoconferences. The customer has deployed a gatekeeper to provide Call Admission Control for the IP WAN. If the customer adds an MCU to each site, how will this impact the manner in which the media resource groups are configured in the Cisco CallManager cluster?
A. There will not be any impact to the MRGs; only the order in which the MRGs are chosen in the MRGL will be impacted.
B. There will be separate MRGLs for IP phones and Cisco VT Advantage cameras, but each MRGL will use the same MRG to provide DSP support.
C. Each Cisco VT Advantage camera will have a separate MRGL assigned to it, and this list will use an MRG that has dedicated resources for that specific type of device.
D. Each device will be assigned an MRGL that will include an ordered list of all the MRGs available.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
How is a H.323 MCU defined in Cisco CallManager so that H.323 endpoints can communicate with endpoints that are controlled by Cisco CallManager?
A. as a H.320 gateway
B. as a H.323 gateway
C. as a gatekeeper-controlled H.225 trunk D. as a gatekeeper-controlled intercluster trunk

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which three Cisco Unified MeetingPlace Express features are intended for a crisis management application? (Choose three.)
A. The system manager is the only user who can create continuous meetings.
B. Any end-user profile can schedule continuous meetings for use 24 hours a day, 7 days a week, 365 days a year.
C. Voice recording is fully supported for continuous meetings and can be downloaded by end users via their preferred MP3 player via the desktop.
D. Continuous meetings can be set to optionally outdial all invitees upon one person entering the meeting ID.
E. Continuous meetings reserve ports for 24 hours a day, 7 days a week, 365 days a year and are taken out of the “pool” of available scheduled or reservationless ports.
F. Continuous meetings can be scheduled as recurring meetings daily, weekly, or monthly.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 15
A company has a requirement for up to 10 simultaneous conferences of four people each, and each conference requires 384-kbps to 128-kbps transrating and H.261 to H.263 video transcoding. What should this company purchase?
A. one Cisco IPVC 3540 Transcoder Module for MC06A
B. one Cisco IPVC 3540 Transcoder Module for MC06A with an EMP blade
C. one Cisco IPVC 3540 Transcoder Module for MC06A with an EMP3 blade
D. two Cisco IPVC 3540 Transcoder Modules for MC06A
E. two Cisco IPVC 3540 Transcoder Modules for MC06A, each with an EMP blade
F. two Cisco IPVC 3540 Transcoder Modules for MC06A, each with an EMP3 blade

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
The Acme Roller Skates Company has its corporate HQ in Seattle, with remote sales offices in Denver, Chicago, New York, and Atlanta. The company is in the process of transitioning the H.320 videoconferencing system to an IP videoconferencing system. The company has installed an MCU at the corporate HQ, but the remote offices still have H.320 terminal endpoints. A Cisco IPVC 3526 PRI Videoconferencing Gateway has been installed to allow the remote offices to dial into videoconferences. The telephony provider has given the company one phone number for the PRI, which can route to all the channels on the PRI. Which two methods are best for routing calls from the gateway to the MCU for conferences? (Choose two.)
A. DID
B. IVR
C. TCS4
D. Default Extension

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 17
A customer wants to simultaneously support H.323 conferences with an aggregate of 20 active participants, and SCCP videoconferences with an aggregate of 30 active participants. All video sessions will use voice-activated switching. Which device should be deployed to support this?
A. Cisco IPVC 3511 Multipoint Control Unit
B. Cisco IPVC 3511 MCU E
C. Cisco IPVC 3540-03A with EMP
D. Cisco IPVC 3540 Transcoder Module
E. Cisco IPVC 3540-10A with EMP

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which LDAP integration method would be used to authenticate Cisco Unified MeetingPlace Express users with Microsoft Active Directory and also have the profiles propagated from Cisco Unified CallManager Release 4.0 and higher?
A. Cisco Unified CallManager IP address or host name, unique user Profile and password with Cisco Directory Integration Plugin installed into the customer Active Directory prior to integration
B. Cisco Unified CallManager IP address or host name, Directory Manager user ID and password in DC-Directory
C. Cisco Unified CallManager IP address or host name, unique user profile and password with Cisco Directory Integration Plugin installed on DC-Directory on the Cisco Unified CallManager MCS
D. Cisco Unified CallManager IP address or host name, Directory Manager user ID and password in DC-Directory, with Cisco Directory Integration Plugin installed into the customer Active Directory prior to integration
E. Cisco Unified CallManager with Cisco Directory Integration Plugin installed into the customer SunOne or Netscape prior to integration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which three factors must be considered when designing a H.323 videoconferencing dial plan? (Choose three.)
A. the number of sites in the enterprise
B. the number and location of gatekeepers
C. the incoming PSTN call routing method
D. the DNs and location of conferencing MCUs to be deployed
E. the videoconferencing features and applications to be deployed
F. the location of voice gateways

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What customer information is needed for Cisco Unified MeetingPlace Express SMTP e-mail integration?
A. an SMTP e-mail IP address, and Cisco Unified CallManager IP address or host name with AXL/SOAP user ID and password
B. an SMTP e-mail server host name only, DNS configured to resolve the name, and only one connection to an e-mail server
C. an SMTP e-mail server IP address and host name, a user account and password for authentication, and a second IP address and host name for redundancy
D. an SMTP e-mail server IP address and host name if the customer has more than one SMTP e-mail server, and a second IP address and host name for redundancy

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 21
The Acme Jet Boats Company is installing an IP videoconferencing system in the corporate office. Users need the ability to dial out to external H.320 videoconferences. The company is installing a videoconferencing gateway, but is concerned that outside callers may be able to dial the gateway and then hairpin back out to the PSTN. What does Cisco recommend to ensure that this cannot happen?
A. Set up the gatekeeper to allow only outgoing calls that originate internally.
B. Configure the Cisco CallManager so that the gateway terminates hairpinned calls.
C. Configure the gateway to allow only outgoing calls that originate internally.
D. Use the “#” digit in the service prefix so that hairpinned call attempts will fail.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 22
The Greene Oat Company has a central site that is connected to a branch office via a 1.544-Mbps T1 Frame Relay circuit. The branch office has 20 video-enabled users in it. Least cost routing is used. It is required that all 20 users are able to use video services simultaneously for internal calls. Which solution best meets this objective?
A. Route video calls up to the central site in order to save on toll charges.
B. Upgrade the 1.544-Mbps T1 circuit to higher bandwidth.
C. Deploy an IP-videoconferencing video gateway at the branch office and not bother with LCR.
D. Use the Retry Video Call as Audio feature to reroute video calls as voice-only calls if they exceed the available bandwidth.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Which call would most likely require an audio transcoder?
A. 128-kbps ISDN call to MCU
B. 128-kbps H.323 call to MCU
C. 128-kbps ISDN call to H.323 endpoint
D. 384-kbps ISDN call to H.323 endpoint
E. 384-kbps H.323 call to MCU

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 24
A company is implementing a Cisco IP Videoconferencing solution that includes a Cisco CallManager and a Cisco IOS Gatekeeper. The company uses H.323 and H.320 devices exclusively. Video calls will use RTP streams for audio, video, and far-end camera control and a sequence of call control signaling messages.What is the best way for bearer traffic to be handled?
A. by Cisco CallManager and routed to the endpoints
B. by Cisco CallManager and routed by the endpoints
C. not by Cisco CallManager but routed directly between endpoints
D. not by Cisco CallManager but routed by the gateway under IOS Gatekeeper control

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 25
The Lincoln Concession Corporation is implementing a Cisco IP Videoconferencing solution that includes a Cisco CallManager and a Cisco IOS Gatekeeper. The customer uses H.323 and H.320 devices exclusively. Video calls will use RTP streams for audio, video, and far-end camera control and a sequence of call control signaling messages. What handles negotiation of the video codec (H.261, H.263), resolution, frame rate, and H.323 annexes?
A. intercluster trunks
B. Cisco CallManager
C. Cisco MCM Gatekeeper
D. Cisco IOS Alternate Gatekeeper
E. video endpoints
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 26
An IP videoconferencing network is being configured. What represents the recommended IP precedence settings for the network?
A. voice=5; video=4; call/control=3
B. voice and video=5; call/control=4
C. voice and video=5; call/control=3
D. voice=5; video and call/control=4
E. voice=5; video=3; call/control=3

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Which two are the suggested minimum web-conferencing requirements for using Cisco Unified MeetingPlace Express in a LAN or WAN environment? (Choose two.)
A. DSL-There is a minimum 200-kbps downstream bandwidth and presenters have a 400-kbps upstream bandwidth.
B. DSL-There is a minimum 200-kbps downstream bandwidth and presenters have a 200-kbps upstream bandwidth.
C. DSL-There is a minimum 1000-kbps downstream bandwidth and presenters have a 1000-kbps upstream bandwidth.
D. LAN-There is a minimum 400-kbps downstream bandwidth and presenters have a 1000-kbps upstream bandwidth.
E. LAN-There is a minimum 400-kbps downstream bandwidth and presenters have a 400-kbps upstream bandwidth.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 28
What information should be provided when Cisco Unified MeetingPlace Express customers have technical issues that require assistance from the Cisco TAC?
A. MAC addresses of two NICs of their Cisco MCS 7800 Series
B. Infocapture Report
C. all SNMP traps from times of issue
D. Status Report
E. screen capture of the In-Session Monitoring Report
F. Port Utilization Report

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 29
Which two Cisco Unified MeetingPlace Express features can be accessed through the IP phone user interface? (Choose two.)
A. View roster of all invited attendees.
B. View current speaker.
C. Set profile for a new meeting.
D. Join a breakout session.
E. Use 0# to get assistance from Cisco TAC.
F. Mute or unmute another attendee’s phone.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Refer to the exhibit. CAC is being configured for the centralized call-processing video telephony network. Each video terminal is capable of a maximum data rate of 320 kbps, and two video terminals are planned for each site. The requirement is to make two simultaneous video calls between the central site and each remote site. The audio codec will be G.711. In order to ensure quality of service for calls, which action should be taken when configuring Cisco CallManager?

A. Set the location video call bandwidth between the central site and each remote site to 922 kbps.
B. Set the location video call bandwidth between the central site and each remote site to 384 kbps.
C. Set the location video call bandwidth between the central site and each remote site to 768 kbps.
D. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 922 kbps between the central site and each remote site.
E. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 384 kbps between the central site and each remote site.
F. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 768 kbps between the central site and each remote site.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 31
A customer has deployed a Cisco IPVC 3511 MCU E. Which three features will be available? (Choose three.)
A. connection to H.320 systems using up to four BRIs
B. connection to H.320 systems using up to two PRIs
C. audio transcoding
D. port configuration for both SCCP and H.323
E. conferencing up to 15 voice-activated sessions
F. conferencing up to 15 continuous presence sessions

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 32
A customer has a small group of users who do interactive video teaching from H.323 endpoints to H.320 videoconferencing systems. What should you do so that incoming calls can reach endpoints that are associated with a specific E.164 address?
A. Deploy an IPCC server and configure an IVR to act as a front end to the MCU.
B. Enable the DID capability that is built into the gateway.
C. Deploy the Cisco IP IVR.
D. Configure the DID in the Cisco CallManager.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 33
A customer is concerned with the complexity of configuring and maintaining the dial plan for a video network. Currently, the customer has 6 locations, but will grow to 22 locations after the customer makes a new acquisition. Which component will allow the customer to scale the video network and reduce the potential for improperly configured components?
A. multipoint control unit
B. Cisco Unified Videoconferencing gateway
C. multipoint control unit proxy
D. gatekeeper proxy
E. directory gatekeeper

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Refer to the exhibit. A customer is interested in using videoconferencing to link offices for regional, district, and area sales meetings. The customer currently uses IP telephony and has an IP WAN linking all the remote offices. The customer is concerned that a large number of videoconferences may use too much bandwidth, impacting the ability of other users to accomplish work on the network. How should MCUs be configured to support this customer and minimize bandwidth consumption?

A. a single-level conference with a centralized MCU at headquarters and cascaded media processors at each regional location
B. a two-level conference with a centralized MCU media processor at headquarters and cascaded media processors at each regional location
C. a single-level conference with a centralized media processor at headquarters and cascaded media processors at each regional location
D. a two-level conference with an MCU at headquarters and cascaded MCUs at each regional location

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Drag drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which three features are IP-videoconferencing MCU network enhancements? (Choose three.)
A. bandwidth optimization tools
B. full compliance with RFC 3261
C. interoperability with Microsoft Live Communication Server and Windows Messenger
D. improved serviceability such as alternate gatekeepers
E. RAI/RAC

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:

We provide thoroughly reviewed We provide thoroughly reviewed Cisco 642-481 using the training resources which are the best for Cisco 642-481 test, and to get certified by Microsoft Windows Store apps. It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco https://www.pass4itsure.com/642-481.html content and to print and share content.
using the training resources which are the best for Cisco 642-481 test, and to get certified by Microsoft Windows Store apps. It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 642-481 content and to print and share content.

Continue Reading

New Questions-100% Valid Cisco 642-447 New Questions for Cisco 642-447 Exam

Flydumps just published the newest Cisco 642-447 brain dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Cisco https://www.pass4itsure.com/642-447.html PDF and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Cisco 642-447 version VCE Player along with your VCE dumps.

Exam A
QUESTION 1
What are the three characteristics that govern the type of Cisco Unified Communications Manager deployment model? (Choose three.)
A. number of applications
B. size
C. type of applications
D. network characteristics
E. services provided by the PSTN carrier
F. geographical distribution

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which three of these are characteristics of multicast music on hold? (Choose three.)
A. It uses one-way RTP point-to-point.
B. There is a single user per audio stream.
C. Networks and devices have to support multicast.
D. It increments by IP address for different audio sources.
E. It uses the multicast group address 239.1.1.1 to 239.255.255.254.
F. It uses enterprise parameters to set the codec type or types used by music on hold services

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
The Bulk Provisioning Service needs to be activated prior to submitting a job through Cisco Unified Communications Manager BAT. Where is the Bulk Provisioning Service activated?
A. Cisco Unified Serviceability Service Activation
B. Cisco Unified OS Administration
C. Cisco Unified CM Administration
D. Cisco Unified Communications Manager Enterprise Parameters
E. Cisco Unified Communications Manager Service Parameters Bulk Provisioning Service

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 4
Refer to the exhibit.
Build Your Dreams PassGuide 642-447 Which of these statements are true?

A. 1001 can watch 1002, but not 1003.
B. 1002 can only watch 1003.
C. 1003 can only watch 1001.
D. 1001 can watch 1002 and 1003.
E. 1002 cannot watch any extension.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 5
If an IP phone has a device CSS that permits access to all internal and external numbers, which line CSS, would restrict access to toll free numbers?
A. block local, block international
B. block local, toll free and block international
C. block toll free
D. block local, block long distance, block toll free

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 6
DRAG DROP Build Your Dreams PassGuide 642-447
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which three of these are considered Cisco Unified Communications Manager Network services?
A. Cisco CallManager
B. Cisco Discovery Protocol
C. Cisco DB Replicator
D. Cisco Unified Communications Manager Administration
E. Cisco TFTP
F. Cisco DirSync

Correct Answer: BCD Section: (none) Explanation Explanation/Reference:
Build Your Dreams PassGuide 642-447

QUESTION 8
Which two of these describe how media resources and audio streams operate with Cisco Unified Communications Manager? (Choose two.)
A. Audio streams are terminated differently depending on the signaling protocol, such as SCCP or SIP.
B. All media resources register with Cisco Unified Communications Manager.
C. Signaling between Cisco Unified Communications Manager and hardware media resources uses the same protocol as the call-signaling type
D. Audio streams are always terminated by media resources.
E. There are no situations in which IP phone-to-IP phone audio streams will go directly between endpoints.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which two of these are required in order for Cisco Unified Communications Manager to support software conferencing? (Choose two.)
A. The Cisco IP Voice Media Streaming Application needs to be activated on the server running the conferencing service in the cluster
B. The service parameter for the Cisco IP Voice Media Streaming Application needs to have Run Flag set to True.
C. The software conference bridge resource needs to be configured in Cisco Unified Communications Manager.
D. The Cisco IP Voice Media Streaming Application needs to be activated for all servers in the cluster.
E. Under the Cisco IP Voice Media Streaming Application parameters, the conference bridge needs to have Run Flag set to True.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 10
When A CSV file is created for use with the Cisco Unified Communications Manager Auto-Register Phone Tool, how is the IP phone MAC address configured?
A. A dummy MAC address is entered for each phone in the CSV file.
B. The MAC address is left blank in the CSV file and Cisco Unified Communications Manager BAT imports the CSV file with the Create Dummy MAC Address option selected.
C. When the CSV file is created, the Create Dummy MAC Address option must be selected before the file is uploaded into the Cisco Unified Communications Manager BAT tool.
D. The MAC address is left blank in the CSV file and Cisco Unified Communications Manager Build Your Dreams PassGuide 642-447 BAT queries the Cisco Unified Communications Manager device database for the MAC address that matches the extension created in the CSV file.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 11
Which three Cisco Unified Communications Manager settings can be used to support IP phone services? (Choose three.)
A. Device Defaults
B. Enterprise Parameters
C. IP Phone Service Configuration window
D. Common Phone Profile
E. Service Parameters
F. Phone Configuration window

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 12
If no SIP dial rules are configured on an IP phone, at what point in the collection of digits does a Type A SIP phone send digits to the Cisco Unified Communications Manager? (Choose two.)
A. when the interdigit timer expires
B. when the collected digits match a SIP dial rule
C. when the user presses the Dial softkey
D. as each digit is collected (it is sent for analysis)
E. when the user presses the # key

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Refer to the exhibit.
Build Your Dreams PassGuide 642-447 There is a translation pattern that prefixes +1 to the calling number 3013013001. Assume the gateway is configured with a calling party transformation CSS that contains the HQ_clng_pty_pt partition. When 3013013001 places a call to the PSTN, what is the caller ID as it egresses the gateway.

A. 3013001
B. 3013013001
C. +13013001
D. +13013013001
E. 13013013001

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit.
Build Your Dreams PassGuide 642-447 What is the output displayed on the IP phone when the incoming calling number is 00492288224002?

A. +492288224002
B. +00492288224002
C. +0049I288224002
D. +49128822400
E. +49122288224002
F. +491288224002

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which two of these are characteristics of multicast music on hold? (Choose two.)
A. It uses one-way RTP point-to-point.
B. There is a single user per audio stream.
C. Networks and devices have to support multicast.
D. It decrements by port number for different audio sources.
E. It uses the multicast group address 239.1.1.1 to 239.255.255.254.
F. It uses service parameters to set the codec type or types that are used by conferencing services

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which two Cisco Unified Communications Manager BAT features provide a robust alternative to DRF? (Choose two.)
A. performs bulk transactions for Cisco Unified Communications Manager
B. exports data (phones, users, gateways, and so on); exported files can be modified and re-imported
C. supports globalization
D. has an import and export function that can be used to move data records from one Cisco Unified Communications Manager cluster to another Build Your Dreams PassGuide 642-447
E. exports data (phones, users, gateways, and so on); exported files can be modified and re-imported in the Active Directory database

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Which information is provided to the IP phone from the TFTP server?
A. the IP address of the DNS server
B. device configuration files and firmware upgrade files
C. time and date information
D. the name resolution protocol that allows IP applications to refer to other systems by logical names instead of IP addresses

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
What is the maximum number of call processing servers supported in a single cluster?
A. 5
B. 8
C. 10
D. 12
E. 20
F. 24

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
If an IP phone loses connectivity with its primary server and registers with its backup server, what happens when connectivity to the primary server is restored?
A. The IP phone will try to re-establish a connection to the primary server every 90 seconds.
B. The IP phone will continuously try to re-establish a connection with the primary server; if successful, the IP phone will re-register with the primary.
C. Once the IP phone registers with the backup server, the administrator will need to reset the IP phone for it to re-register with the primary server.
D. Once connectivity is re-established with the primary server, the IP phone will wait until there have been three successful TCP keepalive exchanges before it will re-register with the primary server.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 20
Build Your Dreams PassGuide 642-447
DRAG DROP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:

The Cisco https://www.pass4itsure.com/642-447.html training is a vital way of becoming the best. This certification has helped the candidates to enhance their capabilities by providing a great learning platform to them so that they can polish their skills.

Continue Reading