Home » CCSP » 642-551 New Questions – Recent Updated New Cisco 642-551 Dumps with New PDF & VCE

Cisco Exam Dumps

Latest Cisco CCNA dumps

Latest Cisco DevNet dumps

Latest Cisco CCNP dumps

Latest Cisco CCIE dumps

Latest Cisco CCDE dumps

Latest Cisco Special dumps

All Cisco dumps

642-551 New Questions – Recent Updated New Cisco 642-551 Dumps with New PDF & VCE

Flydumps bring you the best Cisco 642-551 exam preparation materials which will make you pass in the first attempt.And we also provide you all Cisco 642-551 exam updates as Microsoft announces a change in its Cisco 642-551 exam syllabus,we inform you about it without delay.

Exam A
QUESTION 1
What is a reconnaissance attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Attackers and hackers can employ social engineering techniques to pose as legitimate people
seeking out information. A few well structured telephone calls to unsuspecting employees can provide a
significant amount of information Incorrect:
A – Is called ‘Access attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’
D – Is called ‘Denial of Service (DOS) attacks’
E – This is an example of social engineering
QUESTION 2
Which communication protocol is used by the administrator workstation to communicate with the CSA MC?
A. SSH
B. Telnet
C. HTTPS
D. SSL

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Management Center for Cisco Security Agent (CSA MC) uses a Secure Sockets Layer (SSL)-enabled web interface.

QUESTION 3
What should be the first step in migrating a network to a secure infrastructure?
A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The development of a security policy is the first step to a secure infrastructure, without this availability of your network will be compromised.
QUESTION 4
Select two ways to secure hardware from threats. (Choose two.)
A. The room must have steel walls and doors.
B. The room must be static free.
C. The room must be locked, with only authorized people allowed access.
D. The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation: -Incorrect:
A – Not a required element.
B – Is called ‘Environment Threat mitigation’
QUESTION 5
At which layer of the OSI model does a proxy server work?
A. data link
B. physical
C. application
D. network
E. transport

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
A proxy server is an application
QUESTION 6
Which command on the Cisco PIX Security Appliance is used to write the current running config to the Flash memory startup config?
A. write terminal
B. write config
C. write memory
D. write startup config

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect: A – Shows running configuration on screen, like show running-configuration B – No such command D – No such command
QUESTION 7
What is a description of a promiscuous PVLAN port?
A. It has a complete Layer 2 separation from the other ports within the same PVLAN.
B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN.
D. It cannot communicate with other ports.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Incorrect:
A – This is called ‘Isolated’
B – This is called ‘Community’
D – No such PVLAN

QUESTION 8
How do you enable a host or a network to remotely access the Cisco IPS/IDS sensor?
A. Configure static routes.
B. Configure dynamic routing.
C. Configure allowed hosts.
D. Configure DHCP.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
The Allowed Hosts option enables you to define which IP addresses are allowed to access the sensor via
its management interface.

QUESTION 9
In which version did NTP begin to support cryptographic authentication?
A. version 5
B. version 4
C. version 3
D. version 2

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Version 3 or above is required to support Cryptographic authentication mechanism between peers.

QUESTION 10
What must be configured on a network-based Cisco IDS/IPS to allow to monitor traffic?
A. Enable rules.
B. Enable signatures.
C. Disable rules.
D. Disable signatures.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 11
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
These attacks are when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny services or access to networks, systems, or services.
Incorrect:
A – Is called ‘Access attacks’
B – Is called ‘Reconnaissance attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’

QUESTION 12
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN?
A. remote-access VPN
B. overlay VPN
C. WAN-to-WAN VPN
D. site-to-site VPN
E. SSL VPN

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Site-to-site VPNs can be deployed using a wide variety of Cisco VPN Routers. Cisco VPN routers provide
scalability through optional encryption acceleration. The Cisco VPN router portfolio provides solutions for
small office and home office (SOHO) access through centralsite VPN aggregation. SOHO solutions include
platforms for fast-emerging cable and DSLaccess technologies.
Incorrect:
A – This VPN solution connects telecommuters and mobile users securely and cost-effectively to corporate
network resources from anywhere in the world over any access technology.

QUESTION 13
Which method of mitigation packet-sniffer attacks is most cost effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Cryptography: Rendering packet sniffers irrelevant is the most effective method for countering packet sniffers. Cryptography is even more effective than preventing or detecting packet sniffers. If a communication channel is cryptographically secure, the only data a packet sniffer detects is cipher text (a seemingly random string of bits) and not the original message.
QUESTION 14
Which encryption method uses a 56-bit to ensure high-performance encryption?
A. 3DES
B. AES
C. RSA
D. DES

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Incorrect: A – 3DES 3*56bits B – Advanced Encryption Standard C – It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography.
QUESTION 15
In which Cisco Catalyst Series switches can the Firewall Service Modules be installed?
A. Catalyst 2900 and 3500 XL Series
B. Catalyst 1900 and 2000 Series
C. Catalyst 4200 and 4500 Series
D. Catalyst 6500 and 7600 Series

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
QUESTION 16
Which protocol does the Cisco Web VPN solution use?
A. SSH
B. Telnet
C. SSL
D. IPSec
E. XML

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/ networking_solutions_sub_solution_home.html
QUESTION 17
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Probe phase: The attacker identifies vulnerable targets in this phase. The goal of this phase is to find computers that can be subverted. Internet Control Message Protocol (ICMP) ping scans are used to map networks, and application port scans identify operating systems and vulnerable software. Passwords can be obtained through social engineering, a dictionary attack, a brute-force attack, or network sniffing. Incorrect: A – Phase 2 B – Phase 4 C – Phase 3 D – Phase 5
QUESTION 18
What are the three types of private VLAN ports? (Choose three.)
A. typical
B. isolated
C. nonisolated
D. promiscuous
E. community
F. bridging

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
Explanation:
There are three types of PVLAN ports:
Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and
community ports within a PVLAN.
Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN,
but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from
promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports. Community:
Community ports communicate among themselves and with their promiscuous ports. These interfaces are
separated at Layer 2 from all other interfaces in other communities or isolated ports within their PVLAN.

QUESTION 19
What is considered the main administrative vulnerability of Cisco Catalyst switches?
A. SNMP
B. Telnet
C. Poor passwords
D. Poor encryption

Correct Answer: C Section: (none) Explanation Explanation/Reference:
Explantion:
By default, a Cisco switch shows the passwords in plaintext for the following settings in the configuration
file: the .enable. password, the username password, the console line and the virtual terminal lines.
Using the same password for both the enable secret and other settings on a switch allows forpotential
compromise because the password for certain settings (for example, telnet) may be in plaintext and can be
collected on a network using a network analyzer. Also, setting the same password for the .enable secret.
passwords on multiple switches provides a single point of failure because one compromised switch
endangers other switches.

QUESTION 20
Click and drag the four steps to mitigating worm attacks in order from step 1 to steep 4.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:

Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
1.
Containment: Contain the spread of the worm inside your network and within your network. Compartmentalize parts of your network that have not been infected.

2.
Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.

3.
Quarantine: Track down each infected machine inside your network. Disconnect, remove, or block

infected machines from the network.

4.
Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.

Flydumps is ready to provide Cisco 642-551 candidates with Cisco 642-551 training materials which can be very much helpful for getting Cisco 642-551 certification, which means that candidates.Cisco 642-551 can easily get access to the services of Cisco 642-551 for practice exam, which will assure them 100% Cisco 642-511 success rate.Though Cisco642-551 tests are not easy at all, but they do not make Cisco 642-551 things complicated.

Categories

Microsoft Exam Dumps

Microsoft Azure Exam Dumps

Microsoft Data Exam Dumps

Microsoft Dynamics 365 Exam Dumps

Microsoft 365 Exam Dumps

Microsoft Fundamentals Exam Dumps

Microsoft Certified Exam Dumps

Microsoft MTA Exam Dumps

More… Microsoft Exam Dumps