Pass4sure Cisco Certification

Securing Cisco Network Devices Exam

Last day to test 01/31/07
Exam Number: 642-551
Associated Certifications: CCSP, Cisco Firewall, Cisco IPS, and Cisco VPN Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Cisco Network Devices 642-551 SND exam forms the foundation of the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the SND course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, and verify basic security features of Cisco Layer 2 devices, Cisco Routers, Cisco IDS/IPS Sensors, Cisco VPN 3000 Concentrators, and Cisco PIX Security Appliances.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe the products in the Cisco security portfolio and explain how they mitigate security threats to a network
Identify the appropriate devices to secure a network
Identify the appropriate device feature to secure a network
Describe the difference in functionality and capabilities of the different security devices
Identify security issues with common management protocols
Describe threats to a network and network devices
Identify different techniques to deal with security threats

Describe the security features available for a Cisco Layer 2 device in a secure network
Identify security features on a Layer 2 device
Describe basic security feature configurations on a Layer 2 device

Implement security on a Cisco IOS Router
Identify mitigation techniques for common physical router security threats
Configure router for secure administrative access
Implement basic AAA for router administrative authentication
Configure AutoSecure to harden Cisco routers
Configure router access lists to secure networks
Configure security for router services and interfaces
Implement Syslog logging
Identify major components of the SDM

Describe and configure Cisco IPS and HIPS
Configure user accounts
Describe and configure Network Access lists
Describe how the sensor device is secure by default
Install the sensor on the network
Describe the methods used to access a sensor
Describe the process for displaying the sensor configuration
Identify major components of IDM
Describe basic sensor operations
Describe the process of using alarms to identify network attacks
Identify the appropriate platform required to install the CSA MC
Configure the default group
Describe the process of agent kit deployment and verifying management of the agent
Describe key features and concepts of VMS
Describe the interoperability of the components of VMS
Describe the hardware and software requirements of VMS

Configure and verify basic remote access on a Cisco VPN 3000 Concentrator
Perform an initial configuration
Configure users and groups
Configure VPN clients
Verify IPSec tunnel establishment

Implement a Cisco PIX security appliance
Describe basic PIX security appliance hardware and software architecture
Identify appropriate PIX security appliance hardware and software configuration
Configure basic network settings using CLI
Configure basic interface features on a PIX security appliance
Verify initial configurations
Identify major components of the PDM
Configure static address translation
Configure Network Address Translation
Configure firewall to secure inbound traffic
Verify inbound traffic restrictions
Describe basic IPSec topologies
Define the services provided by IPSec
Describe the IPSec protocol framework
Describe the IPSec algorithm framework
Describe the concepts of split tunneling
Describe the various authentication methods
Describe how the PIX security appliance uses IPSec to secure networks

Question: 1
What is a reconnaissance attack?

A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft
Answer: B Explanation:
Attackers and hackers can employ social engineering techniques to pose as legitimate people
seeking out information. A few well structured telephone calls to unsuspecting employees can provide a significant amount of information

Incorrect::
A – Is called ‘Access attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’ D – Is called ‘Denial of Service (DOS) attacks’
E – This is an example of social engineering

Question: 2
Which communication protocol is used by the administrator workstation to communicate with the
CSA MC?

A. SSH B. Telnet
C. HTTPS D. SSL
Answer: D Explanation:
Management Center for Cisco Security Agent (CSA MC) uses a Secure Sockets Layer
(SSL)-enabled web interface.

Question: 3
What should be the first step in migrating a network to a secure infrastructure?

A. developing a security policy
B. securing the perimeter
C. implementing antivirus protection
D. securing the DMZ
Answer: A Explanation:
The development of a security policy is the first step to a secure infrastructure, without this availability of your network will be compromised.

TK

Exam Name: Securing Cisco Network Devices
Exam Type Cisco
Exam Code: 642-551 Total Questions: 62

Question: 4
Select two ways to secure hardware from threats. (Choose two.)

A. The room must have steel walls and doors. B. The room must be static free.
C. The room must be locked, with only authorized people allowed access.
D. The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry other than the secured access point.
Answer: C, D Incorrect:
A – Not a required element.
B – Is called ‘Environment Threat mitigation’

Question: 5
At which layer of the OSI model does a proxy server work?

A. data link
B. physical
C. application
D. network
E. transport
Answer: C Explanation:
A proxy server is an application

Question: 6
Which command on the Cisco PIX Security Appliance is used to write the current running config
to the Flash memory startup config?

A. write terminal
B. write config
C. write memory
D. write startup config
Answer: C Incorrect:
A – Shows running configuration on screen, like show running-configuration
B – No such command
D – No such command

Question: 7
What is a description of a promiscuous PVLAN port?

A. It has a complete Layer 2 separation from the other ports within the same PVLAN. B. It can only communicate with other promiscuous ports.
C. It can communicate with all interfaces within a PVLAN. D. It cannot communicate with other ports.

Answer: C

TK

Exam Name: Securing Cisco Network Devices
Exam Type Cisco
Exam Code: 642-551 Total Questions: 62

Incorrect:
A – This is called ‘Isolated’
B – This is called ‘Community’ D – No such PVLAN

Question: 8
How do you enable a host or a network to remotely access the Cisco IPS/IDS sensor?

A. Configure static routes.
B. Configure dynamic routing. C. Configure allowed hosts.
D. Configure DHCP.
Answer: C Explanation:
The Allowed Hosts option enables you to define which IP addresses are allowed to access the sensor via its management interface.

Question: 9
In which version did NTP begin to support cryptographic authentication?

A. version 5
B. version 4
C. version 3
D. version 2
Answer: C Explanation:
Version 3 or above is required to support Cryptographic authentication mechanism between peers.

Question: 10
What must be configured on a network-based Cisco IDS/IPS to allow to monitor traffic?

A. Enable rules.
B. Enable signatures. C. Disable rules.
D. Disable signatures.
Answer: B Question: 11
What is a DoS attack?

A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your computer system, or denies you and others access to your networks, systems, or services

Answer: D

TK

Exam Name: Securing Cisco Network Devices
Exam Type Cisco
Exam Code: 642-551 Total Questions: 62

Explanation:
These attacks are when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or deny services or access to networks, systems, or services.

Incorrect:
A – Is called ‘Access attacks’
B – Is called ‘Reconnaissance attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’

Question: 12
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN?

A. remote-access VPN B. overlay VPN
C. WAN-to-WAN VPN D. site-to-site VPN
E. SSL VPN
Answer: D Explanation:
Site-to-site VPNs can be deployed using a wide variety of Cisco VPN Routers. Cisco VPN routers provide scalability through optional encryption acceleration. The Cisco VPN router portfolio
provides solutions for small office and home office (SOHO) access through centralsite VPN
aggregation. SOHO solutions include platforms for fast-emerging cable and DSLaccess technologies.

Incorrect:
A – This VPN solution connects telecommuters and mobile users securely and cost-effectively to corporate network resources from anywhere in the world over any access technology.

Question: 13
Which method of mitigation packet-sniffer attacks is most cost effective?

A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography
Answer: D Explanation:
Cryptography: Rendering packet sniffers irrelevant is the most effective method for countering packet sniffers.
Cryptography is even more effective than preventing or detecting packet sniffers. If a communication channel is cryptographically secure, the only data a packet sniffer detects is
cipher text (a seemingly random string of bits) and not the original message.

Question: 14
Which encryption method uses a 58-bit to ensure high-performance encryption?

A. 3DES B. AES C. RSA
Free 642-551 Exams’s PDF Download
Free Testking offers free demo for 642-551 PDF(Securing Cisco Network Devices Exam). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all Securing Cisco Network Devices Exam.

Recommended Training about 642-551 exam PDF
The following courses are the recommended training for 642-551 exam PDF.
642-551 Q & A with Explanations
642-551 Audio Exam
642-551 Study Guide
642-551 Preparation Lab

Exam Number/Code: 642-551
Exam Name: Securing Cisco Network Devices Exam
VUE Code: 642-551
Questions Type: Single choice,
Question Numbers of Real-exam: 60-70 questions

“Securing Cisco Network Devices Exam”, also known as 642-551 exam, is a Cisco certification.
Preparing for the 642-551 exam? Searching 642-551 Test Questions, 642-551 Practice Exam, 642-551 Dumps?

With the complete collection of questions and answers, Pass4sure has assembled to take you through 62 Q&As to your 642-551 Exam preparation. In the 642-551 exam resources, you will cover every field and category in VPN and Security helping to ready you for your successful Cisco Certification.

Questions and Answers : 62 Q&As
Updated: April 18th , 2008
Market Price: $129.99
Member Price: $89.99

Free Pass4sure 642-551 SND
Interactive Testing Engine Included!
62 Questions
Updated : 09/18/2008
Price : $87.99 $79.99

Free download?pass4sure 642-551 SND
Free download?testking 642-551 SND

PassGuide Braindumps: provides high quality Cisco exam practice questions and Training Materials.Hel you Pass Cisco Certifications

Download Free Latest Pass4sure P4S PassForsure Braindumps

1. Free pass4sure cisco ccsp dumps 2.83
2. Free New pass4sure cisco ccsp dumps 2.83
3. Free Pass4sure 642-503 SNRS 2.93
4. Free Pass4sure 642-502 SNRS 2.93
5. Free Pass4sure 642-552 SND 2.83
6. Free pass4sure 642-515 SNAA 2.83
7. Free Pass4sure Cisco Dumps 2.73
8. Free Pass4sure cisco ccsp 642-504 2.93
9. Free Pass4sure 642-532 IPS 2.83
10. Free Pass4sure cisco ccnp exams 2.83