Cisco 642-552 Testing, Prepare for the Cisco 642-552 PDF-Answers For Sale
Attention Please:Professional new version Cisco 642-552 PDF and VCE dumps can now free download on Flydumps.com,all are updated timely by our experts covering all Cisco 642-552 new questions and questions.100 percent pass your exam.
QUESTION 53
To verify role-based CLI configurations, which Cisco IOS CLI commands do you need use to verify a view?
A. parser view view-name, then use the ? to verify the available commands
B. enable view view-name, then use the ? to verify the available commands
C. enable view, then use the parser view view-name to verify the available commands
D. show view view-name to verify the available commands
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 54
Why does PAT fail with ESP packets?
A. because ESP is a portless protocol riding directly over IP, ESP prevents the PAT from creating IP address and port mappings
B. because using tunnel mode, ESP includes the outer IP header in computing the ICV, thus if PAT modifies the outer IP header, the ICV will fail
C. because ESP does not support tunnel mode
D. because the ESP header is encrypted
E. because ESP uses dynamic port number
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
What is a potential security weakness of traditional stateful firewall?
A. cannot support non-TCP flows
B. retains the state of user data packet and dynamically assigned ports in the state table
C. cannot track the state of each connection setup to ensure that each connection follows a legitimate TCP three-way handshake
D. cannot detect application-layer attacks
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
How does an application-layer firewall work?
A. examines the data in all network packets at the application layer and maintains complete connection state and sequencing information
B. operates at Layers 3, 4 and 5, and keeps track of the actual application communication process by using an application table
C. determines whether the connection between two applications is valid according to configurable rules
D. allows an application on your private network that does not have a valid registered IP address to communicate with other applications through the Internet
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which IKE function is optional?
A. authentication during SA negotiation
B. XAUTH protocol for user authentication
C. Quick Mode for IKE Phase 2
D. IKE SA establishment
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which of these two ways does Cisco recommend that you use to mitigate maintenance-related threats? (Choose two.)
A. Maintain a stock of critical spares for emergency use.
B. Ensure that all cabling is Category 6.
C. Always follow electrostatic discharge procedures when replacing or working with internal router and switch device components.
D. Always wear an electrostatic wrist band when handling cabling, including fiber-optic cabling.
E. Always employ certified maintenance technicians to maintain mission-critical equipment and cabling.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which security log messaging method is the most common message logging facility and why?
A. SNMP traps, because the router can act as an SNMP agent and forward SNMP traps to an external SNMP server
B. buffered logging, because log messages are stored in router memory and events are cleared whenever the router is rebooted
C. console logging, because security messages are not stored and do not take up valuable storage space on network servers
D. syslog, because this method is capable of providing long-term log storage capabilities and supporting a central location for all router messages
E. logging all events to the Cisco Incident Control System to correlate events and provide recommended mitigation actions
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Using 802.1x authentication on a WLAN offers which advantage?
A. enforces a set of the policy statements that regulate which resource to protect and which activities are forbidden
B. allows inbound and outbound packet filter rules to be established at the interface level of a device
C. limits access to network resources based on user login identity; especially suited for large mobile user populations
D. enforces security policy compliance on all devices seeking to access network computing resources
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What is the primary type of intrusion prevention technology used by Cisco IPS security appliances?
A. profile-based
B. rule-based
C. signature-based
D. protocol analysis-based
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Using a stateful firewall, which information is stored in the stateful session flow table?
A. the outbound and inbound access rules (ACL entries)
B. the source and destination IP addresses, port numbers, TCP sequencing information, and additional flags for each TCP or UDP connection associated with a particular session
C. all TCP and UDP header information only
D. all TCP SYN packets and the associated return ACK packets only
E. the inside private IP address and the translated global IP address
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Drag Drop
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 64
How does an application-layer firewall work?
A. examines the data in all network packets at the application layer and maintains complete connection state and sequencing information
B. operates at Layers 3, 4 and 5, and keeps track of the actual application communication process by using an application table
C. determines whether the connection between two applications is valid according to configurable rules
D. allows an application on your private network that does not have a valid registered IP address to communicate with other applications through the Internet
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
All most all IT professionals are familiar with the Cisco 642-552 exam and dream to have that top most demanding certification. This is the top level certification from CISCO that is accepted universally. You can get your desired career which you dreamed with passing Cisco 642-552 test and getting the certificate.