您好,欢迎来到江浙沪招生考试网 !

设为首页|加入收藏|联系我们|网站地图|

江浙沪招生考试网

您现在的位置: test4exam >> 历年真题 >> it认证题库 >> 正文

思科认证Cisco 642-551题库

日期:2015-9-2 16:40:52 来源:本站原创 访问量:
1. What should be the first step in migrating a network to a secure infrastructure? 
 A. developing a security policy 
 B. securing the perimeter 
 C. implementing antivirus protection 
 D. securing the DMZ 
Answer:A 
2. What is a reconnaissance attack? 
 A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges 
 B. when an intruder attempts to discover and map systems, services, and vulnerabilities 
 C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself,
or deny services or access to networks, systems, or services 
 D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies
you and others access to your networks, systems, or services 
 E. when an intruder attempts to learn user IDs and passwords that can later be used in identity theft 
Answer:B 
3. What is a DoS attack? 
 A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate access privileges 
 B. when an intruder attempts to discover and map systems, services, and vulnerabilities 
 C. when malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself,
or deny services or access to networks, systems, or services 
 D. when an intruder attacks your network in a way that damages or corrupts your computer system, or denies
you and others access to your networks, systems, or services 
Answer:D 
4. Select two ways to secure hardware from threats. (Choose two.) 
 A. The room must have steel walls and doors. 
 B. The room must be static free. 
 C. The room must be locked, with only authorized people allowed access. 
 D. The room should not be accessible via a dropped ceiling, raised floor, window, ductwork, or point of entry
TestInside    642-551
other that the secured access point. 
Answer:CD 
5. Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec VPN? 
 A. remote-access VPN 
 B. overlay VPN 
 C. WAN-to-WAN VPN 
 D. site-to-site VPN 
 E. SSL VPN 
Answer:D 
6. Packet sniffers work by using a network interface card in which mode? 
 A. inline 
 B. cut-through 
 C. promiscuous 
 D. Ethernet 
 E. passive 
Answer:C 
7. Which method of mitigating packet-sniffer attacks is most effective? 
 A. authentication 
 B. switched infrastructure 
 C. antisniffer tools 
 D. cryptography 
Answer:D 
8. Which management protocol is used to synchronize the clocks across a network? 
 A. SNMP 
 B. syslog 
 C. NTP 
 D. TFTP 
TestInside    642-551
Answer:C 
9. In which Cisco Catalyst Series switches can the Firewall Services Modules be installed? 
 A. Catalyst 2900 and 3500 XL Series 
 B. Catalyst 1900 and 2000 Series 
 C. Catalyst 4200 and 4500 Series 
 D. Catalyst 6500 and 7600 Series 
Answer:D 
10. Where is the Cisco Security Agent installed? 
 A. on a router 
 B. on a switch 
 C. on a host 
 D. on a hub 
Answer:C 
11. Which component within the Cisco Network Admission Control architecture acts as the policy server for
evaluating the endpoint security information that is relayed from network devices, and for determining the
appropriate access policy to apply? 
 A. CiscoWorks 
 B. CiscoWorks VMS 
 C. Cisco Secure ACS 
 D. Cisco Trust Agent 
 E. Cisco Security Agent 
Answer:C 
12. Which command sets the minimum length of all Cisco IOS passwords? 
 A. password min-length length 
 B. min-length security length 
 C. enable secret min-length 
 D. security passwords min-length length 
TestInside    642-551
Answer:D 
13. Which command is used to encrypt passwords in the router configuration file? 
 A. service password-encryption 
 B. password-encryption 
 C. enable password encryption 
 D. encrypt password 
Answer:A 
14. Which method of authentication is considered the strongest? 
 A. S/Key (OTP for terminal login) 
 B. username and password (aging) 
 C. token cards or SofTokens using OTP 
 D. username and password (static) 
Answer:C 
15. Which Cisco IOS command enables the AAA access-control commands and functions on the router, and
overrides the older TACACS and extended TACACS commands? 
 A. no aaa authentication login default enable 
 B. aaa authentication login default local 
 C. aaa new-model 
 D. login authentication default 
 E. no login authentication default 
Answer:C 
16. Which two protocols does Cisco Secure ACS use for AAA services? (Choose two.) 
 A. TACACS+ 
 B. Telnet 
 C. SSH 
 D. RADIUS 
 E. SSL 
TestInside    642-551
 F. SNMP 
Answer:AD 
17. Which authentication method is based on the 802.1x authentication framework, and mitigates several of the
weaknesses by using dynamic WEP and sophisticated key management on a per-packet basis? 
 A. PAP 
 B. CHAP 
 C. LEAP 
 D. ARAP 
Answer:C 
18. Which command globally disables CDP? 
 A. no cdp 
B. cdp disable 
 C. no cdp enable 
 D. no cdp run 
Answer:D 
19. Which protocol does the Cisco Web VPN solution use? 
 A. SSH 
 B. Telnet 
 C. SSL 
 D. IPSec 
 E. XML 
Answer:C 
20. Which type of access control list can secure multichannel operations that are based on upper-layer
information? 
 A. dynamic 
 B. CBAC 
 C. reflexive 
TestInside    642-551
 D. time-based 
Answer:B 
21. To which router platform can Turbo ACLs be applied? 
 A. Cisco 800 Router 
 B. Cisco 2600 Series Router 
 C. Cisco 3500 
 D. Cisco 7200 Router 
Answer:D 
22. At which location in an access control list is it recommended that you place the more specific entries? 
 A. in the middle of the access control list 
 B. higher in the access control list 
 C. lower in the access control list 
 D. at the bottom of the access control list 
Answer:B 
23. In which version did NTP begin to support cryptographic authentication? 
 A. version 5 
 B. version 4 
 C. version 3 
 D. version 2 
Answer:C 
24. When Cisco routers are configured for SSH, how do they act? 
 A. as SSH servers 
 B. as SSH clients 
 C. as SSH and SSL servers 
 D. as SSH and SSL clients 
 E. as SSH accelerators 
 F. as SSH proxies 
TestInside    642-551
Answer:A 
25. Which command is used to configure syslog on a Cisco router? 
 A. syslog 
 B. logging 
 C. logging-host 
 D. syslog-host 
Answer:B 
26. What is considered the main administrative vulnerability of Cisco Catalyst switches? 
 A. SNMP 
 B. Telnet 
 C. poor passwords 
 D. poor encryption 
Answer:C 
27. When port security is enabled on a Cisco Catalyst switch, what is the default action when the configured
maximum of allowed MAC addresses value is exceeded? 
 A. The port is shut down. 
 B. The port is enabled and the maximum number automatically increases. 
 C. The MAC address table is cleared and the new MAC address is entered into the table. 
 D. The MAC address table is shut down. 
Answer:A 
28. What are the three types of private VLAN ports? (Choose three.) 
 A. typical 
 B. isolated 
 C. nonisolated 
 D. promiscuous 
 E. community 
 F. bridging 
TestInside    642-551
Answer:BDE 
29. What is a description of a promiscuous PVLAN port? 
 A. It has a complete Layer 2 separation from the other ports within the same PVLAN. 
 B. It can only communicate with other promiscuous ports. 
 C. It can communicate with all interfaces within a PVLAN. 
 D. It cannot communicate with any other ports. 
Answer:C 
30. Which method does a Cisco firewall use for packet filtering? 
 A. inspection rules 
 B. ACLs 
 C. security policies 
 D. VACLs 
Answer:B 
31. At which layer of the OSI model does a proxy server work? 
 A. data link 
 B. physical 
 C. application 
 D. network 
 E. transport 
Answer:C 
32. Which connections does stateful packet filtering handle? 
 A. TCP and UDP 
 B. packet 
 C. TCP only 
 D. ICMP 
Answer:A 
TestInside    642-551 33. Which browser-based configuration device can be used to monitor and manage multiple Cisco PIX Security
Appliances? 
 A. Cisco PIX Device Manager 
 B. Cisco ASA Device Manager 
 C. Firewall Management Center 
 D. PIX Management Center 
Answer:C 
34. Which administrative access mode for the Cisco PIX Security Appliance allows you to change the current
settings? 
 A. unprivileged mode 
 B. privileged mode 
 C. configuration mode 
 D. monitor mode 
Answer:B 
35. Which administrative access mode for the Cisco PIX Security Appliance allows you to view a restricted and
limited view of current settings? 
 A. unprivileged mode 
 B. privileged mode 
 C. configuration mode 
 D. monitor mode 
Answer:A 
36. Which type of VPN is considered an extension of a classic WAN? 
 A. remote-access VPN 
 B. site-to-site VPN 
 C. GRE VPN 
 D. L2TP VPN 
Answer:B 
TestInside    642-551 37. The DH exchange used to generate the shared secret keys occurs in which IKE and exchange phase? 
 A. first exchange 
 B. second exchange 
 C. third exchange 
 D. fourth exchange 
Answer:B 
38. Which command on the Cisco PIX Security Appliance is used to write the current running config to the Flash
memory startup config? 
 A. write terminal 
 B. write config 
 C. write memory 
 D. write startup config 
Answer:C 
39. Which command is used to reboot the Cisco PIX Security Appliance? 
 A. reboot 
 B. restart 
 C. boot 
 D. reload 
Answer:D 
40. What is the default security-level definition setting for the outside interface for the Cisco PIX Security
Appliance? 
 A. 0 
 B. 100 
 C. 50 
 D. 25 
Answer:A  
TestInside    642-551 41. What is the purpose of the global command on the Cisco PIX Security Appliance? 
 A. to set up the IP addresses on an interface 
 B. to enable global configuration mode 
 C. to create a pool of one or more IP addresses for use in NAT and PAT 
 D. to enable global NAT 
Answer:C 
42. What would the following command indicate if it were used on the Cisco PIX Security Appliance? 
nameif ethernet2 dmz security50 
 A. The administrator is naming an Ethernet interface only. 
 B. The administrator is assigning a security level only. 
 C. The administrator is removing a named interface. 
 D. The administrator is naming an interface and assigning a security level to it. 
Answer:D 
43. Which command would be used on the Cisco PIX Security Appliance to show the pool of addresses to be
translated? 
 A. show nat 
 B. show xlate 
 C. show global 
 D. show conn 
Answer:C 
44. With IPSec operation, what happens when a basic set of security services are negotiated and agreed upon
between peers? 
 A. data transfer 
 B. IKE Phase 1 
 C. IPSec tunnel termination 
 D. IKE Phase 2 
Answer:B 
TestInside    642-551 45. Which encryption method uses a 56-bit key to ensure high-performance encryption? 
 A. 3DES 
 B. AES 
 C. RSA 
 D. DES 
Answer:D 
46. What are the four critical services of IPSec functions? (Choose four.) 
 A. replay protection 
 B. confidentiality 
 C. data integrity 
 D. data mining 
 E. origin authentication 
 F. anti-replay protection 
Answer:BCEF 
47. What is a set of conditions that, when met, indicates that an intrusion is occurring or has occurred? 
 A. rules 
 B. state tables 
 C. signatures 
 D. master parameters 
Answer:C 
48. Which CSA object contains associations with policies and can accept hosts as members? 
 A. Groups 
 B. Policies 
 C. Variables 
 D. Agent Kits 
Answer:A 
49. Which communication protocol is used by the administrator workstation to communicate with the CSA MC? 
TestInside    642-551
 A. SSH 
 B. Telnet 
 C. HTTPS 
 D. SSL 
Answer:D 
50. During which phase of an attack does the attacker attempt to identify targets? 
 A. penetrate 
 B. propagate 
 C. persist 
 D. probe 
 E. paralyze 
Answer:D
相关阅读

Copyright ©2013-2015 江浙沪招生考试网 All Rights Reserved.
地址: 苏州市姑苏区阊胥路483号(工投创业园)  电话:0512-85551931 邮编: 214000 苏ICP备15050684号-2
邮箱: [email protected] 技术支持: 苏州迈峰教育科技 黔ICP备15012612号