Actualtests CCSP 642-542
Cisco SAFE Implementation Exam : 642-542 Exam
642-542 CSI
Cisco SAFE Implementation Exam
Exam Number: 642-542
Associated Certifications: CCSP
Duration: 105 minutes (70-80 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.
Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Security Fundamentals
Need for network security
Components of a complete security policy
Primary network threats and attacks
Common attacks and recommended mitigation techniques
Security issues implicit in common management protocols
SAFE Blueprint Overview
SAFE Blueprint Overview
Design Fundamentals
SAFE Axioms
The Cisco Security Portfolio
Cisco Security Portfolio Overview
Secure Connectivity-Cisco VPN 3000 Concentrator and Cisco VPN Optimized IOS
Perimeter Security Firewalls-Cisco PIX Firewall and Cisco IOS Firewall
Intrusion Protection-IDS
Identity-CSACS
Security Management-VMS
Cisco AVVID
SAFE Small Network Design
Small Network Design Overview
Small Network Corporate Internet Module
Small Network Campus Module
Implementation-ISP Router
Implementation-Cisco IOS Firewall
Implementation-PIX Firewall
Implementation-CSA
SAFE Midsize Network Design
Midsize Network Design
Midsize Network Corporate Internet Module Design Guidelines
Midsize Network Campus Module
Midsize Network Campus Module Design Guidelines
Midsize Network WAN Module
Implementation-ISP Router and Edge Router
Implementation-Network IPS
Implementation-VPN 3000 Concentrator
Implementation-Layer 3 Switch
SAFE Remote Network Design
Remote-User Network Overview
Key Devices and Threat Mitigation
Software Client Option
Remote Site Firewall Option
VPN 3002 Hardware Client Option
Remote Site Router Option
SAFE Enterprise Network Design
Enterprise Network Design Overview
Enterprise Campus
Enterprise Network Edge
SAFE IP Telephony Design
IP Telephony Concepts, Caveats and Axioms
IP Telephony Product Portfolio
IP Telephony Design Considerations
IP Telephony Design for Small, Medium and Large Network
SAFE Wireless LAN Design
Wireless LAN Security Concepts, Caveats and Axioms
WLAN Security Extensions
Cisco WLAN Product Portfolio
WLAN Design Approach
Standard WLAN Design
WLAN Design for Small, Medium, Enterprise and Remote Network
WLAN Implementation
Exam Number/Code: 642-542
Exam Name:Cisco SAFE Implementation Exam
“Cisco SAFE Implementation Exam”, also known as 642-542 exam, is a Cisco certification. With the complete collection of questions and answers, Actualtests has assembled to take you through 224 Q&A to your 642-542 Exam preparation. In the 642-542 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Free Demo Download Actualtests offers free demo for 642-542 exam (Cisco SAFE Implementation Exam). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Exam DetailsThe Cisco SAFE Implementation 642-542 CSI exam provides a recertification assessment for those candidates who currently hold a CCSP certification. This exam tests the knowledge and skills needed to use the principles and axioms presented in the SAFE SMR, Enterprise, IP Telephony and Wireless LAN White Papers, and to implement them on specific security devices. The primary focus is on the labs, which allows the student to build complete end-to-end security solutions using SAFE White Papers as the blueprint. The configuration and functionality of the following devices in a SAFE SMR network are described in detail: IOS routers, PIX Firewalls, VPN Concentrators, Cisco IDS Sensors, Cisco Security Agent and the Cisco VPN Client. Basic implementation of a SAFE wireless LAN is also covered.
Free Sample :it certification Printable PDF VCE Download: Actualtest offers free demo for IT certification Exams You can check out the interface, question quality and usability of our IT Simulation exams before you decide to buy it. We are the only one site can offer demo for almost all products http://www.actualtest.org/pdf/demo/pass4sure.html http://www.actualtest.org/pdf/demo/testking.html
QUESTION 11:
Choose the true statements regarding IP spoofing attack and DoS attack. (Choose all that
apply)
A. IP spoofing attack is a prelude for a DoS attack.
B. DoS attack is a prelude for a IP spoofing attack.
C. IP spoofing attack is generally performed by inserting a string of malicious commands
into the data that is passed between a client and a server.
D. A DoS attack is generally performed by inserting a string of malicious command into
the data that is passed between a client and a server.
Answer: A, C
642-542
Actualtests.com - The Power of Knowing
Explanation: IP spoofing attacks are often a launch point for other attacks. The
classic example is to launch a denial-of-service (DoS) attack using spoofed source
addresses to hide the hacker’s identity.
Normally, an IP spoofing attack is limited to the injection of malicious data or commands
into an existing stream of data that is passed between a client and server application or a
peer-to-peer network connection.
REF; Safe white papers;page 65
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 12:
What method helps mitigate the threat of IP spoofing?
A. Access control
B. Logging
C. SNMP polling
D. Layer 2 switching
Answer: A
Explanation: The most common method for preventing IP spoofing is to properly
configure access control. To reduce the effectiveness of IP spoofing, configure access
control to deny any traffic from the external network that has a source address that
should reside on the internal network.
REF;Safe white papers;page 67
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 13:
What is an example of a trust model?
A. NTFS
B. NFS
C. NTP
D. NOS
Answer: B
Explanation:
One of the key factors to building a successful network security design is to identify and
enforce a proper trust model. The proper trust model defines who needs to talk to whom
and what kind of traffic needs to be exchanged; all other traffic should be denied. Once
the proper trust model has been identified, then the security designer should decide how
to enforce the model. As more critical resources are globally available and new forms of
network attacks evolve, the network security infrastructure tends to become more
sophisticated, and more products are available. Firewalls, routers, LAN switches,
642-542
Actualtests.com - The Power of Knowing
intrusion detection systems, AAA servers, and VPNs are some of the technologies and
products that can help enforce the model. Of course, each one of these products and
technologies plays a particular role within the overall security implementation, and it is
essential for the designer to understand how these elements can be deployed.
Network File Sharing seems to be the best answer out of all the answers listed.
Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 14:
Which type of attack is usually implemented using packet sniffers?
A. Man-in-the-middle
B. DoS
C. Brute force
D. IP spoofing
Answer: A
Explanation: Man-in-the-middle attacks are often implemented using network
packet
sniffers and routing and transport protocols.
REF;Safe white papers;page 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 15:
Which type of attack is characterized by exploitation of well-known weaknesses, use of
ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Application layer
C. Man-in-the-middle
D. Trust exploitation
Answer: B
Explanation: The primary problem with application layer attacks is that they often
use ports that are allowed through a firewall.
Ref: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 16:
What is the only way to effectively prevent the Man-in-the-middle attacks?
A. Firewalls
642-542
Actualtests.com - The Power of Knowing
B. ISP filtering and rate limiting
C. HIDS & Firewall filtering
D. Encryption
E. Access Control
Answer: D
Explanation: Man-in-the-middle attacks can be effectively mitigated only through
the use of cryptography. If someone hijacks data in the middle of a
cryptographically private session, all the hacker will see is cipher text, and not the
original message.
Ref: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 17:
What is not a specific type of attack, but refers to most attacks that occur today?
A. DoS
B. Brute force password
C. IP spoofing
D. Unauthorized access
Answer: D
Explanation: Although unauthorized-access attacks are not a specific type of attack,
they refer to most attacks executed in networks today.
REF;Safe white papers;page 70
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 18:
This method of attack will always compute the password if it is made up of the character
set you have selected to test.
A. What is LOphtCracks
B. What is brute force computation
C. What is dictionary lookup
D. What is brute force mechanism
Answer: B
QUESTION 19:
What is the primary method of mitigating port redirection attacks?
642-542
Actualtests.com - The Power of Knowing
A. Keep firewalls up to date with the latest patches and fixes.
B. Do not allow trust models.
C. Keep OS and applications up to date with the latest patches and fixes.
D. Use proper trust models.
Answer: D
Explanation: Port redirection can be mitigated primarily through the use of proper
trust models (as mentioned earlier). If we assume that a system is under attack,
host-based IDS can help detect and prevent a hacker installing such utilities on a
host.
Ref: Safe white papers;page 70
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
Reference: Cisco Courseware page 2-28
QUESTION 20:
What are two characteristics of a packet sniffer designed for attack purposes? (Choose
two)
A. Captures first 300 to 400 bytes.
B. Typically captures login sessions.
C. Captures the last 300 to 400 bytes.
D. Deciphers encrypted passwords.
E. Enable to capture UDP packets.
Answer: A B
Free download:pass4sure CCSP 642-542
Free download?testking CCSP 642-542
| Actualtests Free Downloads |
|
Type |
Exam Bible | NEW Questions & Answers |
Latest Updated |
Download link |
 |
All Actual-Test 's Exam Pack |
858 |
1 days ago | Download |
Related Posts
Visited 40 times, 1 so far today
