Securing Cisco Network Devices Exam(SND) : 642-551 Exam
642-551 SND
Securing Cisco Network Devices Exam
Last day to test 01/31/07
Exam Number: 642-551
Associated Certifications: CCSP, Cisco Firewall, Cisco IPS, and Cisco VPN Specialist
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Cisco Network Devices 642-551 SND exam forms the foundation of the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the SND course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, and verify basic security features of Cisco Layer 2 devices, Cisco Routers, Cisco IDS/IPS Sensors, Cisco VPN 3000 Concentrators, and Cisco PIX Security Appliances.
Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Describe the products in the Cisco security portfolio and explain how they mitigate security threats to a network
Identify the appropriate devices to secure a network
Identify the appropriate device feature to secure a network
Describe the difference in functionality and capabilities of the different security devices
Identify security issues with common management protocols
Describe threats to a network and network devices
Identify different techniques to deal with security threats
Describe the security features available for a Cisco Layer 2 device in a secure network
Identify security features on a Layer 2 device
Describe basic security feature configurations on a Layer 2 device
Implement security on a Cisco IOS Router
Identify mitigation techniques for common physical router security threats
Configure router for secure administrative access
Implement basic AAA for router administrative authentication
Configure AutoSecure to harden Cisco routers
Configure router access lists to secure networks
Configure security for router services and interfaces
Implement Syslog logging
Identify major components of the SDM
Describe and configure Cisco IPS and HIPS
Configure user accounts
Describe and configure Network Access lists
Describe how the sensor device is secure by default
Install the sensor on the network
Describe the methods used to access a sensor
Describe the process for displaying the sensor configuration
Identify major components of IDM
Describe basic sensor operations
Describe the process of using alarms to identify network attacks
Identify the appropriate platform required to install the CSA MC
Configure the default group
Describe the process of agent kit deployment and verifying management of the agent
Describe key features and concepts of VMS
Describe the interoperability of the components of VMS
Describe the hardware and software requirements of VMS
Configure and verify basic remote access on a Cisco VPN 3000 Concentrator
Perform an initial configuration
Configure users and groups
Configure VPN clients
Verify IPSec tunnel establishment
Implement a Cisco PIX security appliance
Describe basic PIX security appliance hardware and software architecture
Identify appropriate PIX security appliance hardware and software configuration
Configure basic network settings using CLI
Configure basic interface features on a PIX security appliance
Verify initial configurations
Identify major components of the PDM
Configure static address translation
Configure Network Address Translation
Configure firewall to secure inbound traffic
Verify inbound traffic restrictions
Describe basic IPSec topologies
Define the services provided by IPSec
Describe the IPSec protocol framework
Describe the IPSec algorithm framework
Describe the concepts of split tunneling
Describe the various authentication methods
Describe how the PIX security appliance uses IPSec to secure networks
Exam Number/Code: 642-551
Exam Name:Securing Cisco Network Devices Exam(SND)
“Securing Cisco Network Devices Exam(SND)”, also known as 642-551 exam, is a Cisco certification. With the complete collection of questions and answers, Actualtests has assembled to take you through 62 Q&As to your 642-551 Exam preparation. In the 642-551 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.
Free Demo DownloadActualtestsoffers free demo for 642-551 exam (Securing Cisco Network Devices Exam(SND)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Exam DetailsThe Securing Cisco Network Devices 642-551 SND exam forms the foundation of the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the SND course. This exam includes simulations and tests a candidate’s knowledge and ability to describe, configure, and verify basic security features of Cisco Layer 2 devices, Cisco Routers, Cisco IDS/IPS Sensors, Cisco VPN 3000 Concentrators, and Cisco PIX Security Appliances.
Free Sample :PassGuide-it certification Printable PDF Or software
Download: Actualtest offers free demo for IT certification Exams You can check out the interface, question quality and usability of our IT Simulation exams before you decide to buy it. We are the only one site can offer demo for almost all products
http://demo.passguide.com/download
QUESTION 11:
What is a DoS attack?
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate
access privileges
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny services or access to networks, systems, or services
D. When an intruder attacks your network in a way that damages or corrupts your
computer system, or denies you and others access to your networks, systems, or services
Answer: D
Explanation:
These attacks are when malicious software is inserted onto a host in order to damage a
system, corrupt a system, replicate itself, or deny services or access to networks, systems,
or services.
Incorrect:
A – Is called ‘Access attacks’
B – Is called ‘Reconnaissance attacks’
C – Is called ‘Worms, Viruses and Trojan Horses’
642-551
Actualtests.com – The Power of Knowing
QUESTION 12:
Cisco routers, such as the ISRs, are best suited for deploying which type of IPSec
VPN?
A. remote-access VPN
B. overlay VPN
C. WAN-to-WAN VPN
D. site-to-site VPN
E. SSL VPN
Answer: D
Explanation:
Site-to-site VPNs can be deployed using a wide variety of Cisco VPN Routers. Cisco
VPN routers provide scalability through optional encryption acceleration. The Cisco
VPN router portfolio provides solutions for small office and home office (SOHO) access
through centralsite VPN aggregation. SOHO solutions include platforms for
fast-emerging cable and DSLaccess technologies.
Incorrect:
A – This VPN solution connects telecommuters and mobile users securely and
cost-effectively to corporate network resources from anywhere in the world over any
access technology.
QUESTION 13:
Which method of mitigation packet-sniffer attacks is most cost effective?
A. authentication
B. switched infrastructure
C. antisniffer tools
D. cryptography
Answer: D
Cryptography: Rendering packet sniffers irrelevant is the most effective method for
countering packet sniffers. Cryptography is even more effective than preventing or
detecting packet sniffers. If a communication channel is cryptographically secure, the
only data a packet sniffer detects is cipher text (a seemingly random string of bits) and
not the original message.
QUESTION 14:
Which encryption method uses a 56-bit to ensure high-performance encryption?
A. 3DES
B. AES
642-551
Actualtests.com – The Power of Knowing
C. RSA
D. DES
Answer: D
Incorrect:
A – 3DES 3*56bits
B – Advanced Encryption Standard
C – It was the first algorithm known to be suitable for signing as well as encryption, and
one of the first great advances in public key cryptography.
QUESTION 15:
In which Cisco Catalyst Series switches can the Firewall Service Modules be
installed?
A. Catalyst 2900 and 3500 XL Series
B. Catalyst 1900 and 2000 Series
C. Catalyst 4200 and 4500 Series
D. Catalyst 6500 and 7600 Series
Answer: D
Reference: http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/
QUESTION 16:
Which protocol does the Cisco Web VPN solution use?
A. SSH
B. Telnet
C. SSL
D. IPSec
E. XML
Answer: C
Reference:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns347/networking_solutions_sub_solution_home.html
QUESTION 17:
During which phase of an attack does the attacker attempt to identify targets?
A. penetrate
B. propagate
C. persist
D. probe
E. paralyze
642-551
Actualtests.com – The Power of Knowing
Answer: D
Explanation:
Probe phase: The attacker identifies vulnerable targets in this phase. The goal of this
phase is to find computers that can be subverted. Internet Control Message Protocol
(ICMP) ping scans are used to map networks, and application port scans identify
operating systems and vulnerable software. Passwords can be obtained through social
engineering, a dictionary attack, a brute-force attack, or network sniffing.
Incorrect:
A – Phase 2
B – Phase 4
C – Phase 3
D – Phase 5
QUESTION 18:
What are the three types of private VLAN ports? (Choose three.)
A. typical
B. isolated
C. nonisolated
D. promiscuous
E. community
F. bridging
Answer: B, D, E
Explanation:
There are three types of PVLAN ports:
Promiscuous: A promiscuous port can communicate with all interfaces, including the isolated and
community ports within a PVLAN.
Isolated: An isolated port has complete Layer 2 separation from the other ports within the same PVLAN,
but not from the promiscuous ports. PVLANs block all traffic to isolated ports except traffic from
promiscuous ports. Traffic from isolated port is forwarded only to promiscuous ports.
Community: Community ports communicate among themselves and with their
promiscuous ports. These interfaces are separated at Layer 2 from all other interfaces in
other communities or isolated ports within their PVLAN.
QUESTION 19:
What is considered the main administrative vulnerability of Cisco Catalyst
switches?
A. SNMP
B. Telnet
642-551
Actualtests.com – The Power of Knowing
C. Poor passwords
D. Poor encryption
Answer: C
Explantion:
By default, a Cisco switch shows the passwords in plaintext for the following settings in
the configuration file: the .enable. password, the username password, the console line and
the virtual terminal lines.
Using the same password for both the enable secret and other settings on a switch allows
forpotential compromise because the password for certain settings (for example, telnet)
may be in plaintext and can be collected on a network using a network analyzer.
Also, setting the same password for the .enable secret. passwords on multiple switches
provides a single point of failure because one compromised switch endangers other
switches.
QUESTION 20:
Click and drag the four steps to mitigating worm attacks in order from step 1 to
steep 4.
Answer:
Explanation:
Worm attack mitigation requires diligence on the part of system and network
administration staff. Coordination between system administration, network engineering,
642-551
Actualtests.com – The Power of Knowing
and security operations personnel is critical in responding effectively to a worm incident.
The following are the recommended steps for worm attack mitigation:
1. Containment: Contain the spread of the worm inside your network and within your
network. Compartmentalize parts of your network that have not been infected.
2. Inoculation: Start patching all systems and, if possible, scanning for vulnerable
systems.
3. Quarantine: Track down each infected machine inside your network. Disconnect,
remove, or block infected machines from the network.
4. Treatment: Clean and patch each infected system. Some worms may require complete
core system reinstallations to clean the system.
Free download:pass4sure CCSP 642-551
Free download?testking CCSP 642-551
Download Free PassGuide Product, Help you pass any it Exams,Click Me
| Actualtests Free Downloads |
|
Type
|
Exam Bible |
NEW Questions & Answers |
Latest Updated
|
Download link |
 |
All Actual-Test 's Exam Pack |
858
|
1 days ago |
Full Download
|
Download Free Latest Actualtests Certification Braindumps
- Free Actualtest Actualtests CCSP 642-524
- Free Actualtest Actualtests CCSP 642-542
- Free Actualtest Actualtests CCSP 642-541
- Free Actualtest Actualtests CCSP 642-523
- Free Actualtest Actualtests CCSP 642-521
- Free Actualtest Actualtests CCSP 642-503
- Free Actualtest Actualtests CCSP 642-552
- Free Actualtest Actualtests CCSP 642-522
- Free Actualtest Actualtests CCSP 642-515
- Free Actualtest Actualtests CCSP 642-511
