1. For which layers of the OSI reference model does CSA enforce security?

　　A. Layer 1 through Layer 4

　　B. Layer 1 through Layer 7

　　C. Layer 2 through Layer 4

　　D. Layer 3 through Layer 7

　　Answer:D

　　2. Cisco Security Agent provides Day Zero attack prevention by using which of these methods?

　　A. using signatures to enforce security policies

　　B. using API control to enforce security policies

　　C. using stateful packet filtering to enforce security policies

　　D. using algorithms that compare application calls for system resources to the security policies

　　Answer:D

　　3. Which one of the five phases of an attack attempts to become resident on a target?

　　A. probe phase

　　B. penetrate phase

　　C. persist phase

　　D. propagate phase

　　E. paralyze phase

　　Answer:C

　　4. Which two attacks could an attacker use during the probe phase of an attack? (Choose two.)

　　A. buffer overflow

　　B. install new code

　　C. ping scans

　　D. erase files

　　E. port scans

　　Answer:CE

　　5. Which two attacks could an attacker use during the penetrate phase of an attack? (Choose two.)

　　TestInside 642-513

　　A. install new code

　　B. modify configuration

　　C. ping scans

　　D. buffer overflow

　　E. erase files

　　F. e-mail attachment

　　Answer:DF

　　6. Which attack could an attacker use during the propagate phase of an attack?

　　A. ping scans

　　B. crash systems

　　C. attack other targets

　　D. erase files

　　E. steal data

　　Answer:C

　　7. Which three operating systems are supported for deployment of CSA? (Choose three.)

　　A. OS2

　　B. HPUX

　　C. Linux

　　D. Solaris

　　E. AIX

　　F. Windows

　　Answer:CDF

　　8. Which protocol is required for the administrative workstation to communicate with the CSA MC?

　　A. SSH

　　B. Telnet

　　C. SSL

　　D. IPSec

　　Answer:C

　　TestInside 642-513

　　9. Which application loads when installing the CSA MC to run the local database?

　　A. Microsoft Access

　　B. Microsoft SQL Server Desktop Engine

　　C. Microsoft SQL Server

　　D. Oracle

　　Answer:B

　　10. What application is installed on the server after the CSA MC is installed?

　　A. Cisco Trust Agent

　　B. ACS

　　C. SQL

　　D. CSA

　　Answer:D

　　11. What are the three CSA MC administrator roles? (Choose three.)

　　A. access

　　B. configure

　　C. deploy

　　D. view

　　E. monitor

　　F. administer

　　Answer:BCE

　　12. Which protocol should never be disabled on the CSA MC?

　　A. SSH

　　B. Telnet

　　C. IPSec

　　D. SSL

　　Answer:D

　　13. Which port is used to access the CSA MC from the administrative workstation?

　　TestInside 642-513

　　A. 21

　　B. 23

　　C. 1741

　　D. 1802

　　Answer:C

　　14. Which of these is a reason for using groups to administer Agents?

　　A. to link similar devices together

　　B. to complete configuration changes on groups instead of hosts

　　C. to complete the same configuration on like items

　　D. to apply the same policy to hosts with similar security requirements

　　Answer:D

　　15. How can the Agent kit be sent out to host machines?

　　A. via a URL that is e-mailed to clients

　　B. via a TFTP server

　　C. via an FTP server

　　D. via a Telnet server

　　Answer:A

　　16. Which type of privileges must you have on a host system to install CSA?

　　A. superuser

　　B. administrator

　　C. user

　　D. viewer

　　Answer:B

　　17. Which view within the CSA MC allows users to see a continuously refreshed view of the most recently logged

　　event records?

　　A. Event Log

　　B. Event Monitor

　　TestInside 642-513

　　C. Event Sets

　　D. Event Alerts

　　Answer:B

　　18. Which view within the CSA MC allows users to see a view of event records based on filtering criteria such as

　　time and severity?

　　A. Event Summary

　　B. Event Log

　　C. Event Monitor

　　D. Event Sets

　　E. Event Alerts

　　Answer:B

　　19. Which view within the CSA MC allows users to see overall system status information, including a summary of

　　recorded events, agent configuration, and activity?

　　A. Status Summary

　　B. Event Log

　　C. Event Monitor

　　D. Event Sets

　　E. Alerts

　　Answer:A

　　20. Which definitions can be used to allow consistent configuration of policies across multiple systems and can

　　also be used for event reporting purposes?

　　A. hosts

　　B. software updates

　　C. Agent kits

　　D. registration control

　　E. groups

　　Answer:E

　　TestInside 642-513

　　21. Which three make up the CSA architecture model? (Choose three.)

　　A. Cisco Trust Agent

　　B. Cisco Security Agent

　　C. Cisco Security Agent Management Center

　　D. Cisco Intrusion Prevention System

　　E. an administrative workstation

　　F. a syslog server

　　Answer:BCE

　　22. Which Agent kit should be installed on the CSA MC?

　　A. the default Windows Agent kit

　　B. the default UNIX Agent kit

　　C. the default CSA Agent kit

　　D. the Agent kit that is automatically installed

　　Answer:D

　　23. What is the purpose of the Audit Trail function?

　　A. to generate a report listing events matching certain criteria, sorted by event severity

　　B. to generate a report listing events matching certain criteria, sorted by group

　　C. to generate a report showing detailed information for selected groups

　　D. to display a detailed history of configuration changes

　　Answer:D

　　24. Which action do you take when you are ready to deploy your CSA configuration to systems?

　　A. select

　　B. clone

　　C. deploy

　　D. generate rules

　　Answer:D

　　25. When a rule is cloned, which part of the rule is not cloned?

　　TestInside 642-513

　　A. sets

　　B. rule modules

　　C. hosts

　　D. variables

　　Answer:D

　　26. What is the purpose of the Compare tool?

　　A. to save data that has been configured

　　B. to compare individual rules

　　C. to compare individual rule modules

　　D. to compare and merge configurations

　　Answer:D

　　27. Which three items make up rules? (Choose three.)

　　A. variables

　　B. applications

　　C. application classes

　　D. rule modules

　　E. policies

　　F. actions

　　Answer:ACF

　　28. Which two items make up Agent kits? (Choose two.)

　　A. groups

　　B. hosts

　　C. policies

　　D. rules

　　E. network shim

　　Answer:AE

　　29. What action must happen before a system that has CSA can download policies configured for it?

　　TestInside 642-513

　　A. The system must be rebooted.

　　B. The system must install Agent kits.

　　C. The system must be polled by the CSA MC.

　　D. The system must register with the CSA MC.

　　Answer:D

　　30. What is a benefit of putting hosts into groups?

　　A. There is no need to configure rules.

　　B. There is no need to configure rule modules.

　　C. The administrator can deploy rules in test mode.

　　D. The administrator does not have to deploy rules in test mode.

　　Answer:C

　　31. Which action must be taken before a host can enforce rules when it has been moved to a new group?

　　A. save

　　B. generate rules

　　C. deploy

　　D. clone

　　Answer:B

　　32. Which systems with specific operating systems are automatically placed into mandatory groups containing

　　rules for that operating system? (Choose three.)

　　A. OS2

　　B. HPUX

　　C. Solaris

　　D. Mac OS

　　E. Linux

　　F. Windows

　　Answer:CEF

　　33. How can you configure a host to poll in to the CSA MC before its scheduled polling interval using the CSA

　　TestInside 642-513

　　MC?

　　A. Click the Poll button on the Agent UI.

　　B. Choose the Poll Now button on the CSA MC.

　　C. Choose the Send Polling Hint option in the CSA MC.

　　D. Enter a polling interval in the appropriate box on the CSA MC.

　　Answer:C

　　34. When you choose the Log All Deny Actions option within a group, how are deny actions logged?

　　A. Deny actions are logged every 5 minutes.

　　B. Deny actions are logged every 10 minutes.

　　C. Every deny action is logged regardless of the specific rule settings.

　　D. Only those deny actions that are configured within specific rules are logged.

　　Answer:C

　　35. What can you optionally install when you choose the Quiet Install option when creating a new Windows Agent

　　kit?

　　A. the Agent kit shim

　　B. the protocol shim

　　C. the network shim

　　D. the policy shim

　　Answer:C

　　36. What status is shown when an Agent kit is prepared for downloading to hosts?

　　A. prepared

　　B. ready

　　C. needs rule generation

　　D. complete

　　Answer:B

　　37. Which rules will not be enforced if you fail to reboot a Windows system following installation of the CSA?

　　A. network access control rules

　　TestInside 642-513

　　B. buffer overflow rules

　　C. COM component access control rules

　　D. network shield rules

　　Answer:D

　　38. If a Solaris or Windows system is not rebooted after CSA installation, which three rules are only enforced

　　when new files are opened, new processes are invoked, or new socket connections are made? (Choose three.)

　　A. COM component access rules

　　B. network shield rules

　　C. buffer overflow rules

　　D. network access control rules

　　E. file access control rules

　　F. demand memory access rules

　　Answer:CDE

　　39. Which operating system does not receive a notification window when a software update is available from the

　　CSA MC?

　　A. Linux

　　B. Windows

　　C. HPUX

　　D. Solaris

　　Answer:D

　　40. Which view would you use to create a new policy within the CSA MC?

　　A. Configuration > Rules > Policies

　　B. Configuration > Policies

　　C. Systems > Policies

　　D. Systems > Rules > Policies

　　Answer:B

　　41. What is the maximum number of characters that a policy name can contain?

　　TestInside 642-513

　　A. 24

　　B. 32

　　C. 48

　　D. 64

　　Answer:D

　　42. Which two of the following network access rules can you use to control access to specified network services?

　　(Choose two.)

　　A. the application attempting to access the file

　　B. the application attempting to access the service or address

　　C. the operation attempting to act on the file

　　D. the direction of the communications

　　Answer:BD

　　43. Which two of the following file access rule criteria can you use to allow or deny the operations that the

　　selected applications can perform on files? (Choose two.)

　　A. the application attempting to access the file

　　B. the application attempting to access the service or address

　　C. the operation attempting to act on the file

　　D. the direction of the communications

　　E. the address with which a system is attempting to communicate

　　Answer:AC

　　44. What are the three options that can be given to a user when a Query User window appears? (Choose three.)

　　A. allow

　　B. accept

　　C. deny

　　D. kill

　　E. terminate

　　Answer:ACE

　　TestInside 642-513

　　45. Which operating system does not allow Query User options?

　　A. OS2

　　B. Windows

　　C. Linux

　　D. Solaris

　　E. HPUX

　　Answer:D

　　46. Choose three types of rules that apply to both Windows and UNIX systems. (Choose three.)

　　A. Agent service control rules

　　B. Agent UI control rules

　　C. application control rules

　　D. COM component access control rules

　　E. file version control rules

　　Answer:ABC

　　47. What happens if the Agent UI control rule is not present in any active rule modules?

　　A. The Agent UI becomes present on the system.

　　B. The Agent UI is not present on the system.

　　C. The Agent UI is visible on the system.

　　D. The Agent UI is not visible on the system.

　　Answer:C

　　48. What action is taken on user query windows when the Agent UI is not present on a system?

　　A. The default action is always taken.

　　B. All actions are denied.

　　C. All actions are allowed.

　　D. All actions are allowed and logged.

　　Answer:A

　　49. What is the purpose of connection rate limit rules?

　　TestInside 642-513

　　A. to limit the number of connections to an application

　　B. to limit the number of calls to the kernel in a specified time frame

　　C. to limit the number of network connections within a specified time frame

　　D. to limit the number of malformed connection requests to a web server

　　Answer:C

　　50. Which portion of an HTTP request is examined by data access control rules?

　　A. the TCP header

　　B. the UDP header

　　C. the URI portion of the request

　　D. the URL portion of the request

　　Answer:C