1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder
information. They are planning to use RSA to ensure data privacy, integrity, and origin authentication. Which two
of these statements describe features of the RSA keys? (Choose two.)
A. The public key only encrypts.
B. The public key only decrypts.
C. The public key both encrypts and decrypts.
D. The private key only encrypts.
E. The private key only decrypts.
F. The private key both encrypts and decrypts.
Answer: CF
2. What are two functions of Cisco Security Agent? (Choose two.)
A. authentication
B. control of executable content
C. resource protection
D. spam filtering
E. user tracking
Answer: BC
3. Which three policy types can be assigned to a network user role in the Cisco NAC Appliance architecture?
(Choose three.)
A. allowed IP address ranges
B. session duration
C. minimum password length
D. VPN and roaming policies
E. inactivity period
F. network port scanning plug-ins
Answer: BDF
4. Which of these items is a valid method to verify a network security design?
A. network audit
TestInside 642-565
B. sign-off by the operations team
C. computer simulation
D. analysis of earlier attacks
E. pilot or prototype network
Answer: E
5. Which two components should be included in a detailed design document for a security solution? (Choose two.)
A. data source
B. existing network infrastructure
C. organizational chart
D. proof of concept
E. traffic growth forecast
F. weak-link description
Answer: BD
6. What are three functions of CSA in helping to secure customer environments? (Choose three.)
A. application control
B. control of executable content
C. identification of vulnerabilities
D. probing of systems for compliance
E. real-time analysis of network traffic
F. system hardening
Answer: ABF
7. Which two of these features are key elements of the collaborative security approach? (Choose two.)
A. integration of security features in network equipment
B. Network Admission Control
C. coordinated defense of potential entry points
D. automated event and action filters
E. network behavioral analysis
F. device chaining
TestInside 642-565
Answer: BC
8. Drag and Drop
Answer:
9. Which three technologies address ISO 17799 requirements for unauthorized access prevention? (Choose three.)
A. Cisco Secure Access Control Server
B. SSL VPN
TestInside 642-565
C. 802.1X
D. Network Admission Control
E. Cisco Security MARS
F. intrusion prevention system
Answer: ACD
10. Which certificates are needed for a device to join a certificate-authenticated network?
A. the certificates of the certificate authority and the device
B. the certificates of the device and its peer
C. the certificates of the certificate authority and the peer
D. the certificates of the certificate authority, the device, and the peer
Answer: A
11. What allows Cisco Security Agent to block malicious behavior before damage can occur?
A. correlation of network traffic with signatures
B. interception of operating system calls
C. scan of downloaded files for malicious code
D. user query and response
Answer: B
12. What are three advantages of Cisco Security MARS? (Choose three.)
A. performs automatic mitigation on Layer 2 devices
B. ensures that the user device is not vulnerable
C. fixes vulnerable and infected devices automatically
D. provides rapid profile-based provisioning capabilities
E. is network topology aware
F. contains scalable, distributed event analysis architecture
Answer: AEF
13. Which encryption protocol is suitable for an enterprise with standard security requirements?
A. MD5
TestInside 642-565
B. 768-bit RSA encryption
C. AES-128
D. DES
E. SHA-256
Answer: C
14. In which two ways do Cisco ASA 5500 Series Adaptive Security Appliances achieve containment and control?
(Choose two.)
A. by enabling businesses to create secure connections
B. by preventing unauthorized network access
C. by probing end systems for compliance
D. by tracking the state of all network communications
E. by performing traffic anomaly detection
Answer: BD
15. Which three of these security products complement each other to achieve a secure e-banking solution?
(Choose three.)
A. Cisco IOS DMVPN
B. Cisco Intrusion Prevention System
C. CCA Agent
D. Cisco Adaptive Security Appliance
E. Cisco Security Agent
F. Cisco Trust Agent
Answer: BDE
16. Which IPS feature models worm behavior and correlates the specific time between events, network behavior,
and multiple exploit behavior to more accurately identify and stop worms?
A. Risk Rating
B. Meta Event Generator
C. Security Device Event Exchange support
D. traffic normalization
TestInside 642-565
Answer: B
17. Which three elements does the NAC Appliance Agent check on the client machine? (Choose three.)
A. IP address
B. registry keys
C. presence of Cisco Trust Agent
D. presence of Cisco Security Agent
E. Microsoft hotfixes
Answer: BDE
18. Which of these items is a feature of a system-level approach to security management?
A. single-element management
B. responsibility sharing
C. multiple cross-vendor management platforms
D. high availability
E. complex operations
Answer: D
19. In which way do components of the NAC Appliance architecture communicate?
A. NAC Appliance Manager sends check-up instructions to the NAC Appliance Server.
B. NAC Appliance Manager sends remediation instructions to the NAC Appliance Agent.
C. NAC Appliance Server sends block instructions to the NAC Appliance Agent.
D. NAC Appliance Agent sends procedure instructions to the NAC Appliance Server.
E. NAC Appliance Agent sends check-up instructions to the NAC Appliance Manager.
F. NAC Appliance Server sends block instructions to the NAC Appliance Manager.
Answer: B
20. Which two technologies address ISO 17799 requirements in detecting, preventing, and responding to attacks
and intrusions? (Choose two.)
A. Cisco Security MARS
B. 802.1X
TestInside 642-565
C. DMVPN
D. Cisco NAC Appliance
E. Cisco Security Agent
F. Cisco Trust Agent
Answer: AE
21. Drag and Drop
Answer:
22. Which two components should be included in a network design document? (Choose two.)
A. complete network blueprint
B. configuration for each device
C. detailed part list
D. operating expense
E. risk analysis
Answer: AC
23. Which three components should be included in a security policy? (Choose three.)
TestInside 642-565
A. identification and authentication policy
B. incident handling procedure
C. security best practice
D. security product recommendation
E. software specifications
F. statement of authority and scope
Answer: ABF
24. Which statement is true regarding Cisco IOS IPS performance and capabilities?
A. Cisco IOS IPS signatures have a minimal impact on router memory.
B. Cisco IOS IPS uses a parallel signature-scanning engine to scan for multiple patterns within a signature
micro-engine at any given time.
C. Cisco IOS IPS offers a wider signature coverage than the IDSM-2 module.
D. All Cisco IOS IPS signatures should be enabled to maximize the coverage, except for false-positives reduction.
Answer: B
25. Which IPS platform can operate in inline mode only?
A. Cisco IPS 4200 Series Sensor
B. IDSM-2
C. Cisco IOS IPS
D. Cisco ASA AIP SSM
Answer: C
26. Which of these items describes a benefit of deploying the NAC appliance in in-band mode rather than
out-of-band mode?
A. bandwidth enforcement policy
B. Nessus scanning
C. NAC Appliance Agent deployment
D. higher number of users per NAC Appliance
E. support for Layer 2 or Layer 3 deployments
Answer: A
TestInside 642-565
27. Drag and Drop
Answer:
28. What are the advantages of IPsec-based site-to-site VPNs over traditional WAN networks?
A. bandwidth guarantees, support for non-IP protocols, scalability, and modular design guidelines
B. bandwidth guarantees, flexibility, security, and low cost
C. span, flexibility, security, and low cost
D. delay guarantees, span, performance, security, and low cost
Answer: C
29. SomeCompany, Ltd. wishes to adopt the Adaptive Threat Defense architecture in their security policy. Identify
three components of the anti-X defense pillar. (Choose three.)
TestInside 642-565
A. anomaly detection
B. application-level role-based access control
C. distributed denial-of-service mitigation
D. transaction privacy
E. URL filtering
F. network auditing
Answer: ACE
30. Which three of these security products complement each other to achieve a secure remote-access solution?
(Choose three.)
A. Adaptive Security Appliance
B. Cisco Security MARS
C. NAC Appliance
D. Cisco GET VPN
E. Cisco Secure Access Control Server
F. URL filtering server
Answer: ACE
31. How is an incident defined in MARS?
A. a raw message sent to the MARS via syslog, SNMP, or NetFlow by the reporting devices
B. a series of events that is correlated to represent a single occurrence using related information within a given
timeframe
C. a series of events that triggered a defined rule in the system
D. a series of behaviors in a session that describe an anomaly, worm, or virus
Answer: C
32. What are three functions of Cisco Security Agent? (Choose three.)
A. spyware and adware protection
B. device-based registry scans
C. malicious mobile code protection
D. local shunning
TestInside 642-565
E. protection against buffer overflows
F. flexibility against new attacks through customizable signatures "on the fly"
Answer: ACE
33. Drag and Drop
Answer:
34. Which two of these features are the most appropriate test parameters for the acceptance test plan of a secure
connectivity solution? (Choose two.)
A. resistance against brute-force attacks
B. privacy of key exchange
C. high availability
D. duration of the key refresh operation
E. certificate enrollment and revocation
Answer: CE
TestInside 642-565
35. What is the objective of the Cisco IOS resilient configuration?
A. speed up the Cisco IOS image or configuration recovery process
B. prevent a compromise of the router
C. enable redundant Cisco IOS images for fault tolerance router operations
D. activate primary and backup operations of two Cisco IOS routers
Answer: A
36. Which three of these items are features of the Cisco Secure Access Control Server? (Choose three.)
A. local OTP
B. NDS
C. Kerberos
D. LDAP
E. CA database
F. RSA certificates
Answer: BDF
37. Which two requirements call for the deployment of 802.1X? (Choose two.)
A. authenticate users on switch or wireless ports
B. validate security posture using TACACS+
C. grant or deny network access, at the port level, based on configured authorization policies
D. permit network access during the quiet period
E. deploy Cisco Secure ACS as the policy server
Answer: AC
38. Which two of these features are integrated security components of the Cisco Adaptive Security Appliance?
(Choose two.)
A. VTI
B. VRF-aware firewall
C. Cisco ASA AIP SSM
D. Anti-X
E. DMVPN
TestInside 642-565
F. Control Plane Policing
Answer: CD
39. Drag and Drop
Answer:
40. Which three of these features are elements of an acceptance test plan? (Choose three.)
A. system tuning
B. system integration in a production environment
C. timely rollout
D. pilot system demonstration
E. network impact analysis
F. user satisfaction analysis
Answer: ABE
TestInside 642-565
41. What are the major characteristics for designing a VPN for existing networks?
A. vendors and the functionality of the installed equipment
B. performance, topology, and price
C. topology, high availability, security, scalability, manageability, and performance
D. intended use, existing installation, and desired functionality
Answer: C
42. Which two should be included in an analysis of a Security Posture Assessment? (Choose two.)
A. detailed action plan
B. identification of bottlenecks inside the network
C. identification of critical deficiencies
D. recommendations based on security best practice
E. service offer
Answer: CD
43. Which two of these features are supported by Cisco Security MARS running software version 4.2.x? (Choose
two.)
A. hierarchical design using global and local controllers
B. user login authentication using external AAA server
C. role-based access and dashboards
D. inline or promiscuous mode operation
E. NetFlow for network profiling and anomaly detection
F. attack capture and playback
Answer: AE
44. Which Cisco security product is used to perform a Security Posture Assessment of client workstations?
A. Cisco ACS
B. Adaptive Security Appliance
C. Cisco Security Agent
D. Cisco NAC Appliance
E. Cisco Security Posture Assessment tool
TestInside 642-565
Answer: D
45. Drag and Drop
Answer:
46. Which two technologies mitigate the threat of a SYN flood attack? (Choose two.)
A. Cisco IOS IPS
B. MARS flood automitigation
C. ASA TCP Intercept
D. ASA enhanced application inspection
E. NAC Appliance security posture validation
F. Cisco IOS FPM
Answer: AC
47. Which statement is true about the Cisco Security MARS Global Controller?
A. The Global Controller receives detailed incidents information from the Local Controllers, and correlates the
incidents between multiple Local Controllers.
B. The Global Controller centrally manages a group of Local Controllers.
TestInside 642-565
C. Rules that are created on a Local Controller can be pushed to the Global Controller.
D. Most data archiving is done by the Global Controller.
Answer: B
48. Which two technologies can prevent the Slammer worm from compromising a host? (Choose two.)
A. Cisco IOS IPS
B. ASA stateful firewall
C. ASA enhanced application inspection
D. NAC Appliance security posture validation
E. Cisco IOS FPM
F. Cisco Trust Agent
Answer: AE
49. Which two statements are true about symmetric key encryption? (Choose two.)
A. It uses secret-key cryptography.
B. Encryption and decryption use different keys.
C. It is typically used to encrypt the content of a message.
D. RSA is an example of symmetric key encryption
E. The key exchange can take place via a nonsecure channel.
Answer: AC
50. Which of these protections is a benefit of HMAC?
A. protection against DoS attacks
B. protection against brute-force attacks
C. protection against man-in-the-middle attacks
D. protection from the avalanche effect
Answer: C
51. Which two are main security drivers? (Choose two.)
A. business needs
B. compliance with company policy
TestInside 642-565
C. increased productivity
D. optimal network operation
E. security legislation
Answer: BE