Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-371 Exam -

Free 642-371 Sample Questions:

1.How does the Cisco IOS IPS feature set monitor the network for malicious activity?
A.passive "bird­on­a­wire" packet inspection
B.deep inline packet inspection
C.Security Device Event Exchange (SDEE) packet inspection
D.out­of­band (OOB) packet inspection
Answer: B

2.What are three benefits that companies gain with intelligent networking based on Cisco IOS network infrastructure? (Choose three.)
A.a fully integrated network
B.a network requiring fewer networking devices adaptive network
D.a more resilient network
E.a completely fault­tolerant network
Answer: A, C, D

3.Your customer has a basic stateful firewall setup that only permits incoming traffic from the Internet to an internal web server. What are the security risks if the firewall being used does not perform advanced application inspection and control like the ASA Security Appliance does? (Choose two.)
A.Allowing all return traffic from the internal web server back out to the Internet may increase the risk of worm propagation.
B.Peer­to­peer or instant messaging traffic using port 80 may exhaust the network capacity.
C.Not validating port 80 traffic content may increase the risk of malware infection.
D.Denial of service attacks launched against port 80 of the internal web server can bring down the web server.
E.If the firewall cannot perform deep packet inspection, the firewall cannot properly classify the HTTP and HTTPS traffic. This may lead to connectivity issues from the Internet to the internal web server.
Answer: B, C

4.Deploying ISRs with integrated security services can help lower the total cost of ownership. Which of these Cisco ISR Routers features illustrate this point?
A.using built­in on­board VPN acceleration to reduce the amount of VPN configuration tasks
B.using the USB port to perform fast Cisco IOS image upgrade
C.using the security audit feature to implement inline Intrusion Prevention System
D.using the SDM configuration tool to reduce training costs
E.using the high performance AIM to increase the Cisco IOS Firewall performance
Answer: D

5.Which two of these statements best describe fast secure roaming for the wireless core feature set using autonomous access points? (Choose two.)
A.It is compatible with all wireless clients.
B.It reduces roaming latency through reduced client RF channel scanning enhancements.
C.It reduces roaming latency to targeted times of less than 75ms.
D.Roaming occurs without reauthentication through a centralized RADIUS server.
E.It is enabled through WLSE deployment.
Answer: B, D

6.Your customer is concerned that adding firewall­based security will require major hardware changes. Which Cisco IOS Firewall benefit would you highlight?
A.Cisco IOS Firewall is available for a wide variety of router platforms. It scales to meet the bandwidth and performance requirements of any network.
B.Integrating firewall functions into a multiprotocol router takes advantage of an existing router investment, without the cost and learning curve associated with a new platform.
C.Because it is installed on a Cisco router, Cisco IOS Firewall is an all­in­one, scalable solution that performs multiprotocol routing, perimeter security, intrusion prevention, VPN functions, and per­user authentication and authorization.
D.Combining the Cisco CNS 2100 Series Intelligence Engine and the Cisco IOS Software Extensible Markup Language application helps a network administrator deploy any Cisco router with little or no preconfiguration to a given destination.
Answer: C

7.A customer is deploying a wireless core feature set using autonomous access points and requires Layer 2 roaming. What is a requirement when deploying this solution?
A.a minimum of one Cisco 4100 Series WLAN Controller WDS per subnet
C.a minimum of one Wireless LAN Services Module
D.all clients using Cisco Aironet Wireless LAN Adapters
Answer: B

8.Which of these is the Cisco IOS Firewall feature that creates specific security policies for each user with LAN­based, dynamic, per­user authentication and authorization?
A.DDoS Mitigation
B.Cisco Security Agent
C.Intrusion Prevention System
D.Authentication Proxy
E.Context­based Access Control
F.Monitoring, Analysis and Response System
Answer: D

9.What are three components of the wireless core feature set using autonomous access points? (Choose three.)
A.CiscoWorks WLSE
B.Wireless LAN Controller
C.lightweight access points
D.802.1X authentication server
E.Wireless Control System
F.Cisco autonomous access points running WDS
Answer: A, D, F

10.A customer plans to implement a wireless core feature set using autonomous access points. When choosing the access points, what is required for the customer to implement WDS?
A.Client cards must be using Cisco's LEAP authentication.
B.All APs must support 802.1X for registration with WDS.
C.WDS must be enabled on all APs in the WLAN.
D.The customer must have a WLSM blade in their Cisco Catalyst 6000.
Answer: B

11.What is the benefit of the parallel signature scanning feature in Cisco IOS IPS software?
A.scans multiple patterns within a Signature Micro Engine at any given time
B.scans traffic patterns serially and correlates the events in parallel
C.dynamically runs detection scanning rules in parallel within a Signature Micro Engine to increase IPS
D.runs currently configured scanning rules in parallel while updating new signature definition files to reduce the risk of day­zero attacks
Answer: A

12.Which program enables administrators to install the Cisco Aironet wireless configuration utility
on multiple PCs across a network?
E.AireWave Director
Answer: C

13.A customer has deployed a wireless core feature set using autonomous access points and now wants to include a satellite building 4,500 feet away from the main campus. The customer also wants to provide wireless access to a courtyard for wireless clients in close proximity to the antenna mounting position. Which Cisco Aironet product is the most applicable solution?
A.Cisco Aironet 1000 Series
B.Cisco Aironet 1100 Series
C.Cisco Aironet 1200 Series
D.Cisco Aironet 1300 Series
E.Cisco Aironet 1400 Series
Answer: D

14.Which two of these statements describe important aspects of performing a wireless site survey? (Choose two.)
A.An 802.11g access point with a variety of antennas can be used in all standard site surveys.
B.Site surveys can be performed manually or through assisted site survey.
C.Channel power during testing starts at the default minimum and gradually increases to the maximum.
D.Overlapping access points can create performance problems.
E.Surveys should be done after hours in an office building or during reduced inventory levels in warehouses.
Answer: B, D

15.What are three advantages of the Cisco Integrated Services Router product family? (Choose three.)
A.provides advanced security such as hardware encryption acceleration
B.provides investment protection through increased modularity
C.comes equipped with at least one 1000­based TX interface
D.contains integrated wireless access using the 802.11 g/b standard
E.contains integrated web­based management tools for easy configuration and maintenance
Answer: A, D, E

16.A customer needs approximately 15 to 20 wireless APs for RF coverage. Given that the customer is going to use the 1010 lightweight AP with the advanced feature set, what other product is required to complete this operational functionality?
Answer: C

17.Which two of these statements best describe the benefits of Cisco's wireless IDS functionality? (Choose two.)
A.AirDefense for wireless IDS is required by autonomous APs.
B.2.4GHz RF management can monitor both 802.11 and non­802.11 RF interference.
C.APs only monitor the RF channels that are servicing the clients.
D.Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
E.Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
Answer: B, D

18.Which Cisco Catalyst Series switch is designed for enterprise LAN access, branch offices, Layer 3 distribution points, small­ and medium­sized businesses, and metropolitan Ethernet deployments?
Answer: C

19.Regarding the performance (in kilo packets per second for a 64 byte packet) of the 3800 family
of Cisco ISR Routers, which two of these are correct? (Choose two.)
A.The 3825 is rated at 175 kpps.
B.The 3825 is rated at 350 kpps.
C.The 3825 is rated at 500 kpps.
D.The 3845 is rated at 350 kpps.
E.The 3845 is rated at 500 kpps.
F.The 3845 is rated at 675 kpps.
Answer: B, E

20.Which item is a feature of Cisco Compatible Extensions, Version 3?
A.full 802.11e compliance
B.full WPAv2 compliance
C.wireless IDS
Answer: B

21.Which Cisco security tool can determine if a Cisco ISR Router is properly secured?
A.Cisco Security MARS
B.SDM security audit
Answer: B

22.Which of these is the Cisco IOS security feature that enhances perimeter firewall protection by taking appropriate actions on packets and flows that violate the security policy or represent malicious network activity?
A.DDoS Mitigation (DDoS)
B.Cisco Security Agent (CSA)
C.Intrusion Prevention System (IPS)
D.Authentication Proxy (Auth Proxy)
E.Context­based Access Control (CBAC)
F.Monitoring, Analysis and Response System (MARS)
Answer: C

23.A customer wants to deploy a wireless advanced feature set using lightweight access points. A site survey shows that the customer will need 34 APs to cover the facility. Assuming that the customer will not need to install more APs, only two devices can be used for wireless functionality. Which two? (Choose two.)
A.2000 Series WLAN Controller
B.4100 Series WLAN Controller
C.4400 Series WLAN Controller
D.Wireless LAN Solution Engine
E.Wireless LAN Services Module
Answer: B, C

© 2014, All Rights Reserved