Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
GIAC exams GIAC
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
ISEB exams ISEB
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-566 Exam - Cheat-Test.com

Free 642-566 Sample Questions:

1. What is the primary reason that GET VPN is not deployed over the public Internet?
A. because GET VPN supports re-keying using multicast only
B. because GET VPN preserves the original source and destination IP addresses, which may be private addresses that are not routable over the Internet
C. because GET VPN uses IPsec transport mode, which would expose the IP addresses to the public if using the Internet
D. because the GET VPN group members use multicast to register with the key servers
E. because the GET VPN key servers and group members requires a secure path to exchange the Key Encryption Key (KEK) and the Traffic Encryption Key (TEK)
Answer: B

2. Which is used to authenticate remote IPsec VPN users?
A. PFS
B. XAUTH
C. mode configuration
D. single sign-on (SSO)
E. Diffie-Hellman (DH)
F. pre-shared key
Answer: B

3. Which three security components can be found in today's typical single-tier firewall system? (Choose three.)
A. Stateful Packet Filtering with Application Inspection and Control
B. IPS
C. Network Admission Control
D. application proxy
E. Cache engine
F. server load balancing
Answer: A, B, D

4. When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS method is available if GRE-over-IPsec tunnels cannot beused?
A. Virtual Routing Forwardings (VRFs)
B. Virtual Tunnel Interfaces (VTIs)
C. dynamic crypto maps
D. GET VPN
Answer: B

5. Which three are correct guidelines when using separation to secure the enterprise data center? (Choose three.)
A. Separate exposed services' resources into security domains, as granularly as possible.
B. Use DMZ to host exposed services.
C. Always prefer logical separation to physical separation.
D. Use multiple firewall tiers for defense in depth
E. Use IDS instead of IPS for better performance.
Answer: A, B, D

6. What is used to enable IPsec usage across Port Address Translation (PAT)devices?
A. port forwarding
B. static NAT/PAT
C. NAT-T
D. IPsec tunnel mode
E. RRI
Answer: C

7. Which algorithm is recommended for implementing automatic symmetric key exchange over an unsecured channel?
A. public key infrastructure (PKI)
B. Diffie-Hellman (DH)
C. RSA D. EAP
E. SHA-512
F. AES
Answer: B

8. Which Cisco software agent uses content scanning to identify sensitive content and controls the transfer of sensitive content off the local endpoint over removable storage, locally or network-attached hardware, or network
applications?
A. Cisco Trust Agent 2.0
B. Cisco NAC Appliance Agent 4.1.3
C. Cisco NAC Appliance Web Agent 1.0
D. Cisco Security Agent 6.0
E. Cisco IronPort Agent 3.0
Answer: D

9. The LWAPP protocol supports which type of native encryption?
A. DES
B. 3DES
C. RC5
E. ECC
F. AES
Answer: F

10. Which three benefits does DMVPN offer? (Choose three.)
A. supports spokes that use dynamic IP addresses
B. supports IP unicast and multicast traffic
C. supports native routing protocols over the tunnels
D. is available on Cisco IOS routers and on Cisco ASA security appliances
E. provides tunnel-less any-to-any connectivity F. has less overhead than GRE over IPsec
Answer: A, B, C

11. Pharming attacks, which are used to fool users into submitting sensitive information to malicious servers, typically involve which attack method?
A. ARP poisoning
B. DNS cache poisoning
C. DHCP exhaustion
D. DHCP server spoofing
E. IP spoofing
Answer: B

12. Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs is correct?
A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames and passwords.
B. VPN servers authenticate by using digital certificates, and users authenticate by using usernames and passwords.
C. VPN servers authenticate by using digital certificates, and users authenticate by using pre-shared keys.
D. VPN servers and users authenticate by using digital certificates. E. VPN servers and users authenticate by using pre-shared keys.
Answer: B

13. Which protocol is used to allow the utilization of Cisco Wide Area Application Engines or Cisco IronPort S-Series web security appliances to localize web traffic patterns in the network and to enable the local fulfillment of content requests?
A. SOAP
B. XML
C. WCCP
D. HTTPS
E. DTLS
F. TLS
Answer: C

14. What is implemented on Cisco IP Phones so that they can authenticate itself before gaining network access?
A. Cisco Secure Services Client
B. Cisco NAC Appliance Agent (NAA)
C. IEEE 802.1X supplicant
D. AAA client
E. Cisco Security Agent
F. one-time password
Answer: C

15. What is the difference between hashing and Hashed Message Authentication Code (HMAC) algorithms?
A. HMAC provides non-repudiation service.
B. Hashing protects against man-in-the-middle attacks.
C. With hashing, the original data can be recovered, given only its digest.
D. HMAC uses an asymmetric key; hashing uses a symmetric key.
E. HMAC uses an additional secret key as the input to the hash function.
Answer: E


© 2014 Cheat-Test.com, All Rights Reserved