Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-567 Exam -

Free 642-567 Sample Questions:

1.You have an external database configured for use in your NAC deployment. When the ACS forwards the credentials to the external database and does not receive a result in return, what action will the ACS take?
A.return a posture token of "unknown"
B.put the requesting device in the default group
C.automatically redirect the request to a remediation server
D.reject policy validation requests
Answer: D

2.Which CCA out­of­band solution statement is correct?
A.All client traffic flows through the CAS while access switch VLAN management is performed out of band.
B.Access switch to CAM configuration and status change messages are communicated via a proprietary protocol.
C.The switchport access and authentication VLAN information is sent to the access switch from the CAM.
D.As a laptop device accesses the CCA network, the access switch sends the device's MAC address to the CAS.
Answer: C

3.What is specified when the command ip radius source­interface is entered in the global configuration mode of a Cisco switch acting as a NAD?
A.the interface for all outgoing RADIUS packets
B.that all interfaces are sources for RADIUS authentication requests
C.that Layer 2 packets received are converted and passed to the RADIUS server as Layer 3 IP packets
D.the interface where the sourced RADIUS packets should be received at the switch
Answer: A

4.Which Cisco "all­in­one" security appliance automatically detects, isolates, and cleans infected and/or vulnerable devices that attempt to access a network?
A.Cisco Security Monitoring, Analysis and Response System (CS MARS)
B.Cisco Clean Access (CCA)
C.Security Device Manager (SDM)
D.Cisco Security Agent (CSA)
Answer: B

5.Which browser plug­in is required to view the charts and graphs on the MARS Appliance?
A.Macromedia Flash Player
B.Sun Microsystems Java
C.Microsoft PowerPoint
D.Adobe SVG Viewer
Answer: D

6.Once you have installed the Cisco Trust Agent (CTA), you want to verify that the agent is operating properly and communicating with the antivirus policy server. Which could you do to verify that status?
A.Issue the show eou all command on the intermediate NAD device.
B.From the endpoint device, ping the AV server. If this is successful, CTA is installed correctly.
C.If an "unhealthy user" pop­up window on the endpoint device is not displayed, the agent is working properly.
D.Check CTA activity logs for security posture validation messages.
Answer: A

7.Which is a benefit of using the dollar variable (like $TARGET01) when creating queries in MARS?
A.The dollar variable enables multiple queries to reference the same common 5­tuples information using
a variable.
B.The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C.The dollar variable allows matching of any unknown reporting device.
D.The dollar variable allows matching of any event type groups.
E.The dollar variable enables the same query to be applied to different reports.
Answer: B

8.Which command can you use to verify operation between a Network Admission Control (NAC) agent and a Network Access Device (NAD)? eapoupd all eou all nac all nac access­list all
Answer: B

9.Regarding MARS Appliance rules, which three statements are correct? (Choose three.)
A.There are three types of rules: System Inspection Rules, User Inspection Rules, and Drop Rules.
B.Rules can be saved as reports.
C.Rules can be deleted.
D.Rules trigger incidents.
E.Rules can be defined using a seed file.
F.Rules can be created using a query.
Answer: A, D, F

10.When restoring archived data to a MARS Appliance, which is the best practice to follow?
A.Use HTTPS to protect the data transfer.
B.Use secured FTP to protect the data transfer.
C.Use "mode 5" restore from the MARS CLI to provide enhanced security during the data transfer.
D.Use the Admin > System Maintenance > Data Archiving on the MARS GUI to perform restore operations online.
E.To avoid problems, only restore to a same or higher­end MARS Appliance.
Answer: E

11.If the CAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30, beginning at address, which IP address is leased to the end­user host on the second subnet?
Answer: C

12.Identify three ways an administrator can implement Cisco Clean Access (CCA) to protect a network. (Choose three.)
A.CTA only
B.CSA only
C.CAA only
D.CAA and network scan scan only
F.end­user scan only
Answer: C, D, E

13.Which three statements are correct about the MARS Global Controller? (Choose three.)
A.The Global Controller can correlate events from different Local Controllers into a common session.
B.One Global Controller can support multiple Local Controllers.
C.Each zone can have one Local Controller.
D.All Local Controllers events are propagated to the Global Controller for correlations.
E.The Global Controller and the Local Controllers can be running different MARS OS versions.
F.Based on a selected Local Controller, incidents on the Global Controller can be viewed.
Answer: B, C, F

14.What is the default SSL port number you will need to know when confirming the installation of a Trend Micro OfficeScan Server when both the OfficeScan and Policy Servers are installed on the same IIS virtual web site?
Answer: C

15.When adding a device to the MARS Appliance, what is the reporting IP address of the device?
A.the source IP address that sends syslog information to the MARS Appliance
B.the IP address MARS uses to access the device via SNMP
C.the IP address MARS uses to access the device via Telnet or SSH
D.the pre­NAT IP address of the device
E.the highest loopback IP address configured on the Cisco reporting device
Answer: A

16.Which of the following is a supported mitigation feature on the MARS Appliance?
A.Generating and pushing configuration commands to Layer 3 devices
B.Generating and pushing configuration commands to Layer 2 devices
C.Automatically dropping all suspected traffic at the nearest firewall
D.Automatically dropping all suspected traffic at the nearest IPS appliance
Answer: B

17.What are three benefits in deploying MARS Appliances using the Global and Local Controllers'
architecture? (Choose three.)
A.A Global Controller can provide a summary of all Local Controllers information (network topologies, incidents, queries, and reports result).
B.A Global Controller can provide a central point for creating rules and queries, which are applied to multiple Local Controllers simultaneously.
C.The architecture provides redundancy in case one of the MARS Local Controllers failed within a zone.
D.Users can seamlessly navigate to any Local Controllers from the Global Controller GUI.
E.A Global Controller can correlate events from multiple Local Controllers to perform global sessionizations.
Answer: A, B, D

18.Which action enables the MARS Appliance to ignore false positive events by either dropping the events completely, or by just logging them to the database?
A.Creating System Inspection Rules using the Drop operation
B.Creating Drop Rules
C.Inactivating the Rules
D.Inactivating events
E.Deleting the false positive events from the Incidents > False Positives screen
F.Deleting the false positive events from the Management > Event Management screen
Answer: B

19.The MARS Appliance (running release 3.4.1) supports which protocol for data archiving and restoring?
D.secured FTP
Answer: A

© 2014, All Rights Reserved