642-583 by Cisco Valid Free Exam Practice Test

Question 1

Using Cisco ASA active/active stateful failover, what happens if the return packet of an existing connection is not found in the local Cisco ASA connection table?

A. The local Cisco ASA will examine the copy of the other Cisco ASA's connection table and, if a match is found, will forward the packet to the other Cisco ASA. B. The local Cisco ASA will determine, based on its routing table, whether to forward or drop the packet. C. The local Cisco ASA will perform a reverse path forwarding check to determine whether to forward or drop the packet. D. The local Cisco ASA will drop the packet. E. If the local Cisco ASA is the active Cisco ASA, then it will forward the packet. F. The local Cisco ASA will forward the packet if it is permitted by the inbound ACL.

Correct Answer: A

Question 2

DRAG DROP

Correct Answer:

Explanation:

Question 3

MPLS VPN does not provide or support which of the following?

A. customer's IGP routing B. the use of private IP addresses C. any-to-any connectivity D. customer's isolation E. confidentiality

Correct Answer: E

Question 4

Which two Cisco products/features offer the best security controls for a web server which has applications running on it that perform inadequate input data validation? (Choose two.)

A. Cisco IOS Flexible Packet Matching (FPM) B. Cisco Security Agent data access controls C. Cisco ASA Application Inspection and Control (AIC) D. Cisco ACE XML Gateway E. Cisco Application Velocity System (AVS) F. Cisco IPS appliance Meta Event Generator

Correct Answer: B,D

Question 5

Which uRPF option allows for asymmetrical routing?

A. looseuRPF B. unidirectionaluRPF C. staticuRPF D. strictuRPF E. dynamicuRPF

Correct Answer: A

Question 6

What are the four main deployment options to consider when implementing Cisco NAC Appliance design? (Choose four.)

A. edge deployment versus central deployment B. in-band versus out-of-band C. Layer 2 versus Layer 3 D. Real-IP Gateway versus virtual gateway E. IEEE 802.1X versus Layer 3 IP F. system authentication versus user authentication

Correct Answer: A,B,C,D

Question 7

Which key benefit does DTLS offer over TLS?

A. provides low latency for real-time applications B. both the application and TLS can retransmit loss packets C. improves security D. uses TCP encapsulation, which results in the user's TCP session being transported over another TCP session, thus making flow control more efficient E. uses TCP instead of UDP to provide a reliable transport mechanism

Correct Answer: A

Question 8

Refer to the exhibit.

A distributed DoS attack has been detected. The attack appears to have sources from many hosts in network X/24. An operator in the network operation center is notified of this attack and must take preventive action. To block all offending traffic, the network operator announces a BGP route, with the next-hop attribute of 172.31.1.1, for the X/24 network of the attacker.
Which two methods do the routers at the regional office, branch office, and telecommuter location use to prevent traffic going to and from the attacker? (Choose two.)

A. a prefix list to block routing updates about the X/24 network B. strictuRPF C. a static route to 172.31.1.1/32, which points to a null interface D. a dynamic ACL entry to block any traffic that is sourced from the X/24 network E. a route map to tag all traffic from the X/24 network with the no-export communityattribute

Correct Answer: B,C

Question 9

Which statement is true?

A. Three-year commitments cost less per year than three consecutive one-year commitments. B. Three consecutive one-year commitments cost less than one three-year commitment. C. Three-year commitments cost the same per year as three consecutive one-year commitments D. CiscoIronPort does not sell three-year commitments.

Correct Answer: A

Question 10

Refer to the exhibit. Which statement correctly describes this security architecture, which is used to protect the multi-tiered web application?

A. The second-tier Cisco ASA AIP-SSM should be tuned for inspecting Oracle attack signatures. B. All the servers are protected by the dual-tier firewall systems and do not require additional endpoint security controls. C. This architecture supports application tiers that are dual homed. D. The firewall systems in the first and second tiers should be implemented with identical security controls to provide defense in depth.

Correct Answer: A

Cisco Security Solutions for Systems Engineers - 642-583 Exam Practice Test