Exam1pass
Easiest way to pass IT exams
Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
Exam
: Cisco 642-566
Title
: Security Solutions for
Systems Engineers Exam
Version : Demo
Exam1pass
Easiest way to pass IT exams
Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
1. What is the primary reason that GET VPN is not deployed over the public Internet?
A. because GET VPN supports re-keying using multicast only
B. because GET VPN preserves the original source and destination IP addresses, which may be private
addresses that are not routable over the Internet
C. because GET VPN uses IPsec transport mode, which would expose the IP addresses to the public if
using the Internet
D. because the GET VPN group members use multicast to register with the key servers
E. because the GET VPN key servers and group members requires a secure path to exchange the Key
Encryption Key (KEK) and the Traffic Encryption Key (TEK)
Answer: B
2. Which is used to authenticate remote IPsec VPN users?
A. PFS
B. XAUTH
C. mode configuration
D. single sign-on (SSO)
E. Diffie-Hellman (DH)
F. pre-shared key
Answer: B
3. Which three security components can be found in today's typical single-tier firewall system? (Choose
three.)
A. Stateful Packet Filtering with Application Inspection and Control
B. IPS
C. Network Admission Control
D. application proxy
E. Cache engine
F. server load balancing
Answer: ABD
Exam1pass
Easiest way to pass IT exams
Exam1pass Help You Pass Any IT Exam
http://www.exam1pass.com
4. When implementing point-to-point secure WAN solutions over the Internet, which alternative Cisco IOS
method is available if GRE-over-IPsec tunnels cannot beused?
A. Virtual Routing Forwardings (VRFs)
B. Virtual Tunnel Interfaces (VTIs)
C. dynamic crypto maps
D. GET VPN
Answer: B
5. Which three are correct guidelines when using separation to secure the enterprise data center? (Choose
three.)
A. Separate exposed services' resources into security domains, as granularly as possible.
B. Use DMZ to host exposed services.
C. Always pre