
	Homepage \| Add to Favourites

Search the Web

CISCO CERTIFICATION

CCNA

CCNP

CCSP

CCIP

CCIE R&S

CCIE Security

WINDOWS CERTIFICATION

Download Free Tests

642-541 : Cisco SAFE Implementation Exam (CSI)

QUESTION 121 What two modules are in the SAFE SMR small network design? (Choose two)

A. Edge

B. Internet

C. Corporate Internet

D. Campus Answer: C, D Explanation: The small network design has two modules: the corporate Internet module and the campus module. The corporate Internet module has connections to the Internet and also terminates VPN and public services (DNS, HTTP, FTP, SMTP) traffic. The campus module contains the Layer 2 switching and all the users, as well as the management and intranet servers. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 10

QUESTION 122 How many transforms can be included in a transform set on a PIX Firewall?

A. 1

B. 2

C. 3

D. 4

E. unlimited number Answer: C Explanation: Up to three transforms can be in a set. Sets are limited to up to one AH And up to two ESP transforms. Reference: Cisco Secure PIX Firewalls (Cisco press) Page 212

QUESTION 123 What is the function of a crypto map on a PIX Firewall?

A. To define the policy that will be applied to the traffic.

B. To specify which algorithms will be used with the selected security protocol.

C. To configure a pre-shared authentication key and associate the key with an IPSec peer address or host name.

D. To map transforms to transform sets. Answer: A Explanation: Crypto map entries must be created for IPSec to set up SAs for traffic flows that must be encrypted. Reference: Cisco Secure PIX Firewalls (Cisco press) Page 215

QUESTION 124 Which are key devices in the SAFE SMR remote user network? (Choose three)

A. Layer 2 switch

B. Router with firewall and VPN support

C. Layer 3 switch

D. Firewall with VPN support

E. NIDS

F. Personal firewall software Answer: B, D, F Explanation:

Firewall with VPN support-Provides secure end-to-end encrypted tunnels between the remote site and the corporate head end; provides network-level protection of remote-site resources and stateful filtering of traffic
Personal firewall software-Provides device-level protection for individual PCs
Router with firewall and VPN support-Provides secure end-to-end encrypted tunnels between the remote site and the corporate head end; provides network-level protection of remote-site resources and stateful filtering of traffic; can provide advanced services such as voice or QoS. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 25

QUESTION 125 What type of network requires availability to the Internet and public networks as a major requirement and has several access points to other networks, both public and private?

A. Open

B. Closed

C. Intermediate

D. BalancedAnswer: A

QUESTION 126 If split tunneling is disabled, how do remote users access the Internet when they have a VPN tunnel established in the software access option in the SAFE SMR remote user design environment?

A. Access to the Internet is not allowed.

B. The user must disable the VPN tunnel to access the Internet.

C. Access to the Internet is provided via the corporate connection.

D. Access to the Internet is provided via the ISP connection. Answer: C Explanation: Split tunneling can also be enabled or disabled via the central site. For the SAFE design, split tunneling was disabled, making it necessary for all remote users to access the Internet via the corporate connection when they have a VPN tunnel established. Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 28

QUESTION 127 What services do intranet VPNs provide?

A. Link corporate headquarters to remote offices.

B. Link network resources with third-party vendors and business partners.

C. Link telecommuters and mobile users to corporate network resources.

D. Link private networks to public networks. Answer: A Explanation: Intranet VPNs refer to connections between sites that are all part of the same company. As such, access between sites is generally less restrictive. Reference: SAFE VPN: IPSec Virtual Private Networks in Depth page 76

QUESTION 128 Which model is recommended for an IDS with at least 100 Mbps performance?

A. 4210

B. 4220

C. 4250

D. 4260 Answer: C Explanation: The Cisco IDS 4250 supports unparalleled performance at 500 Mbps and can be used to protect gigabit subnets and traffic traversing switches that are being used to aggregate traffic from numerous subnets. Reference: http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/ps4079/index.html Incorrect Answers

A: Performance: 45 Mbps

B: No such model

D: No such model

QUESTION 129 Which version of PIX introduces support for the VPN accelerator card?

A. Version 4.0

B. Version 4.3

C. Version 5.0

D. Version 5.3 Answer: D Explanation: System Requirements Operating System: PIX OS v5.3(1) or later (with DES or 3DES license) Platforms: PIX 515/515E, 520, 525, 535 (limit one per chassis) Reference: Cisco PIX 500 Series Firewalls - Cisco PIX Firewall VPN Accelerator Card

QUESTION 130 Which two Cisco components encompass intrusion protection? (Choose two)

A. Cisco VPN Concentrators

B. Cisco IDS Sensors

C. Cisco IDS Access Point

D. Cisco IOS IDS

E. Cisco Wireless IDS Answer: B, D Explanation: Cisco routers with IOS IDS features Cisco Secure IDS Sensors Reference: Cisco Threat Response User Guide

Top of page	20 of 20

Search and Find Anything Here

Web	www.ciscohighway.com