Free Pass4sure Download: Leading the way in studying IT certifications

Securing Networks with Cisco Routers and Switches Exam(SNRS) : 642-502 Exam

Exam Number/Code: 642-502
Exam Name: Securing Networks with Cisco Routers and Switches Exam(SNRS)
VUE Code: 642-502
Questions Type: Single choice, Multiple choice, Simulate,
Question Numbers of Real-exam: 60-70 questions
Exam Language(s): English

Exam Description Introduction
The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Layer 2 security
Utilize Cisco IOS and Cat OS commands to mitigate Layer 2 attacks
Implement Cisco Identity-Based Networking Services
Implement Cisco 802.1X Port-Based Authentication
Identify and describe Layer 2 security best practices

Configure Cisco IOS Firewall features to meet security requirements
Identify and describe the capabilities of the IOS firewall feature set
Configure CBAC to dynamically mitigate identified threats to the network
Verify and troubleshoot CBAC configuration and operation
Configure authentication proxy to apply security policies on a per-user basis
Verify and troubleshoot authentication proxy configuration and operation

Configure Cisco IOS-based IPS to identify and mitigate threats to network resources
Identify and describe the capabilities of the IOS-IPS feature set
Configure the IPS features to identify threats and dynamically block them from entering the network
Verify and troubleshoot IDS operation
Maintain and update the signatures

Configure basic IPSec VPNs to secure site-to-site and remote access to network resources
Select the correct IPSec implementation based on specific stated requirements
Configure IPSec Encryption for site-to-site VPN using pre-shared keys
Configure IPSec Encryption for site-to-site VPN using certificate authority
Verify and troubleshoot IPSec operation
Configure EZ-VPN server
Configure EZ-VPN remote using both hardware and software clients.
Troubleshoot EZ-VPN

Configure authentication, authorization and accounting to provide basic secure access control for networks
Configure administrative access to the Cisco Secure ACS server
Configure AAA clients on the Cisco Secure ACS (for routers)
Configure users, groups and access rights
Configure router to enable AAA to use TACACS+
Configure router to enable AAA to use a Radius server
Verify and troubleshoot AAA operation

Use management applications to configure and monitor IOS security features
Initialize SDM communications on Cisco routers
Perform a LAN interface configuration of a Cisco router using SDM
Use SDM to define and establish a site-to-site VPN
Recommended Training
Securing Networks with Cisco Routers and Switches (SNRS) is the recommended training for this exam.

Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the Global Learning Partner Locator for a Cisco Learning Partner near you.

Additional Resources
A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press.

“Securing Networks with Cisco Routers and Switches Exam(SNRS)”, also known as 642-502 exam, is a Cisco certification.
Preparing for the 642-502 exam Searching 642-502 Test Questions, 642-502 Exam, 642-502 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 63 Q&A we offer correct answers for simulate questions. to your 642-502 Exam preparation. In the 642-502 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification.

The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

QUESTION 16:
Which of the following represents the behavior of the CBAC aggressive mode in a
Cisco IOS firewall?
A. Delete all half-open session
B. Re-initiate half open session
C. Complete all half open sessions, make the full open session
D. Delete half-open session as needed to accommodate new connection requests
E. All of the above, based on configuration
Answer: D
Explanation:
A TCP SYN attack occurs when an attacking source host generates TCP SYN packets
with random source addresses and sends them in rapid succession to a victim host. The
victim destination host sends a SYN ACK back to the random source address and adds an
entry to the connection queue. Since the SYN ACK is destined for an incorrect or
nonexistent host, the acknowledgment is never completed and the entry remains in the
connection queue until a timer expires. The connection queue fills up and legitimate users
cannot use TCP services. However, with CBAC, TCP packets flow from the outside only
in response to traffic sent from the inside. The attacking host can’t get its packets through,
and the attack does not succeed. In addition, by inspecting inbound on the external
interface (interface serial 0 in the example above), CBAC can account for half-open
connections through the firewall and begin closing those half-open connections in an
aggressive mode. The firewall will calm down once the number of half-open connections
settles down to a user-defined value.
642-502
www.actualtest.org – The Power of Knowing
QUESTION 17:
What OSI layers can CBAC filter on? Select all that apply.
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 7
E. Layer 5
Answer: A, B, D
Explanation:
Access lists can filter traffic based on layer 3 and layer 4 information, while CBAC can
filter traffic based on layer 3, 4, and 7 (application layer) information.
QUESTION 18:
Router CK1 has been upgraded with the Cisco firewall IOS. Which of the following
cannot be configured on a router unless the IOS Firewall feature set is installed?
(Select all that apply)
A. PAM
B. Authentication Proxy
C. IDS
D. CBAC
Answer: A, B, C, D
Explanation:
CBAC, PAM, IDS, Authentication Proxy are the four main components of the Cisco IOS
Firewall and cannot be configured until the IOS Firewall feature set is installed on the
router. The following table describes these features in more detail:
642-502
www.actualtest.org – The Power of Knowing
Reference:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800

c
QUESTION 19:
Router CK1 is being used to prevent Denial of Service attacks on the PassGuide
642-502
www.actualtest.org – The Power of Knowing
network. Which three thresholds does CBAC on the Cisco IOS Firewall provide
against DoS attacks? (Choose three)
A. The number of half-open sessions based upon time
B. The total number of half-open TCP or UDP sessions
C. The number of fully open sessions based upon time
D. The number of half-open TCP-only sessions per host
E. The total number of fully open TCP or UDP sessions
F. The number of fully open TCP-only sessions per host
Answer: A, B, D
Explanation:
Enhanced denial-of-service detection and prevention defends networks against popular
attack modes, such as SYN (synchronize/start) flooding, port scans, and packet injection,
by inspecting packet sequence numbers in TCP connections. If numbers are not within
expected ranges, the router drops suspicious packets. When the router detects unusually
high rates of new connections, it issues an alert message, and subsequently drops
half-open TCP connection state tables. This prevents system resource depletion.
When the Cisco IOS Firewall detects a possible attack, it tracks user access by source or
destination address and port pairs. It also details the transaction, creating an audit trail.
The CBAC process can be configured to monitor these half opened sessions based on the
total number within a given time frame, the total number at any given point, or the total
number per any individual host. When the number of existing half-open sessions exceeds
the max-incomplete high number, CBAC deletes half-open sessions as required to
accommodate new connection requests. The software continues to delete half-open
requests until the number of existing half-open sessions drops below max-incomplete low
number.
Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_bulletin09186a008010e040.html

QUESTION 20:
The PassGuide network is concerned about SPAM and wants to use IOS tools to
prevent SPAM attacks. By default, how many message recipients must an email
have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25
E. 5000
F. 50000
G. None of the above
Answer: A
pass4sure 642-502 Questions and Answers : 63 Q&A we offer correct answe
Updated: October 2nd , 2008
Price: $129.99 $89.99

Free download:pass4sure 642-502
Free download:PassGuide 642-502

password:www.ciscoexams.org

Download Latest Passforsure P4S Rapidshare links

1. Free CCSP Download
2. Free pass4sure ccsp 642-522 v2.83 Download
3. Free pass4sure ccsp 642-503 v2.83 Download
4. Free P4S Cisco CCSP Exam 642-521 v2.83 Download
5. Free pass4sure ccsp 642-523 v2.95 Download
6. Free pass4sure CCSP 642-524 v2.83 Download
7. Free P4S Cisco CCSP Exam 642-551 v2.93 Download
8. Free Pass4sure Cisco CCSP Exam 642-542 v2.83 Download
9. Free free latest PassGuide ccsp 642-552 exam Download
10. Free Cisco CCSP 642-524 SNAF Securing Networks with ASA Foundation Download
11. Free Latest Pass4sure Cisco Ccsp Exam Dumps Download
12. Free pass4sure ccsp 642-503 v2.93 Download
13. Free offer new latest pass4sure cisco ccsp dumps Download
14. Free P4S Cisco CCSP Exam 642-552 v2.93 Download
15. Free Pass4sure Cisco CCSP Exam 642-504 2.77 Download