Free free latest PassGuide ccsp 642-552 exam Download

Securing Cisco Networking Devices (SND) : 642-552 ExamThe Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager

Topic 1, Describe the security threats facing modern network infrastructures (16
Questions) 3 3
Topic 2, Secure Cisco routers (15 Questions) 15 15
Topic 3, Implement basic AAA using Cisco routers (6 Questions) 25 25
Topic 4, Mitigate threats to Cisco routers and networks using ACLs (6 Questions) 27 27
Topic 5, Implement secure network management and reporting (9 Questions) 31 31
Topic 6, Mitigate common Layer 2 attacks (1 Questions) 35 35
Topic 7, Implement the Cisco IOS firewall features set using SDM (16 Questions) 35 35
Topic 8, Implement the Cisco IOS IPS feature set using SDM (11 Questions) 44 44
Topic 9, Implement IPSec VPN on Cisco routers using SDM (20 Questions) 51 51
Topic 10, TestKing.com Questions (4 Questions) 64 64
Topic 11, TestKing.com Madrid, Scenario 65 65
Topic 11, TestKing.com Spain (3 Questions) 68 68
Topic 12, Questions (19 Questions) 69 69
QUESTION NO: 1
A malicious program is disguised as another useful program; consequently, when
the user executes the program, files get erased and then the malicious program
spreads itself using emails as the delivery mechanism. Which type of attack best
describes how this scenario got started
A. DoS
B. worm
C. virus
D. trojan horse
E. DDoS
Answer: D
QUESTION NO: 2
What is the key function of a comprehensive security policy
A. informing staff of their obligatory requirements for protecting technology and
information assets
B. detailing the way security needs will be met at corporate and department levels
C. recommending that Cisco IPS sensors be implemented at the network edge
D. detailing how to block malicious network attacks
Answer: A
QUESTION NO: 3
Which building blocks make up the Adaptive Threat Defense phase of Cisco SDN
strategy
A. VoIP services, NAC services, Cisco IBNS
B. network foundation protection, NIDS services, adaptive threat mitigation services
C. firewall services, intrusion prevention, secure connectivity
D. firewall services, IPS and network antivirus services, network intelligence
E. Anti-X defense, NAC services, network foundation protection
Answer: D
QUESTION NO: 4 DRAG DROP
You work as a network administrator at TestKing.com. Your boss Mrs. Tess King
asks you to match the malicious network attack types with the correct definition.
Which of these two ways does Cisco recommend that you use to mitigate
maintenance-related threats (Choose two.)
A. Maintain a stock of critical spares for emergency use.
B. Ensure that all cabling is Category 6.
C. Always follow electrostatic discharge procedures when replacing or working with
internal router and switch device components.
D. Always wear an electrostatic wrist band when handling cabling, including fiber-optic
cabling.
E. Always employ certified maintenance technicians to maintain mission-critical
equipment and cabling.
Answer: A,C
What are two security risks on 802.11 WLANs that implement WEP using a static
40-bit key with open authentication (Choose two.)
A. The IV is transmitted as plaintext, and an attacker can sniff the WLAN to see the IV.
B. The challenge packet sent by the wireless AP is sent unencrypted.
C. The response packet sent by the wireless client is sent unencrypted.
D. WEP uses a weak-block cipher such as the Data Encryption Algorithm.
E. One-way authentication only where the wireless client does not authenticate the
wireless-access point.
Answer: A,E
QUESTION NO: 9
Which method of mitigating packet-sniffer attacks is the most effective
A. implement two-factor authentication
B. deploy a switched Ethernet network infrastructure
C. use software and hardware to detect the use of sniffers
D. deploy network-level cryptography using IPsec, secure services, and secure protocols
Answer: D
QUESTION NO: 10
What is a reconnaissance attack
A. when an intruder attacks networks or systems to retrieve data, gain access, or escalate
access privileges.
B. when an intruder attempts to discover and map systems, services, and vulnerabilities
C. when malicious software is inserted onto a host in order to damage a system, corrupt a
system, replicate itself, or deny service or access to networks, systems, or services
D. when an intruder attacks your network in a way that damages or corrupts your
computer system, or denies you and other access to your networks, systems, or services
E. when an intruder attempts to learn user IDs and passwords that can later be used in
identity theft
Explanation: Attackers and hackers can employ social engineering techniques to pose as
legitimate people seeking out information. A few well structured telephone calls to
unsuspecting employees can provide a significant amount of information
Incorrect:
A – Is called ’Access attacks’
C – Is called ’Worms, Viruses and Trojan Horses’
D – Is called ’Denial of Service (DOS) attacks’
E – This is an example of social engineering