642-542 Exam Details

  • Exam Code
    :642-542
  • Exam Name
    :Cisco SAFE Implementation
  • Certification
    :Cisco Certifications
  • Vendor
    :Cisco
  • Total Questions
    :218 Q&As
  • Last Updated
    :Jan 24, 2022

Cisco 642-542 Online Questions & Answers

  • Question 171:

    Which two Cisco components encompass intrusion protection? Choose two.

    A. Cisco VPN Concentrators
    B. Cisco IOS IDS
    C. Cisco IDS Sensors
    D. Cisco Wireless IDS
    E. Cisco IDS Access Point

  • Question 172:

    How are virus and Trojan Horse attacks mitigated in the SAFE SMR midsize network design corporate Internet module?

    A. RFC 2827 and 1918 filtering at ISP edge and midsize network edge router
    B. CAR at the ISP edge and TCP setup controls at the firewall
    C. IDS at the host and network levels
    D. OS and IDS detection
    E. filtering at the ISP, edge router, and corporate firewall
    F. e-mail content filtering, HIDS, and host-based virus scanning

  • Question 173:

    Which is a design alternative in the SAFE SMR midsize network design campus module?

    A. A NIDS appliance can be placed in front of the firewall.
    B. The router between the firewall and the campus module can be eliminated.
    C. A separate router and Layer 2 switch can be used for the core and distribution rather than the higher-performing Layer 3 switch.
    D. A URL filtering server can be placed on the public services segment to filter the types of Web pages employees can access.

  • Question 174:

    According to SAFE SMR, what type of VPN connectivity is typically used with the Cisco PIX Firewall?

    A. mobile user
    B. remote access
    C. site-to-site
    D. corporate

  • Question 175:

    According to SAFE IPSec VPN, which of these are recommended design guidelines for maintaining high availability? (Select three.)

    A. Cisco recommends running IKE keepalives in combination with routing protocols for resilience to assist in keeping the state current.
    B. When using VPN routers at the headend, use IKE keepalives for high availability.
    C. Regardless of the high-availability mechanism chosen, a headend device should not be deployed in a configuration that results in CPU utilization higher than 50 percent after failure.
    D. When using VPN Concentrators or VPN firewalls at the headend, use IKE keepalives for high availability.
    E. Regardless of the high-availability mechanism chosen, a headend device should not be deployed in a configuration that results in CPU utilization higher than 75 percent after failure.
    F. Cisco does not recommend running IKE keepalives in combination with routing protocols for resilience to assist in keeping the state current.

  • Question 176:

    The ip verify reverse-path command implements which of the following on the PIX Firewall? Choose two.

    A. provides ingress filtering
    B. provides session state information based on source address
    C. performs a route lookup based on the destination address
    D. performs a route lookup based on the source address
    E. provides session state information based on destination address

  • Question 177:

    In the SAFE SMR midsize network design, access list 101 deny ip 10.0.0.0 0.255.255.255 any is an example of what kind of filtering?

    A. RFC 2827
    B. RFC 1918
    C. RFC 2728
    D. RFC 1920

  • Question 178:

    Why are all providers of Internet connectivity urged to implement the filtering described in RFC 2827?

    A. to stop internal users from reaching web sites that violate the established security policy
    B. to prohibit attackers from using source addresses that reside within a range of legitimately advertised prefixes
    C. to filter Java applications that come from a source that is not trusted
    D. to prohibit attackers from using forged source addresses that do not reside within a range of legitimately advertised prefixes

  • Question 179:

    In the SAFE SMR midsize network design, access list 101 deny ip 10.0.0.0 0.255.255.255 any is an example of what kind of filtering?

    A. RFC 1918
    B. RFC 2827
    C. RFC 1920
    D. RFC 2728

  • Question 180:

    How are trust exploitation attacks mitigated in the SAFE SMR midize network design corporate Internet module?

    A. restrictive filtering and host IDS
    B. restrictive trust model and private VLANs
    C. OS and IDS detection
    D. IDS at the host and network levels
    E. filtering at the ISP, edge router, and corporate firewall

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 642-542 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.