Cisco 642-584 Online Practice
Questions and Exam Preparation
642-584 Exam Details
Exam Code
:642-584
Exam Name
:Security Solutions for Systems Engineers
Certification
:Cisco Certifications
Vendor
:Cisco
Total Questions
:50 Q&As
Last Updated
:Dec 07, 2021
Cisco 642-584 Online Questions &
Answers
Question 11:
Which statement about 802.1X is true?
A. MAB allows clients that do not support 802.1X to be authenticated based on their MAC address. B. MDA does not allow multiple clients to be independently authenticated at the same switch port if they are in different domains, or VLANs. C. EAP-TLS requires a client certificate. D. PEAP-MSCHAPv2 requires a client certificate.
A. MAB allows clients that do not support 802.1X to be authenticated based on their MAC address.
Question 12:
Which two virtual networking services are provided by a Cisco Nexus 1000V? (Choose two.)
A. Cisco Virtual Security Gateway B. Cisco ASA 1000V C. Cisco Virtual ScanSafe D. Cisco Virtual IPS
A. Cisco Virtual Security Gateway B. Cisco ASA 1000V
Question 13:
Which two options show the correct associations of use cases with VPN technologies? (Choose two.)
A. SP or large enterprise: MPLS, VPLS, SSL VPN B. SP or large enterprise: MPLS, VPLS, OTV C. Site-to-site VPN: GRE, DMVPN, FlexVPN, GET-VPN, IPsec D. Site-to-site VPN: OTV, DMVPN, GRE, GET-VPN, IPsec E. Client access: SSL VPN, EZ-VPN, FlexVPN, MPLS
B. SP or large enterprise: MPLS, VPLS, OTV C. Site-to-site VPN: GRE, DMVPN, FlexVPN, GET-VPN, IPsec
Question 14:
Which two components are 802.1X components? (Choose two.)
A. Client B. Authenticator C. Authentication server D. User? E. Accounting server
B. Authenticator C. Authentication server
Question 15:
Which statement about SGACL is true?
A. SGACL does not allow customers to keep the existing local design at the access layer. B. SGACL allows customers to apply or change policies that meet today's business requirements. C. With SGACL, traffic that is received by a device gets tagged at egress and is then potentially filtered at ingress, based on the previously assigned tag. D. With SGACL, all network devices belonging to the same group automatically enforce the same policy.
A. SGACL does not allow customers to keep the existing local design at the access layer.
Question 16:
Which statement about the Cisco IOS Zone-Based Policy Firewall is true?
A. Only virtual interfaces can be added to a Cisco IOS Zone-Based Policy Firewall zone. B. A Cisco IOS Zone-Based Policy Firewall zone is a set of VLANs that share a certain trust level. C. Cisco IOS Zone-Based Policy Firewall policies are not unidirectional. D. The Cisco IOS Zone-Based Policy Firewall applies firewall policies to traffic traversing zones.
D. The Cisco IOS Zone-Based Policy Firewall applies firewall policies to traffic traversing zones.
Question 17:
Which three are security features that are applicable to the network edge? (Choose three.)
A. Layer 2 encryption service, also known as MACsec firewall service B. VPN service C. Email security service D. WLAN authorization service
B. VPN service C. Email security service D. WLAN authorization service
Question 18:
Which two are advantages of virtual device contexts? (Choose two.)
A. Device consolidation B. Centralization of hardware resources C. Hardware and software fault isolation D. Protection of network traffic based on MACsec E. Layer 2 encryption
A. Device consolidation C. Hardware and software fault isolation
Question 19:
Which two attacks target the data link layer in a switched environment? (Choose two.)
A. VLAN attacks B. IP source routing C. MAC address floods D. DHCP-based IP redirection attacks E. Spanning-tree attacks
C. MAC address floods E. Spanning-tree attacks
Question 20:
Which two statements about the capabilities of the Cisco AnyConnect 3.0 Secure Mobility Client for Windows are true? (Choose two.)
A. It supports always-on connectivity by automatically establishing a VPN connection as needed. If multiple VPN gateways exist, load sharing occurs in a Round-robin fashion. B. It supports session persistence after hibernation or standby. C. Trusted Network Detection allows the connection to be established without any user intervention (authentication), if the client is located inside the office. D. It is exclusively configured by central policies; no local configuration is possible. E. The order of policy enforcement is as follows: dynamic access policy, user attributes, tunnel group, group policy attributes.
B. It supports session persistence after hibernation or standby. C. Trusted Network Detection allows the connection to be established without any user intervention (authentication), if the client is located inside the office.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Cisco exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 642-584 exam preparations
and Cisco certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.