Hide Notes 

Slide 1: 642-564 Security Solutions for Systems Engineers (SSSE) Exam: 642-564 Demo Edition CERT MAGIC 1 http://www.certmagic.com
Slide 2: 642-564 QUESTION: 1 Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance? A. RDEP over SSL B. SDEE over SSL C. SSH D. syslog Answer: B QUESTION: 2 You work as a network technician at Certmagic .com. Your boss, Mrs Certmagic, is curious about attack methodologies. Match the technology with the appropriate description. Use each technology once and only once. Answer: 2 http://www.certmagic.com
Slide 3: 642-564 Explanation: Reconnaissance Attacks Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also called information gathering. In most cases, it precedes an actual access or DoS attack. The malicious intruder typically ping-sweeps the target network first to determine what IP addresses are alive. After this is accomplished, the intruder determines what services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the application type and version as well as the type and version of the operating system running on the target host. Reconnaissance is somewhat analogous to a thief scoping out a neighborhood for vulnerable homes he can break into, such as an unoccupied residence, an easy-to-open door or window, and so on. In many cases, an intruder goes as far as "rattling the door handle"-not to go in immediately if it is open, but to discover vulnerable services he can exploit later when there is less likelihood that anyone is looking. Access Attacks Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privilege escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Sometimes this is as easy as finding shared folders in Windows 9x or NT, or NFS exported directories in UNIX systems with read or read-write access to everyone. The intruder has no problem getting to the files. More often than not, the easily accessible information is highly confidential and completely unprotected from prying eyes, especially if the attacker is already an internal user. System access is an intruder's ability to gain access to a machine that he is not allowed access to (such as when the intruder does not have an account or password). Entering or accessing systems that you don't have access to usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked. Another form of access attacks involves privilege escalation. This is done by legitimate users who have a lower level of access privileges or intruders who have gained lower-privileged access. The intent is to get information or execute procedures that are unauthorized at the user's current level of access. In many cases this involves gaining root access in a UNIX system to install a 3 http://www.certmagic.com
Slide 4: 642-564 sniffer to record network traffic, such as usernames and passwords, that can be used to access another target. In some cases, intruders only want to gain access, not steal informationespecially when the motive is intellectual challenge, curiosity, or ignorance. DoS Attacks DoS is when an attacker disables or corrupts networks, systems, or services with the intent to deny the service to intended users. It usually involves either crashing the system or slowing it down to the point where it is unusable. But DoS can also be as simple as wiping out or corrupting information necessary for business. In most cases, performing the attack simply involves running a hack, script, or tool. The attacker does not need prior access to the target, because usually all that is required is a way to get to it. For these reasons and because of the great damaging potential, DoS attacks are the most feared-especially by e-commerce website operators. QUESTION: 3 Which Cisco management product provides a Security Audit wizard? A. Cisco Security Auditor B. CiscoWorks VPN/Security Management Solution C. Cisco Adaptive Security Device Manager D. Cisco Router and Security Device Manager Answer: D QUESTION: 4 Which three features of Cisco Security MARS provide for identity and mitigation of threats? (Choose three.) A. determines security incidents based on device messages, events, and sessions B. provides incident analysis that is topologically aware for visualization and replay C. integrates with Trend Micro to clean infected hosts D. performs mitigation on Layer 2 ports and at Layer 3 choke points E. provides a security solution for preventing DDoS attacks F. pushes signatures to Cisco IPS to keep viruses from entering the network Answer: A,B,D 4 http://www.certmagic.com
Slide 5: 642-564 QUESTION: 5 How is Cisco IOS Control Plane Policing achieved? A. by adding a service-policy to virtual terminal lines and the console port B. by applying a QoS policy in control plane configuration mode C. by disabling unused services D. by rate-limiting the exchange of routing protocol updates E. by using AutoQoS to rate-limit the control plane traffic Answer: B QUESTION: 6 Which component of the Cisco NAC framework is responsible for compliance evaluation and policy enforcement? A. Cisco Secure ACS server B. Cisco Trust Agent C. network access devices D. posture validation server Answer: A QUESTION: 7 You work as a network technician at Certmagic .com. Your trainee Sandra is curious about Network Security Lifecycles. Match each action with the appropriate task. 5 http://www.certmagic.com
Slide 6: 642-564 Answer: QUESTION: 8 What is a benefit of the Cisco Integrated Services Routers? A. Intel Xeon CPUs B. built-in event correlation engine 6 http://www.certmagic.com
Slide 7: 642-564 C. built-in encryption acceleration D. customer programmable ASIC Answer: C QUESTION: 9 What are three functions of CSA in helping to secure customer environments? (Choose three.) A. application control B. control of executable content C. identification of vulnerabilities D. probing of systems for compliance E. real-time analysis of network traffic F. system hardening Answer: A,B,F QUESTION: 10 Which two features can the USB eToken for Cisco Integrated Services Router be used for? (Choose two.) A. distribution and storage of VPN credentials B. command authorization C. one-time passwords D. secure deployment of configurations E. troubleshooting Answer: A,D QUESTION: 11 Refer to the exhibit. As each spoke site is added, spoke-to-spoke and spoke-to-hub connectivity will be required. What is the best VPN implementation option? Exhibit: 7 http://www.certmagic.com
Slide 8: 642-564 A. GRE over IPSec with dynamic routing B. IPSec DMVPN C. IPSec Easy VPN D. V3PN Answer: B QUESTION: 12 What is a benefit of IPSec + GRE? A. bandwidth conservation B. no need for a separate client C. full support of Cisco dynamic routing protocols D. support of dynamic connections Answer: C QUESTION: 13 Which two are true about Cisco AutoSecure? (Choose two.) A. blocks all IANA-reserved IP address blocks 8 http://www.certmagic.com
Slide 9: 642-564 B. enables identification service C. enables log messages to include sequence numbers and time stamps D. disables tcp-keepalives-in and tcp-keepalives-out E. removes the exec-timeout Answer: A,C QUESTION: 14 Which two statements about the Firewall Services Module are true? (Choose two.) A. For traffic from high to low security levels, no access control list is needed. B. Interfaces with the same security level cannot communicate without a translation rule. C. Two VLAN interfaces connect MSFC and FWSM. D. Up to 1 million simultaneous connections are possible. E. Up to 100 separate security contexts are possible. Answer: D,E QUESTION: 15 Andy, a network administrator at SomeCompany Ltd., is installing a new Cisco Security MARS appliance. After powering up the MARS appliance, what is a valid task? A. Use a Category 5 crossover cable to connect the computer Ethernet port to the MARS eth0 port. B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration. C. Set the IP address of the computer to 192.168.1.100. D. Telnet to 192.168.1.1 using the username pnadmin and the password pnadmin. Answer: B Explanation: B is preferred over A. because A talks about eth1 and not eth0 ... See below the three possibilities to establish initial communication for basic setup. Establishing a Console ConnectionBefore you can perform the initial configuration of MARS Appliance, you must 9 http://www.certmagic.com
Slide 10: 642-564 establish a console connection to it. You have three options for establishing an initial console connection, and four options after you complete the initial configuration. You must log in to the console using the system administrative account (pnadmin) and the password associated with that account, which is also pnadmin by default. The three initial console connection options are: Direct Console. Directly attach a keyboard and monitor the appliance. This option provides the most console feedback of the three console connection options, and it does not require any additional software, such as a terminal emulator or SSH client. Serial Console. Before powering on the appliance, connect a computer to the serial port using the appropriate cable. For the location of the serial port, see the backplane figure corresponding to your appliance model in Hardware Descriptions, page 1-4. Configure your terminal emulation communication software (such as Hyper Terminal) to operate with the following settings: Baud = 19200 Databits = 8 Parity = None Stops = 1 Flow control = None Ethernet Console. Before powering on the appliance, connect a computer to eth1 using a crossover CAT5 cable, configuring the computer's local TCP/IP settings to be on the 192.168.0.0 network. Pick an IP address other than 192.168.0.100 and 192.168.0.101, which are the default addresses assigned to eth0 and eth1, respectively. The eth1 port is reserved for administrative connections, such as the Ethernet console. For the location of the eth1 port, see the backplane figure corresponding to your appliance model in Hardware Descriptions, page 1-4. Configure your terminal emulation communication software (such as Hyper Terminal) to operate with the following settings: Baud = 19200 Databits = 8 Parity = None Stops = 1 Flow control = None QUESTION: 16 Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network? A. Cisco Security Agent B. Cisco Secure ACS server C. NAC Appliance (Cisco Clean Access) D. Cisco Traffic Anomaly Detector 10 http://www.certmagic.com
Slide 11: 642-564 Answer: C QUESTION: 17 What is a benefit of high-performance AIM that is included with Cisco Integrated Services Routers? A. hardware-accelerated packet inspection engine B. hardware-based encryption and compression C. removable secure credentials D. support of SRTP Answer: B QUESTION: 18 In the context of Cisco NAC, what is a network access device? A. workstation without Cisco Trust Agent B. Cisco IOS router C. AAA server D. laptop with Cisco Trust Agent Answer: B QUESTION: 19 How does CSA protect endpoints? A. uses signatures to detect and stop attacks B. uses deep-packet application inspections to control application misuse and abuse C. uses file system, network, registry, and execution space interceptors to stop malicious activity D. works in conjunction with antivirus software to lock down the OS E. works at the application layer to provide buffer overflow protection Answer: C 11 http://www.certmagic.com
Slide 12: 642-564 QUESTION: 20 Which two should be included in an analysis of a Security Posture Assessment? (Choose two.) A. detailed action plan B. identification of bottlenecks inside the network C. identification of critical deficiencies D. recommendations based on security best practice E. service offer Answer: C,D 12 http://www.certmagic.com