Testinside cisco CCSP 642-502

Securing Networks with Cisco Routers and Switches Exam(SNRS) : 642-502 Exam

642-502 SNRS
Securing Networks with Cisco Routers and Switches Exam

Retired June 20, 2007
Exam Number: 642-502
Associated Certifications: CCSP
Duration: 90 minutes (60-70 questions)
Available Languages: English
Click Here to Register: Pearson VUE or Prometric
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks with Cisco Routers and Switches exam is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v1.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Layer 2 security
Utilize Cisco IOS and Cat OS commands to mitigate Layer 2 attacks
Implement Cisco Identity-Based Networking Services
Implement Cisco 802.1X Port-Based Authentication
Identify and describe Layer 2 security best practices

Configure Cisco IOS Firewall features to meet security requirements
Identify and describe the capabilities of the IOS firewall feature set
Configure CBAC to dynamically mitigate identified threats to the network
Verify and troubleshoot CBAC configuration and operation
Configure authentication proxy to apply security policies on a per-user basis
Verify and troubleshoot authentication proxy configuration and operation

Configure Cisco IOS-based IPS to identify and mitigate threats to network resources
Identify and describe the capabilities of the IOS-IPS feature set
Configure the IPS features to identify threats and dynamically block them from entering the network
Verify and troubleshoot IDS operation
Maintain and update the signatures

Configure basic IPSec VPNs to secure site-to-site and remote access to network resources
Select the correct IPSec implementation based on specific stated requirements
Configure IPSec Encryption for site-to-site VPN using pre-shared keys
Configure IPSec Encryption for site-to-site VPN using certificate authority
Verify and troubleshoot IPSec operation
Configure EZ-VPN server
Configure EZ-VPN remote using both hardware and software clients.
Troubleshoot EZ-VPN

Configure authentication, authorization and accounting to provide basic secure access control for networks
Configure administrative access to the Cisco Secure ACS server
Configure AAA clients on the Cisco Secure ACS (for routers)
Configure users, groups and access rights
Configure router to enable AAA to use TACACS+
Configure router to enable AAA to use a Radius server
Verify and troubleshoot AAA operation

Use management applications to configure and monitor IOS security features
Initialize SDM communications on Cisco routers
Perform a LAN interface configuration of a Cisco router using SDM
Use SDM to define and establish a site-to-site VPN

“Securing Networks with Cisco Routers and Switches Exam(SNRS)”, also known as 642-502 exam, is a Cisco certification.
Preparing for the 642-502 exam? Searching 642-502 Test Questions, 642-502 Practice Exam, 642-502 Dumps?

Free 642-502 Demo Download
TestInside offers free demo for 642-502 exam ( Securing Networks with Cisco Routers and Switches Exam(SNRS)). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

QUESTION 21:
The security administrator at Certkiller is seeing a large number of half opened TCP
sessions. What are half open TCP sessions?
A. Sessions that were denied.
B. Sessions that have not reached the established state.
C. Sessions where the three-way handshake has been completed.
D. Sessions where the firewall detected return traffic.
Answer: B
Explanation:
An unusually high number of half-open sessions (either absolute or measured as the
arrival rate) could indicate that a denial-of-service attack is occurring. For TCP,
“half-open” means that the session has not reached the established state. For UDP,
“half-open” means that the firewall has detected traffic from one direction only.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter09186a00800
d
QUESTION 22:
What command configures the amount of time CBAC will wait for a TCP session to
become established before dropping the connection in the state table?
A. ip inspect global syn-establish (seconds)
B. ip inspect tcp global syn-time (seconds)

C. ip inspect global tcp syn (seconds)
D. ip inspect tcp synwait-time (seconds)
E. None of the above
Answer: D
Explanation:
Use the IOS Firewall global configuration mode command ip inspect tcp synwait-time
(seconds) command to set the CBAC timeout value for TCP session establishment. The
default is 30 seconds.
QUESTION 23:
You have been tasked with setting up a new router with CBAC. How do you
configure the CBAC global UDP idle session timeout?
A. ip inspect udp-session-timeout (seconds)
B. ip inspect udp-idle (seconds)
C. ip inspect udp-timeout (seconds)
D. ip inspect udp idle-time (seconds)
Answer: D

Testinside cisco CCSP 642-502 Questions and Answers : 63 Q&A
Updated: October 2nd , 2008
Price: $129.99 $89.99

Free download：pass4sure CCSP 642-502
Free download：testking CCSP 642-502
password : www.ciscoexams.org