Testinside cisco CCSP 642-503

Securing Networks with Cisco Routers and Switches : 642-503 Exam

642-503 SNRS
Securing Networks with Cisco Routers and Switches Exam

Exam Number: 642-503
Associated Certifications: CCSP
Duration: 75 minutes (53 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks With Cisco Routers and Switches exam (SNRS 642-503) is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v2.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Implement Cisco Layer 2 security
Utilize Cisco IOS commands to mitigate Layer 2 attacks
Implement Cisco Identity-Based Networking Services on Cisco Catalyst Switches
Implement Identity Management using ACS as the Authentication Server

Configure Cisco IOS Firewalls to mitigate network threats using the CLI
Identify and describe the advanced capabilities of the IOS firewall feature set
Configure IOS Firewall to dynamically mitigate identified threats to the network
Verify and troubleshoot IOS Firewall configuration and operation.
Configure authentication proxy to apply security policies on a per-user basis
Verify and troubleshoot authentication proxy configuration and operation
Configure IOS zone-based Firewalls
Troubleshoot Zone-based Firewalls
Configure APPFW application Firewalls
Configure Granular Protocol Inspection

Configure Cisco IOS IPS to identify and mitigate threats to network resources using the CLI
Identify and describe the advanced capabilities of the IOS-IPS feature
Configure the IPS features to identify threats and dynamically block them from entering the network
Verify and troubleshoot IPS operation

Configure Cisco VPNs to provide secure connectivity for site-to-site and remote access communications using the CLI
Describe IPSec features and functionality
Configure secure connectivity for site-to-site IPSec VPN using pre-shared keys
Describe GRE features and functionality
Configure secure connectivity for site-to-site VPN using certificate authorities
Describe DMVPN features and functionality
Configure secure connectivity for site-to-site VPN using DMVPN
Verify and troubleshoot secure site-to-site connectivity operations
Implement Clientless IOS SSL VPN
Verify Clientless IOS SSL VPNs
Configure Easy VPN server with pre-shared keys

Configure Authentication, Authorization, and Accounting to provide basic secure access control for networks
Configure administrative access to the CSACS server
Configure CSACS system settings
Configure AAA clients on the CSACS
Configure users, groups and access rights
Configure shared profile components in CSACS
Configure network access profiles in CSACS
Configure NADS to enable AAA to use a Radius Server
Verify and troubleshoot AAA operation

Implement Network Foundation Protection using the CLI
Describe NFP features and functionality
Secure the management plane using Cisco IOS security features
Secure the data plane using Cisco IOS security features
Secure the control plane using Cisco IOS security features

“Securing Networks with Cisco Routers and Switches”, also known as 642-503 exam, is a Cisco certification.
Preparing for the 642-503 exam? Searching 642-503 Test Questions, 642-503 Practice Exam, 642-503 Dumps?

Free 642-503 Demo Download
TestInside offers free demo for 642-503 exam ( Securing Networks with Cisco Routers and Switches). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Answer:
QUESTION 21:
Please study the exhibit carefully.
Given that the fa0/1 interface is the trusted interface, what could be a reason for users on
the trusted inside networks not to be able to successfully establish outbound HTTP
connections?

A. The FWRULE inspection policy is not configured correctly.
B. ACL 104 is denying the outbound HTTP traffic.
C. ACL 104 is denying the return HTTP traffic.
D. The FWRULE inspection policy is not inspecting HTTP traffic.
E. The outgoing ACL on the fa0/1 interface is not set.
F. The outgoing inspection rule on the fa0/1 interface is not set.
Answer: B
QUESTION 22:
When you add NADs as AAA clients in the ACS, which three parameters are configured
for each AAA client? (Choose three.)
A. the EAP type
B. the AAA server IP address
C. the UDP ports to use for communications with the NADs
D. the AAA protocol to use for communications with the NADs
E. the shared secret key
F. the NAD IP address
Answer: D,E,F
Explanation:
The Add AAA Client and AAA Client Setup pages include:
1. AAA Client Hostname-The name that you assign to the AAA client configuration.
2. AAA Client IP Address-At a minimum, a single IP address of the AAA client or the keyword dynamic
.

3. Key-The shared secret of the AAA client.
4. Network Device Group-The name of the NDG to which this AAA client should belong.
5. Authenticate Using-The AAA protocol to use for communications with the AAA client.
6. Single Connect TACACS+ AAA Client (Record stop in accounting on failure)-If you select
TACACS+ (Cisco IOS) from the Authenticate Using list, you can use this option to specify that ACS use a
single TCP connection for all TACACS+ communication with the AAA client, rather than a new one for
every TACACS+ request. In single connection mode, multiple requests from a network device are
multiplexed over a single TCP session. By default, this check box is not checked.
7. Log Update/Watchdog Packets from this AAA Client-Enables logging of update or
watchdog packets. Watchdog packets are interim packets that are sent periodically during
a session. They provide you with an approximate session length if the AAA client fails
and, therefore, no stop packet is received to mark the end of the session. By default, this
check box is not selected.
8. Log RADIUS Tunneling Packets from this AAA Client-Enables logging of RADIUS tunneling
accounting packets. Packets are recorded in the RADIUS Accounting reports of Reports and Activity. By
default, this check box is not selected.
9. Replace RADIUS Port info with Username from this AAA Client-Enables use of username,
rather than port number, for session-state tracking. This option is useful when the AAA
client cannot provide unique port values, such as a gateway GPRS support node (GGSN).
For example, if you use the ACS IP pools server and the AAA client does not provide a
unique port for each user, ACS assumes that a reused port number indicates that the
previous user session has ended and ACS may reassign the IP address that was
previously assigned to the session with the nonunique port number. By default, this check
box is not checked.
Reference: User Guide for Cisco Secure ACS for Windows Version 4.0
QUESTION 23:
When you configure Cisco IOS WebVPN, you can use the port-forward command to
enable which function?
A. thin client
B. CIFS
C. Cisco Secure Desktop
D. OWA
E. full-tunnel client
F. web-enabled applications
Answer: A

Testinside cisco CCSP 642-503 Questions and Answers : 104 Q&As
Updated: October 2nd , 2008
Price: $125.99 $99.99

Free download：pass4sure CCSP 642-503
Free download：testking CCSP 642-503
password : www.ciscoexams.org