Testinside cisco CCSP 642-552

Securing Cisco Networking Devices (SND) : 642-552 Exam

642-552 SND
Securing Cisco Network Devices Exam

Last day to test November 17, 2008
Exam Number: 642-552
Associated Certifications: CCSP/Cisco Firewall Specialist/Cisco IPS Specialist/Cisco VPN Specialist
Duration: 75 minutes
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Cisco Network Devices 642-552 SND is the exam associated with the Cisco Certified Security Professional, Cisco Firewall Specialist, Cisco IPS Specialist, and Cisco VPN Specialist certifications. Candidates can prepare for this exam by taking the Securing Cisco Network Devices v2.0 (SND) course. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. Topics covered include; Security threats facing modern network infrastructures, Securing Cisco routers, Implementing basic AAA, Using ACLs to mitigate router and network threats, Implementing secure management and reporting, Mitigating common Layer 2 attacks, and Implementing Cisco IOS Firewall features, Cisco IOS IPS features, and IPsec VPN features using Cisco Security Device Manager

Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.

Describe the security threats facing modern network infrastructures
Describe and mitigate the common threats to the physical installation
Describe and list mitigation methods for common network attacks
Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
Describe the main activities in each phase of a secure network lifecycle
Explain how to meet the security needs of a typical enterprise with a comprehensive security policy
Describe the Cisco Self Defending Network architecture

Secure Cisco routers
Secure Cisco routers using the SDM Security Audit feature
Use the One-Step Lockdown feature in SDM to secure a Cisco router
Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
Secure administrative access to Cisco routers by configuring multiple privilege levels
Secure administrative access to Cisco routers by configuring role based CLI
Secure the Cisco IOS image and configuration file

Implement basic AAA using Cisco routers
Explain the functions and importance of AAA
Describe the features of TACACS+ and RADIUS AAA protocols
Describe the methods of authentication that are used to provide access through a router (packet mode) and to provide access to the router (character mode)

Mitigate threats to Cisco routers and networks using ACLs
Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
Configure IP ACLs to prevent IP address spoofing using CLI
Discuss the caveats to be considered when building ACLs

Implement secure network management and reporting
Describe the factors to be considered when planning for secure management and reporting of network devices
Use CLI to configure SSH on Cisco routers to enable secured management access
Use CLI to configure Cisco routers to send Syslog messages to a Syslog server
Describe SNMPv3 and NTPv3

Mitigate common Layer 2 attacks
Describe the common Layer 2 attacks and how to mitigate them (VLAN hopping, STP attacks, ARP spoofing, MAC spoofing, CAM overflow)
Describe the function and benefit of the security features in Cisco Catalyst switches (IBNS, PVLAN, SPAN port)
Describe common threats to WLANs
Describe the security features of the 802.11 protocol

Implement the Cisco IOS firewall feature set using SDM
Describe the operational strengths and weaknesses of the different firewall technologies
Explain stateful firewall operations and the function of the state table
Explain the types of NAT that can be implemented in a firewall
Configure and verify basic and advanced firewall on a Cisco router using SDM

Implement the Cisco IOS IPS feature set using SDM
Define network based vs. host based intrusion detection and prevention
Explain IPS technologies, attack responses, and monitoring options
Enable and verify Cisco IOS IPS operations using SDM

Implement IPsec VPN on Cisco routers using SDM
Explain IKE protocol functionality and phases
Describe the building blocks of IPsec and the security functions it provides
Explain hash-based message authentication code (HMAC) operations
Explain the different methods of encryption
Explain the purpose of the Diffie-Hellman key agreement protocol
Describe how IPsec establishes origin authentication
Describe the PKI environment at a high level
Describe the different types of IPsec VPN implementations
Configure and verify an IPsec site-to-site VPN with pre-shared key authentication using SDM
Explain Cisco Easy VPN Server and Cisco Easy VPN Remote
Configure and verify remote access VPNs using the Cisco Easy VPN Server feature of Cisco SDM

“Securing Cisco Network Devices Exam”, also known as 642-552 exam, is a Cisco certification.
Preparing for the 642-552 exam? Searching 642-552 Test Questions, 642-552 Practice Exam, 642-552 Dumps?

Free 642-552 Demo Download
TestInside offers free demo for 642-552 exam ( Securing Cisco Network Devices Exam). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

QUESTION 21:
Which two Cisco AutoSecure features are not supported in the One-Step Lockdown
feature found in Cisco SDM Version 2.2a? (Choose two.)
A. disable IP gratuitous ARPs
B. disabling NTP
C. set minimum password length to less than 6 characters
D. configure antispoofing ACLs on outside interfaces
E. disable CDP
F. enable SSH for access to the router
Answer: B,D
Explanation:
Cisco AutoSecure provides vital security requirements to Enterprise and Service Provider
networks by incorporating a straightforward “one touch” device lockdown process. Cisco
AutoSecure enables rapid implementation of security policies and procedures to simplify
the security process, without having to understand all the Cisco Software IOS features
and execute each of the many Command Line Interface (CLI) commands manually. This
feature uses a single command that instantly configures the security posture of routers
and disables non-essential system processesand services thereby eliminating potential
security threats.
QUESTION 22:
Referring to the Cisco SDM Security Audit Wizard screen shown, what will happen
if you check the Fix it box for Firewall is not enabled in all the outside interfaces
then click the Next button?

A. All outside access through the outside interfaces will immediately be blocked by an
ACL.
B. SDM will prompt you to configure an ACL to block access through the outside
interfaces.
C. SDM will take you to the Advanced Firewall Wizard.
D. SDM will perform a one-step lockdown to lock down the outside interfaces.
E. SDM will take you to the Edit Firewall Policy/ACL screen where you can configure
an ACL to block access through the outside interfaces.
Answer: C
QUESTION 23:
On Cisco routers, which two methods can be used to secure privileged mode access?
(Choose two.)
A. use the enable secret command to secure the enable password using MD5 encrypted
hash
B. use the service password-encryption command to secure the enable password using
the SHA1
C. use the privilege exec command to enable Role-Based CLI access
D. use an external Cisco ACS server to authenticate privilege mode access
E. use an external AAA server to encrypt and decrypt the enable password

Answer: A,D

Testinside cisco CCSP 642-552 Questions and Answers : 60 Q&A
Updated: October 2nd , 2008
Price: $129.99 $89.99

Free download：pass4sure CCSP 642-552
Free download：testking CCSP 642-552
password : www.ciscoexams.org