Exam Name: Cisco Express Foundation for Field Engineers
Updated: Jun 11, 2017
Q&As: 81
Exam Informtaion: https://www.pass4itsure.com/642-385.html
Cisco Exam Pass4itsure 642-835 Dumps Exam Blog Series:
QUESTION 57
You have two Nokia Appliances: one IP530 and one IP380. Both Appliances have IPSO 3.9 and VPN-1 Pro NGX installed in a distributed deployment. Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be installed as stand-alone deployments
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not
E. No, because the appliances must be of the same model (Both should be IP530 or IP380.)
Correct Answer: B
QUESTION 58
What is the consequence of clearing the "Log VoIP Connection" box in Global Properties?
A. Dropped VoIP traffic is logged, but accepted VoIP traffic is not logged.
B. VoIP protocol-specific log fields are not included in SmartView Tracker entries.
C. The log field setting in rules for VoIP protocols are ignored.
D. IP addresses are used, instead of object names, in log entries that reference VoIP Domain objects.
E. The SmartCenter Server stops importing logs from VoIP servers.
642-385 dumps Correct Answer: B
QUESTION 59
Which Security Server can perform content-security tasks, but CANNOT perform authentication tasks?
A. FTP
B. SMTP
C. Telnet
D. HTTP
E. rlogin
Correct Answer: B
QUESTION 60
You plan to incorporate OPSEC servers, such as Websense and Trend Micro, to do content filtering. Which segment is the BEST location for these OPSEC servers, when you consider Security Server performance and data security?
A. On the Security Gateway
B. Internal network, where users are located
C. On the Internet
D. DMZ network, where application servers are located
E. Dedicated segment of the network
642-385 exam Correct Answer: E
QUESTION 61
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic:Which of the following statements is TRUE?
A. If Jacob changes the setting, "Perform key exchange encryption with" from "3DES" to "DES", he will enhance the VPN Community's security and reduce encryption overhead.
B. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES.
C. If Jacob changes the setting "Perform IPSec data encryption with" from "AES-128" to "3DES", he will increase the encryption overhead.
D. Jacob's VPN Community will perform IKE Phase 1 key-exchange encryption, using the longest key VPN-1 NGX supports.
Correct Answer: C
QUESTION 62
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its
VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in
Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways
are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to
switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After
creating the Madrid gateway object with the proper VPN Domain, what are Barak's remaining steps?
1.Disable "Pre-Shared Secret" on the London and Oslo gateway objects.
2.Add the Madrid gateway object into the Oslo and London's mesh VPN Community.
3.Manually generate ICA Certificates for all three Security Gateways.
4.Configure "Traditional mode VPN configuration" in the Madrid gateway object's VPN screen.
5.Reinstall the Security Policy on all three Security Gateways.
A. 1, 2, 5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1, 2,3,4
642-385 pdf Correct Answer: A
QUESTION 63
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for "selective sync".
The following is the fw tab -t connections -s output from both members:Is State Synchronization working properly between the two members?
A. Members A and B are synchronized, because ID for both members is identical in the connections table.
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized.
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table.
D. Members A and B are synchronized, because #SLINKS are identical in the connections table.
E. Members A and B are not synchronized, because #VALS in the connections table are not close.
Correct Answer: E
QUESTION 64
You must set up SIP with a proxy for your network. IP phones are in the 172.16.100.0 network. The Registrar and proxy are installed on host 172.16.100.100. To allow handover enforcement for outbound calls from SIP-net to network Net_B on the Internet, you have defined the following objects:
Network object: SIP-net: 172.16.100.0/24 SIP-gateway: 172.16.100.100 VoIP Domain object: VoIP_domain_A 1.End-point domain: SIP-net 2.VoIP gateway installed at: SIP-gateway host object
How would you configure the rule?
A. SIP-Gateway/Net_B/sip_any/accept
B. VoIP_domain_A/Net_B/sip/accept
C. SIP-Gateway/Net_B/sip/accept
D. VoIP_domain_A/Net_B/sip_any, and sip/accept
E. VoIP_Gateway_A/Net_B/sip_any/accept
642-385 vce Correct Answer: B
QUESTION 65
Jennifer wants to protect internal users from malicious Java code, but she does not want to strip Java scripts. Which is the BEST configuration option?
A. Use the URI resource to block Java code
B. Use CVP in the URI resource to block Java code
C. Use the URI resource to strip ActiveX tags
D. Use the URI resource to strip applet tags
E. Use the URI resource to strip script tags
Correct Answer: A
QUESTION 66
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology:Your
network is expanding, and you need to add new interfaces:
10.10.10.1/24 on Member A, and 10.10.10.2/24 on Member B. The virtual IP address for interface
10.10.10.0/24 is 10.10.10.3. What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.Run cpstop and cpstart on both members at the same time.
3. Update the topology in the cluster object for the cluster and bothmembers.
4.Install the Security Policy.
B. 1. Disable "Cluster membership" from one Gateway via cpconfig.
2. Configure the new interface via sysconfig from the "non-member" Gateway.
3.Re-enable "Cluster membership" on the Gateway.
4.Perform the same step on the other Gateway.
5.Update the topology in the cluster object for the cluster and members.
6. Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.Run cpstart on the member. Repeat the same steps on another member.
3.Update the new topology in the cluster object for the cluster and members.
4. Install the Security Policy.
D. 1. Use sysconfig to configure the new interfaces on both members.
2.Update the topology in the cluster object for the cluster and both members.
3.Install the Security Policy.
642-385 dumps Correct Answer: C
QUESTION 67
You are configuring the VoIP Domain object for an H.323 environment, protected by VPN-1 NGX. Which VoIP Domain object type can you use?
A. Transmission Router
B. Gatekeeper
C. Call Manager
D. Proxy
E. Call Agent
Correct Answer: B
QUESTION 68
You are preparing computers for a new ClusterXL deployment. For your cluster, you plan to use three machines with the following configurations:Are these machines correctly configured for a ClusterXL deployment?
A. Yes, these machines are configured correctly for a ClusterXL deployment.
B. No, QuadCards are not supported with ClusterXL.
C. No, all machines in a cluster must be running on the same OS.
D. No, a cluster must have an even number of machines.
E. No, ClusterXL is not supported on Red Hat Linux.
Correct Answer: C
QUESTION 69
You receive an alert indicating a suspicious FTP connection is trying to connect to one of your internal hosts. How do you block the connection in real time and verify the connection is successfully blocked?
A. Highlight the suspicious connection in SmartView Tracker > Active mode. Block the connection using the Tools > Block Intruder menu. Use the Active mode to confirm that the suspicious connection does not reappear.
B. Highlight the suspicious connection in SmartView Tracker > Log mode. Block the connection using Tools > Block Intruder menu. Use Log mode to confirm that the suspicious connection does not reappear.
C. Highlight the suspicious connection in SmartView Tracker > Active mode. Block the connection using Tools > Block Intruder menu. Use Active mode to confirm that the suspicious connection is dropped.
D. Highlight the suspicious connection in SmartView Tracker > Log mode. Block the connection using Tools > Block Intruder menu. Use the Log mode to confirm that the suspicious connection is dropped.
642-385 exam Correct Answer: A
QUESTION 70
You want to block corporate-internal-net and localnet from accessing Web sites containing inappropriate content. You are using WebTrends for URL filtering. You have disabled VPN-1 Control connections in the Global properties. Review the diagram and the Security Policies for GW_A and GW_B in the exhibit provided.
Corporate users and localnet users receive message "Web cannot be displayed". In SmartView Tracker, you see the connections are dropped with message "content security is not reachable". What is the problem, and how do you fix it?
A. The connection from GW_B to the internal WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A's Policy to allow source WebTrends Server, destination GW_B, service TCP port 18182, and action accept.
B. The connection from GW_B to the WebTrend server is not allowed in the Policy. Fix: Add a rule in GW_B's Policy with Source GW_B, destination WebTrends server, service TCP port 18182, and action accept.
C. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B's Policy with source WebTrends server, destination GW_A, service TCP port 18182, and action accept.
D. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_B's Policy with source GW_A, destination: WebTrends server, service TCP port 18182, and action accept.
E. The connection from GW_A to the WebTrends server is not allowed in the Policy. Fix: Add a rule in GW_A's Policy to allow source GW_A, destination WebTrends server, service TCP port 18182, and action accept.
Correct Answer: E
The Best https://www.pass4itsure.com/642-385.html 642-385 Dumps Exam, Real Cisco 642-385 Dumps Study Guide Online Store, Pass Cisco Express Foundation for Field Engineers.
To check out more about Pass4itsure 642-835 Dumps click here: http://www.pmtrainingprep.com/high-pass-rate-cisco-100-105-dumps/
No comments:
Post a Comment