Testinside CCSP 642-503
Filed Under (cisco) by Testinside Sadikhov on 22-10-2008
Visited 60 times, 1 so far today
Securing Networks with Cisco Routers and Switches : 642-503 Exam
Exam Number/Code: 642-503
Exam Name:Securing Networks with Cisco Routers and Switches
“Securing Networks with Cisco Routers and Switches”, also known as 642-503 exam, is a Cisco certification.
Preparing for the 642-503 exam? Searching 642-503 Test Questions, 642-503 Practice Exam, 642-503 Dumps?
Free 642-503 Demo Download
TestInside offers free demo for 642-503 exam ( Securing Networks with Cisco Routers and Switches). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
642-503 SNRS
Securing Networks with Cisco Routers and Switches Exam
Exam Number: 642-503
Associated Certifications: CCSP
Duration: 75 minutes (53 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The Securing Networks With Cisco Routers and Switches exam (SNRS 642-503) is one of the exams associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the SNRS v2.0 course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.
Exam Topics
The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes the guidelines below may change at any time without notice.
Implement Cisco Layer 2 security
Utilize Cisco IOS commands to mitigate Layer 2 attacks
Implement Cisco Identity-Based Networking Services on Cisco Catalyst Switches
Implement Identity Management using ACS as the Authentication Server
Configure Cisco IOS Firewalls to mitigate network threats using the CLI
Identify and describe the advanced capabilities of the IOS firewall feature set
Configure IOS Firewall to dynamically mitigate identified threats to the network
Verify and troubleshoot IOS Firewall configuration and operation.
Configure authentication proxy to apply security policies on a per-user basis
Verify and troubleshoot authentication proxy configuration and operation
Configure IOS zone-based Firewalls
Troubleshoot Zone-based Firewalls
Configure APPFW application Firewalls
Configure Granular Protocol Inspection
Configure Cisco IOS IPS to identify and mitigate threats to network resources using the CLI
Identify and describe the advanced capabilities of the IOS-IPS feature
Configure the IPS features to identify threats and dynamically block them from entering the network
Verify and troubleshoot IPS operation
Configure Cisco VPNs to provide secure connectivity for site-to-site and remote access communications using the CLI
Describe IPSec features and functionality
Configure secure connectivity for site-to-site IPSec VPN using pre-shared keys
Describe GRE features and functionality
Configure secure connectivity for site-to-site VPN using certificate authorities
Describe DMVPN features and functionality
Configure secure connectivity for site-to-site VPN using DMVPN
Verify and troubleshoot secure site-to-site connectivity operations
Implement Clientless IOS SSL VPN
Verify Clientless IOS SSL VPNs
Configure Easy VPN server with pre-shared keys
Configure Authentication, Authorization, and Accounting to provide basic secure access control for networks
Configure administrative access to the CSACS server
Configure CSACS system settings
Configure AAA clients on the CSACS
Configure users, groups and access rights
Configure shared profile components in CSACS
Configure network access profiles in CSACS
Configure NADS to enable AAA to use a Radius Server
Verify and troubleshoot AAA operation
Implement Network Foundation Protection using the CLI
Describe NFP features and functionality
Secure the management plane using Cisco IOS security features
Secure the data plane using Cisco IOS security features
Secure the control plane using Cisco IOS security features
QUESTION 27:
When you implement IBNS (802.1x authentication), what is defined using the
Tunnel-Private-Group-ID (81) RADIUS attribute?
A. the shared secret key
B. the NAP
C. the NAF
D. the VLAN name
E. the ACL name
F. the EAP type
Answer: D
QUESTION 28:
If you enable all the authentication protocols under the Global Authentication Setup in
Cisco ACS, how can you select a specific EAP type to use for 802.1x authentication?
A. When you configure the NAF, you can specify the particular EAP type to use.
B. When you configure the NAP authentication policy, you can specify the particular
EAP type to use.
C. When you configure the RAC, you can specify the particular EAP type to use.
D. When you configure the NAP authorization policy, you can specify the particular EAP
type to use.
E. When you configure the user group, you can specify the particular EAP type to use.
F. When you configure the user, you can specify the particular EAP type to use.
Answer: B
Explanation:
EAP Configuration for NAPs
EAP is a flexible request-response protocol for arbitrary authentication information (RFC
2284). EAP is layered on top of another protocol such as UDP, 802.1x, or RADIUS and
supports multiple authentication types:
PEAP (Protected EAP)
EAP-FAST
EAP-TLS (based on X.509 certificates)
EAP-MD5: Plain Password Hash (CHAP over EAP)
EAP-GTC: OTP Tokens
Note You can enable RADIUS Key Wrap attributes for PEAP, EAP-FAST and EAP-TLS
authentication.
The following extended EAP methods are available for NAC:
EAP-TLV: Carry posture credentials, adding posture AVPs, posture notifications.
Status Query: You can use this new EAP method for securely querying the status of a
peer without a full credential validation.
EAPoUDP: use of EAP over UDP for Layer 3 transport.
Reference: ACS Online Help
QUESTION 29:
DRAG DROP
You work as a network technician at Certkiller .com. Your boss, miss Certkiller, is
interested in debug commands which can be used to troubleshoot the WebVPN functions.
Match the proper comman with appropriate functions.
Note: not all commands are used.
Answer:
Testinside CCSP 642-503 Questions and Answers : 104 Q&As
Updated: October 2nd , 2008
Price: $125.99 $99.99
Free download?pass4sure CCSP 642-503
Free download?testking CCSP 642-503
| Testinside Test Tools |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Testinside's Exam Pack |
698 |
1 days ago | Available |
[...] Cisco Secure PIX Firewall Advanced Testinside Cisco 642-552 Securing Cisco Networking Devices (SND) Testinside Cisco 642-503 Securing Networks with Cisco Routers and Switches Testinside Cisco 642-523 Securing Networks with [...]