642-583 SSSE Real Exam Questions

The 642-583 SSSE exam tests a candidate’s knowledge of Cisco security products and product positioning and where each technology fits in the design of an integrated, collaborative, secure network. Topics covered include Cisco Security Appliance (ASA), ASA, IDS/IPS, VPN, Security Management, CS-MARS, NAC Appliance, Cisco Ironport and Scansafe web security.

Q1. Which Cisco ASA’s Unified Communications proxy feature manipulates both the signaling and the media channels?
A. TLS Proxy
B. H.323 Proxy
C. SIP Proxy
D. Phone Proxy
E. CUMA Proxy
Answer: D

Q2. Deploying logical security controls such as firewall and IPS appliances is an example of which kind of risk-management option?
A. risk avoidance
B. risk transfer
C. risk retention
D. risk reduction
E. risk removal
Answer: A

Q3. Which platform can support the highest number of SSL sessions?
A. Cisco 3845 with AIM-VPN/SSL-3
B. Cisco 7200 NPE-GE+VSA
C. Cisco 7200 NPE-GE+VAM2+
D. Cisco ASR1000-5G
E. Cisco 6500/7600 + VPN SPA
F. Cisco ASA 5580
Answer: F

Q4. What is the benefit of the Cisco ASA phone proxy feature?
A. allows businesses to securely connect their Cisco Unified Presence clients back to their enterprise networks or to share presence information between Cisco Unified Presence servers in different enterprises
B. allows telecommuters to connect their IP phones to the corporate IP telephony network securely over the Internet, without the need to connect over a VPN tunnel
C. allows businesses to configure granular policies for SCCP traffic, such as enforcing only registered phone calls to send traffic through the Cisco ASA security appliance and filtering on message IDs to allow or disallow specific messages
D. enables deep inspection services for SIP traffic for both User Datagram Protocol (UDP) and TCP-based SIP environments, thus providing granular control for protection against unified communications attacks
E. enables inspection of the RTSP protocols that are used to control communications between the client and server for streaming applications
F. enables advanced H.323 inspection services that support H.323 versions 14 along with Direct Call Signaling (DCS) and Gatekeeper-Routed Call Signaling (GKRCS) to provide flexible security integration in a variety of H.323-driven VoIP environments
Answer: B

Q5. Which two protocols can be used to implement high-availability IPS design, using the Cisco IPS 4200 Series Sensor appliance? (Choose two.)
A. spanning tree
B. stateful failover
C. EtherChannel load balancing
D. WCCP
E. HSRP
F. SDEE
Answer: A,C

Q6. What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for redirecting traffic to ScanSafe?
A. Advantages: ease of deployment, especially for multiple breakout points Disadvantages: no user granularity
B. Advantages: user granularity
Disadvantages: requires additional hardware for each breakout point
C. Advantages: no browser changes required Disadvantages: not all browsers supported
Answer: A

Q7. Which statement is true?
A. Three-year commitments cost less per year than three consecutive one-year commitments.
B. Three consecutive one-year commitments cost less than one three-year commitment.
C. Three-year commitments cost the same per year as three consecutive one-year commitments
D. CiscoIronPort does not sell three-year commitments.
Answer: A

Q8. Which statement regarding the Cisco ASA encrypted voice inspection capability is correct?
A. The Cisco ASA decrypts, inspects, then re-encrypts voice-signaling traffic; all of the existing VoIP inspection functions for SCCP and SIP protocols are preserved.
B. The Cisco ASA acts as a non-transparent TLS proxy between the Cisco IP Phone and Cisco Unified Communications Manager.
C. TLS proxy applies to the encryption layer and is configured by using a Layer 3/4 inspection policy on the Cisco AS
D. D. The Cisco ASA does not support PAT and NAT for SCCP inspection.
E. The Cisco ASA serves as a proxy for both client and server, with the Cisco IP Phone and the Session Border Controller.
Answer: A

Q9. The Cisco IPS Manager Express (IME) can be used to manage how many IPS appliances, at a maximum?
A. 3
B. 5
C. 10
D. 15
E. 20
F. 25
Answer: B

Q10. Which Cisco ASA configuration is required to implement active/active failover?
A. transparent firewall
B. modular policy framework (MPF)
C. virtual contexts
D. policy-based routing
E. redundant interfaces
F. VLANs
Answer: C

Download  |  Password: certificatexam.com