Testking Cisco CCSP 642-542 Exam

QUESTION 1:
Threats that come from hackers who are more highly motivated and technically
competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Answer: D
Explanation: Structured threats come from adversaries that are highly motivated
and technically competent.
Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2:
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.

F. You can not determine the source.
Answer: C
Explanation: The worst attack is the one that you cannot stop. When performed
properly, DDoS is just such an attack.
QUESTION 3:
What type of network requires availability to the Internet and public networks as a major
requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Answer: A
Explanation:
The networks of today are designed with availability to the Internet and public networks,
which is a major requirement. Most of today’s networks have serverla access points to
other network both public and private;therefore,securing these networks has become
fundamentally important.
Reference: CSI Student guide v2.0 p.2-4
QUESTION 4:
The security team at Chinatag Inc. is working on network security design.
What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Answer: C
Explanation:
One of the key factors to building a successful network security design is to identify and
enforce a proper trust model. The proper trust model defines who needs to talk to whom
and what kind of traffic needs to be exchanged; all traffic should be denied. one
the proper trust model has been identified, then the security designer should decide how
to enforce the model. As more critical resources are globally available and new forms of
network attacks evolve, the network security infrastructure tends to become more
sophisticated, and more products are available. Firewalls, routers, LAN switches,
intrusion detection systems, AAA servers, and VPNs are some of the technologies and
products that can help enforce the model. Of course, each one of these products and
technologies plays a particular role within the overall security implementation, and it is
essential for the designer to understand how these elements can be deployed.
Network File Sharing seems to be the best answer out of all the answers listed.
Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 5:
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Answer: C
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic
Reference: Safe white papers; page 26
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6:
The security team at Chinatag Inc. is working on understanding attacks that happen in the
network. What type of attack is characterized by exploitation of well-known weaknesses,
use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Answer: D
Explanation: The primary problem with application layer attacks is that they often
use ports that are allowed through a firewall.
Reference: Safe White papers 68
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7:
You are the security administrator at Chinatag and you need to know the attacks types to
the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Answer: A C
Explanation:
IP Spoofing
An IP spoofing attack occurs when a hacker inside or outside a network impersonates the
conversations of a trusted computer. A hacker can do this in one of two ways. The hacker
uses either an IP address that is within the range of trusted IP addresses for a network or
an authorized external IP address that is trusted and to which access is provided to
specified resources on a network. IP spoofing attacks are often a launch point for other
attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed
source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited
to the injection of malicious data or commands into an existing stream of data that is
passed between a client and server application or a peer-to-peer network connection. To
enable bidirectional communication, the hacker must change all routing tables to point to
the spoofed IP address. Another approach hackers sometimes take is to simply not worry
about receiving any response from the applications. If a hacker tries to obtain a sensitive
file from a system, application responses are unimportant.
However, if a hacker manages to change the routing tables to point to the spoofed IP
address, the hacker can receive all the network packets that are addressed to the spoofed
address and reply just as any trusted user can.
Reference:
Safe white papers; page 65
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8:
John the security administrator at Chinatag Inc. is working on securing the network with
strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain
cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the
product being used.
D. The definition of a strong password is at least eight characters long;contains
uppercase letters, lowercase letters, numbers, and special characters.