Cisco 642-591 Online Exam, Pass the Cisco 642-591 Free Dumps For Download

Passed Cisco 642-591 yesterday on first attempt only using the Exampass premium vce and one corrected answers.Thanks a lot for your valuable update reagding premium dump.It will definitely help me for preparing for the exam before to write.

QUESTION 41
Which type of certificate is recommended in a high-availability Cisco NAM configuration for the service IP Address?
A. SSL private Certificate
B. SSL public Certificate
C. Temporary Certificate
D. CA-signed Certificate

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Which three components compromise a Cisco NAC Appliance Solution? (Choose three.)
A. A Linux Server for in-band or out-of-band network admission control
B. A Linux Server for Centralized Management of network admission servers
C. A NAC-enabled Cisco Router
D. A Read-only Client Operating on an endpoints devices
E. A NAC-enabled Cisco Switch

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 43
SIMULATION
Network topology exhibit:
Cisco Clean Access Manager Exhibit:

You work as a network engineer at Certkiller .com. Please study the topology exhibit carefully. Also examine the Cisco Clean Access Manager Exhibit. Certkiller .com has implemented a Cisco NAC Appliance solution. The internal server Certkiller C has been set up to provide HTTP and HTTPS services only. These services are only available for Certkiller .com internal users. Your boss, Mrs. Certkiller, has asked you to provide the following configuration tasks:
*
define a NAC Appliance IP-based traffic policy for the “Temporary Role”

*
configure the policy so that it is able to access this remediation server over HTTP and HTTPS for clients on the 10.158.10.0, 255.255.255.0 subhet.

*
after the configuration has been completed you must be able to launch the link to access the remediation server from the Certkiller B client computer.

A.

B.

C.

D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
1.) Select “User Roles”
2.) At “Temporary Role” klick “Add Policy”
3.) Enter the Following Values:
Priority: 1
Action: Allow
State: Enabled
Category: IP
Protocol: TCP / 6 ( see
http://www.iana.org/assignments/protocol-numbers/ ) Untrusted: 10.158.10.0 / 255.255.255.0 / *
Trusted: 172.162.7.100 / 255.255.255.255 / 80,443 Klick “Add Policy”

QUESTION 44
A search of available switches has been performed and a list of switches is presented. Which two SNMP attributes need to match what is configured in the Cisco switch profile for a listed switch to be added to the Cisco NAM? (Choose two.)
A. SNMP Trap
B. SNMP write community String
C. SNMP Write Version
D. SNMP read version
E. SNMP read community String

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 45
After you implement a network scan and view the report, you notice that a plug-in did not access any of it’s dependent plug-ins. What did you forget to do?
A. Install dependent plug-ins when you updated the Cisco NAC Appliance plug-in library
B. Configure dependent plug-on support when you mapped the Nessus scan check to the Nessus plug-in rule
C. Load the dependent plug-ins for that plug-in in the Plug-in updates form
D. Enable the Dependent Plug-in check box on the General Tab form

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 46
In a Cisco NAM high-availability configuration, when does the secondary Cisco NAM take over?
A. When the IP-based heartbeat signal fails to be transmitted and received within a certain time period
B. When the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failover peers
C. When the UDP heartbeat signal is not transmitted and received within a certain time period
D. When the timeout value is exceeded during data-mirroring activities

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 47
When the Cisco NAS is configured for Windows Active Directory SSO to which component in a Cisco NAC Appliance solution does the client make a request for a Kerberos Service ticket?
A. Microsoft Windows Active Directory Server
B. Cisco NAM
C. Cisco NAS
D. Cisco NAA

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
You are implementing switch management in a Cisco NAM for out-of-band deployment. Once communication between the switch and the Cisco NAM has been verified, what is configured next?
A. Configure the Switches to use the appropriate SNMP settings
B. Configure group, switch and port profiles on the Cisco NAM
C. Add the switches that you want to control to the Cisco NAM domain
D. Configure the Cisco NAM SNMP receiver settings

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Based on the Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule? AdAwareLogRecent&(NorAVProcesslsActiveymAVProcesslsActive)
A. (The Norton Antivirus is active and there is a recent Ad Aware log entry) or ( The Symantec antivirus process is active)
B. There is a recent Ad ware log entry, the Norton Antivirus is active and the Symantec antivirus process is active
C. There is a recent Ad Aware log entry or the Norton Antivirus is active or the Symantec Antivirus Process is active
D. (Either the Norton Antivirus or the Symantec Antivirus process is active) and (there is a recent Ad Aware log entry)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
A small public library wants to implement network admission control for their public wireless network and their internal wired network. Their network contains switches from a variety of vendors. Which Cisco NAC Appliance solution would best suit this client?
A. An out-of-band Cisco NAS deployment with a Cisco NAM Cluster
B. A Hybrid solution using in-band Cisco NAS for the wireless and out-of-band Cisco NAS for the wired Deployment
C. An in-band Cisco NAS deployment and a Cisco NAM
D. A Combination of an out-of-band and an in-band Cisco NAS deployment with a Cisco NAM Cluster

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which Cisco NAC appliance out-of-band solution statement is correct?
A. Access switch to Cisco NAM configuration and status change messages are communicated via a proprietary protocol
B. The Swichport Access and authentication VLAN information is sent to the access switch from the Cisco NAM
C. As a laptop device accesses the Cisco NAC Appliance network, the access switch sends the device MAC address to the Cisco NAS
D. All client traffic flows through the CAS while access switch VLAN management is performed out of band

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
In an edge deployment of an in-band virtual-gateway Cisco NAC Appliance solution, how does the Cisco NAS ensure that authenticated client traffic arrives at the correct default gateway?
A. Managed subnets ensure that devices on different untrusted VLANs arrive at the correct default gateways on the trusted side
B. After authentication, the Cisco NAA using its cached IP Addresses, supplies the IP Address of the Correct gateway to the Cisco NAS
C. VLAN trunks are used to aggregate the traffic form the managed subnets to the Cisco NAS before forwarded to their respective gateways on the Layer 3 switch or router
D. Cisco NAS interface are connected to trunked ports to provide VLAN passthrough to the correct gateway

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Why are managed subnets configure in out-of-band virtual gateway mode?
A. Configures the Cisco NAS to map the managed subnet to the proper access VLAN
B. Configure the Cisco NAS with an IP Address in the untrusted VLAN that Cisco NAS can use to send ARP request in that particular VLAN
C. Configure the Cisco NAM management subnet so that all the Cisco NAM initiated traffic will be sent out on the proper management subnet
D. Configure the Cisco NAS management subnet so that all the Cisco NAS initiated traffic will sent out of the proper management subnet

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 54
A CA-signed certificate is returned from the CA authority and the private key on which the CA certificate is based no longer matches the one in the Cisco NAS. What should the administrator do?
A. Regenerate the certificates based on the FQDN rather than using the service ip address of the NAM
B. Import the single root CA or intermediate CA to .chain.crt in the admin console
C. Edit the Certificate files directly in the file system
D. Reimport the old private key and then install the CA-signed certificate

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
In a Cisco NAC Appliance Windows Active Directory SSO Deployment, what are the cached credentials and Kerberos TGT from the client-machine Windows login used for?
A. They are used to validate the user authentication and access with the Cisco NAM
B. They are used to validate the user with the Cisco NAS
C. They are used to validate user access with the Cisco NAA
D. They are used to validate the user authentication with eh backend Windows Active Directory Server

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
A college network administrator wants to restrict access to specific; targeted subnets by role such as student, administration, faculty and guest roles. How would this be accomplished using the Cisco NAM?
A. Define a bandwidth policy for each role that specifies the target subnets
B. Define extended Access-Control-list templates and apply each template to a specific user role
C. Define a host-based traffic control policy for each role that specifies the target subnets
D. Define an IP-Based traffic Control Policy for each role that specifies the target subnets

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When trying to restrict a guest role to a specific library server using a specific protocol, such as HTTP, the administrator would create which type of policy?
A. Application-based Access Policy
B. IP-Based Traffic Control Policy
C. Role-Based Access Policy
D. Host-Based Control Policy
E. Host-Based Traffic Policy

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 58
In a Layer 3 out-of-band deployment, which Cisco NAC Appliance component provides the Client-Machie IP Address to MAC address mapping?
A. Cisco NAS
B. Cisco Trust Agent
C. Cisco NAM
D. Cisco Security Agent
E. Cisco NAA

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 59
The NAS is configured to autogenerate an IP Address pool of 30 subnets with a netmask of /30, beginning at address 192.168.10.0. Which IP Address is leased to the end-user host on the second subnet?
A. 192.168.10.6
B. 192.168.10.5
C. 192.168.10.4
D. 192.168.10.7

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Exhibit:

Your work as an network engineer at Certkiller .com. Please study the exhibit carefully. From a Drop-Down menu, profiles are applied to each managed port. Before a profile can be applied, where are the client access and authentication VLAN profile parameters to configured?
A. Controlled VLAN profile
B. Access Control profile
C. Switch Profile
D. VLAN Mapping Profile
E. Port Profile

Correct Answer: E Section: (none) Explanation
Explanation/Reference:

Get certified Cisco 642-591 is a guaranteed way to succeed with IT careers.We help you do exactly that with our high quality Cisco 642-591 Certification Certified Information Systems Security Professional training materials.