Cisco 642-591 Questions, Most Important Cisco 642-591 Exam Is What You Need To Take

I passed the Cisco 642-591 exam this week with nearly 920 pts.I prepared myself with 140 Q&As, all questions from this dump.Cisco 642-591 questions, 2hrs time limit.New questions in Exampass like “AD FS components in the environment”,“Windows PowerShell cmdlet ” “Office 365”.Just know all new Cisco 642-591 questions you will be fine.

QUESTION 30
Which Cisco NAC Appliance Component performs network scanning?
A. Cisco NAC Appliance Server
B. Cisco NAC Trust Agent
C. Cisco NAC Appliance Manager
D. Cisco NAC Appliance Agent

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 31
When the Cisco NAS is configured for Windows Active Directory SSO to which component in a Cisco NAC Appliance solution does the client make a request for a Kerberos Service ticket?
A. Cisco NAS
B. Cisco NAM
C. Microsoft Windows Active Directory Server
D. Cisco NAA

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 32
What are the two types of traffic policies that apply to user roles? (Choose two.)
A. Host-Based
B. Server-Based
C. IP-Based
D. Manager-Based
E. VLAN-Based
F. Peer-Based

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which Cisco NAS Appliance out-of-band solution statement is correct?
A. The switchport access and authentication VLAN information is sent to the Access switch from the Cisco NAM
B. As a laptop device accesses the Cisco NAC Appliance network, the access switch sends the device MAC address to the Cisco NAS
C. Access switch to Cisco NAM configuration and status change messages are communicated via a proprietary protocol
D. All Client traffic flows through the CAS while access switch VLAN management is performed out of band

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 34
What method is used to pass traffic from the client to the Cisco NAS in an in-band Virtual-Gateway L2 deployment?
A. Use VLAN traffic to aggregate the traffic from the client subnets and configure VLAN mapping between the auth and Access VLANS
B. Use Policy-Based Routing
C. Use static routes
D. User the Cisco NAM downloadable ACLs to allow or block traffic at the access switch
E. Use different DHCP addressing and port bouncing to allow or block client traffic

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Which two functions can a Cisco NAC Appliance Agent be configured to perform? (Choose two.)
A. Perform registry, service and application checks
B. Detect the presence of worms and viruses before permitting network access to an end user
C. Initiate periodic virus scans
D. Check for up-to-date antivirus and antispam files
E. Quarantine an end user until the client machine complies with company policy

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which default Administrator group has delete permissions?
A. Admin
B. Full-Control
C. Help-Desk
D. Add-Edit

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 37
What does the secondary Cisco NAM do after it reboots from its initial configuration?
A. Takes over as the active Cisco NAM if the secondary Cisco NAM has a higher priority
B. Automatically sends a message to all Cisco NAS Servers, identifying itself as the secondary Cisco NAM
C. Automatically Synchronizes its database with the primary Cisco NAM
D. Switches to active mode, enabling load sharing with the primary Cisco NAM

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Exhibit:

Your work as a network engineer at Certkiller .com. Please study the exhibit carefully. When logging in to a Cisco NAC Appliance solution, an end user is prompted for a username, password and provider. What should be entered in the provider drop-down filed shown in the exhibit?
A. The authentication NAS
B. The Authorization NAM
C. The external Authenticating server
D. The name of the ISP

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 39
When Configuring the Cisco NAM to implement Cisco NAA requirement checking on client machines, what is the next step after configuring checks and rules?
A. Map rules to requirement
B. Configure Requirements
C. Configure Session Timeout and traffic policies
D. Require the use of the Cisco NAA
E. Retrieve updates

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 40
What is an advantage of a Layer 2 out-of-band virtual gateway deployment using port-based VLAN assignment?
A. Manages bandwidth and session time for users during authentication
B. Supports IP Telephony for end users who are multi-hops away
C. Improves security as the Client IP address must change when the port is changed form the authentication VLAN to the access VLAN
D. Simplifies implementation as client IP addresses are not changed
E. Supports wireless LAN networks providing bandwidth throttling

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which type of certificate is recommended in a high-availability Cisco NAM configuration for the service IP Address?
A. SSL private Certificate
B. SSL public Certificate
C. Temporary Certificate
D. CA-signed Certificate

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Which three components compromise a Cisco NAC Appliance Solution? (Choose three.)
A. A Linux Server for in-band or out-of-band network admission control
B. A Linux Server for Centralized Management of network admission servers
C. A NAC-enabled Cisco Router
D. A Read-only Client Operating on an endpoints devices
E. A NAC-enabled Cisco Switch

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 43
SIMULATION
Network topology exhibit:
Cisco Clean Access Manager Exhibit:

You work as a network engineer at Certkiller .com. Please study the topology exhibit carefully. Also examine the Cisco Clean Access Manager Exhibit. Certkiller .com has implemented a Cisco NAC Appliance solution. The internal server Certkiller C has been set up to provide HTTP and HTTPS services only. These services are only available for Certkiller .com internal users. Your boss, Mrs. Certkiller, has asked you to provide the following configuration tasks:
*
define a NAC Appliance IP-based traffic policy for the “Temporary Role”

*
configure the policy so that it is able to access this remediation server over HTTP and HTTPS for clients on the 10.158.10.0, 255.255.255.0 subhet.

*
after the configuration has been completed you must be able to launch the link to access the remediation server from the Certkiller B client computer.

A.

B.

C.

D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Explanation:
1.) Select “User Roles”
2.) At “Temporary Role” klick “Add Policy”
3.) Enter the Following Values:
Priority: 1
Action: Allow
State: Enabled
Category: IP
Protocol: TCP / 6 ( see
http://www.iana.org/assignments/protocol-numbers/ ) Untrusted: 10.158.10.0 / 255.255.255.0 / *
Trusted: 172.162.7.100 / 255.255.255.255 / 80,443 Klick “Add Policy”

QUESTION 44
A search of available switches has been performed and a list of switches is presented. Which two SNMP attributes need to match what is configured in the Cisco switch profile for a listed switch to be added to the Cisco NAM? (Choose two.)
A. SNMP Trap
B. SNMP write community String
C. SNMP Write Version
D. SNMP read version
E. SNMP read community String

Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 45
After you implement a network scan and view the report, you notice that a plug-in did not access any of it’s dependent plug-ins. What did you forget to do?
A. Install dependent plug-ins when you updated the Cisco NAC Appliance plug-in library
B. Configure dependent plug-on support when you mapped the Nessus scan check to the Nessus plug-in rule
C. Load the dependent plug-ins for that plug-in in the Plug-in updates form
D. Enable the Dependent Plug-in check box on the General Tab form

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 46
In a Cisco NAM high-availability configuration, when does the secondary Cisco NAM take over?
A. When the IP-based heartbeat signal fails to be transmitted and received within a certain time period
B. When the UDP heartbeat signal fails to be transmitted on the serial heartbeat connection between failover peers
C. When the UDP heartbeat signal is not transmitted and received within a certain time period
D. When the timeout value is exceeded during data-mirroring activities

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 47
When the Cisco NAS is configured for Windows Active Directory SSO to which component in a Cisco NAC Appliance solution does the client make a request for a Kerberos Service ticket?
A. Microsoft Windows Active Directory Server
B. Cisco NAM
C. Cisco NAS
D. Cisco NAA

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 48
You are implementing switch management in a Cisco NAM for out-of-band deployment. Once communication between the switch and the Cisco NAM has been verified, what is configured next?
A. Configure the Switches to use the appropriate SNMP settings
B. Configure group, switch and port profiles on the Cisco NAM
C. Add the switches that you want to control to the Cisco NAM domain
D. Configure the Cisco NAM SNMP receiver settings

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Based on the Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule? AdAwareLogRecent&(NorAVProcesslsActiveymAVProcesslsActive)
A. (The Norton Antivirus is active and there is a recent Ad Aware log entry) or ( The Symantec antivirus process is active)
B. There is a recent Ad ware log entry, the Norton Antivirus is active and the Symantec antivirus process is active
C. There is a recent Ad Aware log entry or the Norton Antivirus is active or the Symantec Antivirus Process is active
D. (Either the Norton Antivirus or the Symantec Antivirus process is active) and (there is a recent Ad Aware log entry)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Our material on our site Cisco 642-591 is exam-oriented,keeping in view the candidates requirements and level of understanding.Cisco 642-591 materials are in the most popular and easy-to-use PDF version. You can use it on any devices with you anywhere.