Welcome to download the newest Dumpsoon MB2-703 VCE dumps: http://www.dumpsoon.com/MB2-703.html

Flydumps provides you with the most reliable practice exams to master Cisco 642-567 Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These Cisco 642-567 test questions provide you with the experience of taking the actual test.

QUESTION 50
Which three of the following statements are correct regarding the Query shown in the MARS GUI screen? Select three.
Exhibit:

A. Query will match any source IP address.
B. Query will only match a source IP address of 10.10.10.10.
C. Query will only match a destination IP address range from 10.1.1.1 to 10.1.1.25
D. Query will only match a destination IP address of 10.1.1.1 or 10.1.1.25
E. Query will only match any services since both TCP-highPort and UDP-hihgPort service groups are specifided in the Service field.
F. Query will only match any service using the TCP-highPort OR UDP-highPort service groups.

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which High Availability option is supported by Cisco Clean Access (CCA) solution?
A. CAA load balancing
B. CAM and CAS redundancy
C. CAA backup server
D. CAS backup network scanning

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which of the following is a supported mitigation feature on the MARS Appliance?
A. Generating and pushing configuration commands to Layer 3 devices
B. Generating and pushing configuration commands to Layer 2 devices
C. Automatically dropping all suspected traffic at the nearest firewall
D. Automatically dropping all suspected traffic at the nearest IPS appliance

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 53
What will happen if you try to run a MARS query that will take a long time to complete?
A. After submitting the query, the MARS GUI screen will be locked up until the query completes.
B. The query will be automatically saved as a rule.
C. The query will be automatically saved as a report.
D. You will be prompted to “Submit Batch” to run the query in batch mode.
E. You will be prompted to “Submit Inline” to run the query immediately.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Referring to the rule shown in the MARS GUI screen, which two of the following statements are correct? Select two.
Exhibit:

A. This rule will fire if the offset 1 condition occurs “OR” if the offset 2 condition occurs.
B. This rule will fire if the offset 3 condition occurs.
C. The expressions between cells are “AND” while expressions between items in the same cell are “OR”.
D. This is a user-defined rule.
E. This rule can be deleted after changing its status to “inactive”

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Expression between cells:
ASFE Course Notes pg 3-239
Rule logic is simple. You have a row. Every row has cells. The logical expressions
connecting different cells are “AND”, while the expressions connecting items inside a cell are either “OR”
or “AND NOT”, depending which clause is chosen – the EQUAL TO or NOT EQUAL to.
User Defined Rule:
ASFE Course Notes pg 3-246
System rules can be copied and then become user rules that are fully editable.
When a system rule is copied the MARS system adds the date and time the rule was copied to the end of
the rule name.

QUESTION 55
DRAG DROP You work as a network technician at Certkiller .com. You must match the appropriate deployment charecteristcs with the deployment solution.
Select and Place:

Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Refer to the partial output sample from a Cisco Trust Agent (CTA) ctad.ini configuration file. Which of the following is true based on the values shown?
[ServerCertDNVerification]TotalRules=2Rule1=CN*”server”, ISSUER-CN*”Finance”Rule2=CN=”Finance posture Cert”, OU*”Finance”, ISSUER-CN*” Certkiller ”
A. Both Rule1 and Rule2 must be matched to allow the connection.
B. If either rule accepts the certificate, then the connection is permitted.
C. The issuer common name field in the Rule1 certificate must match “FINANCE” exactly.
D. The organizational unit in the certificate must match “Finance” exactly.
E. Certificates must be issued from both “Finance” and ” Certkiller ” to pass security posture validation.
F. Connections will not be permitted without the addition of a Distinguished Name (DN) field variable.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which of the following statements is correct regarding Cisco Clean Access (CCA) network scanning?
A. A default set of the available network scan plug-ins is loaded in the CAM at the factory.
B. The Cisco recommended list of plug-ins is selected by default.
C. Network scanning is performed on Windows-based operating systems only.
D. Network scanning is configurable by User Role.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which command can you use to verify operation between a Network Admission Control (NAC) agent and a Network Access Device (NAD)?
A. show eapoupd all
B. show eou all
C. show nac all
D. show nac access-list all

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 59
The MARS Appliance (running release 3.4.1) supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. secured FTP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 60
You work as a network technician at Certkiller .com. Your Certkiller trainee Sandra is interested EAP protocols. You must match the protocol with the appropriate characteristics.
Select and Place:

Correct Answer:

Section: (none)

Explanation
Explanation/Reference:
EAP-TLS:
http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/
networking_solutions_white_paper09186a00800b
EAP Transport Layer Security (TLS) (RFC2716) is a Microsoft-supported EAP authentication algorithm
based on the TLS protocol (RFC2246).
TLS is the current version of Secure Socket Layer (SSL) used in most Web browsers for secure Web
application transactions.

PEAP:
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item0900aecd801764fa.shtml
PEAP works in two phases:
IN phase I, server-side TLS aurhentication is performed to create an encrypted tunnel and achieve server-
side authentication in a manner similar to Web server authentication using Secure Sockets Layer (SSL), a
popular and trusted security method. Once Phase 1 of PEAP is established, all data is encrypted, including
all user-sensitive information.
The framework for PEAP phase 2 Authenticationis extensible,and the client can be authenticated using
methods such as EAP-GTC and Microsoft Challenge Authentication Protocol (MS-CHAP) Version 2 within
the TLS tunnel.

EAP-FAST :
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00802030dc.shtml
Cisco developed EAP-FAST to support customers who cannot enforce a strong password policy and wish
to deploy an 802.1X EAP type that does not require digital certificates, supports a variety of user and
password database types, supports password expiration and change, and is flexible, easy to deploy, and
easy to manage. For example, a customer using Cisco LEAP who cannot enforce a strong password
policy and does not want to use certificates can migrate to EAP-FAST for protection from dictionary
attacks.
EAP-FAST uses symmetric key algorithms to achieve a tunneled authentication process.
The tunnel establishment relies on a Protected Access Credential (PAC) that can be provisioned and
managed dynamically by EAP-FAST through the authentication, authorization, and accounting (AAA)
server.

QUESTION 61
Which three of the following reporting devices can be added to the MARS appliance using the “Add SW security apps on new host”? Select three.
Exhibit:

A. Cisco ACS
B. Netflow
C. SNORT
D. FWSM
E. Generic web server

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
ASFE Course Notes pg 3-91, 3-137, 3-148
QUESTION 62
Which browser plug-in is required to view the charts and graphs on the MARS Appliance?
A. Macromedia Flash Player
B. Sun Microsystems Java
C. Microsoft PowerPoint
D. Adobe SVG Viewer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
ASFE Course Notes pg 3-172
To see diagrams you need the Adobe SVG viewer plug-in. The Adobe SVG viewer plug-in should automatically install.
QUESTION 63
What are three benefits in deploying MARS Appliances using the Global and Local Controllers’ architecture? (Choose three.)
A. A Global Controller can provide a summary of all Local Controllers information (network topologies, incidents, queries, and reports result).
B. A Global Controller can provide a central point for creating rules and queries, which are applied to multiple Local Controllers simultaneously.
C. The architecture provides redundancy in case one of the MARS Local Controllers failed within a zone.
D. Users can seamlessly navigate to any Local Controllers from the Global Controller GUI.
E. A Global Controller can correlate events from multiple Local Controllers to perform global sessionizations.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 64
Refer to the exhibit. When new students attempt to access the college network, the Clean Access Agent (CCA) informs the students that their PCs violate the college security policy because they are missing some required files and software applications on their PCs. To grant students FTP access to the files and applications on an internal remediation server, the administrator must take which of the following courses of action?
Exhibit:

A. Add to the Unauthenticated Role an allow policy for FTP access to the internal remediation server.
B. Add to the Temporary Role an allow policy for FTP access to the internal remediation server.
C. Add to the Quarantine Role an allow policy for FTP access to the internal remediation server.
D. Add to the Student Role an allow policy for FTP access to the internal remediation server.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: ASFE Course Notes pg 2-42 Temporary Role: This role is assigned to allow a user to download and install required packages. Full network access is denied till the requirements are met. If the requirements are met but the client is found to have vulnerabilities during the network scanning, then the client is transferred from the Temporary role to the Quarantine role, where the client is given network access to resources needed to fix the vulnerability.
QUESTION 65
Refer to the exhibit. From a dropdown menu, profiles are applied to each managed port.
Before a profile can be applied, where are the client access and authentication VLAN profile parameters
configured?

Exhibit:

A. controlled VLAN profile
B. access control profile
C. port profile
D. User Role profile

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
ASFE Course Notes pg 2-173/191/207 The port profile determines whether a port is managed or
unmanaged and which authentication and access vlan’s to use when switching the client port. You will
need to add a port profile for each set of authentication and access vlans that you configure on the switch.
When configuring switch ports, the profile column provides a drop down menu for each switch port and is
used to assign the appropriate port profile to the port.

QUESTION 66
When configuring Cisco ACS users and groups, and the user configuration has an attribute configured differently from the same attribute in the group profile, what will the result be?
A. The user setting will override the group setting.
B. The group setting will be applied.
C. The specific user cannot be placed into a group to avoid conflicts.
D. A unique group must be configured and the user placed into that group.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Refer to the exhibit. Network Admission Control (NAC) has been configured on router Certkiller1;however,end systems are not being properly validated for the correct security posture when accessing external networks. You have determined that the proper intercept ACL has not been applied. What would the correct intercept ACL and admission statement to apply be to correct this problem?
Exhibit:

A. access-list 199 permit ip any 192.168.1.0 0.0.0.255ip admission name bluemoon eapoudp list 199
B. access-list 10 permit upd any 192.168.150.0 0.0.0.255ip admission name nac1 eapoudp list 10
C. access-list 101 permit ip any 192.50.0.0 0.0.0.255 ip admission name greentree eapoudp list 101
D. access-list nac1 permit udp any anyip admission name nac1 eapoudp list 1

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
ASFE Course Notes pg 1-124
The intercept ACL mirrors the interface ACL by denying traffic that was specifically permitted in the
interface ACL and permitting traffic that was specifically denied in the interface ACL. Doing this subjects
the specified traffic to the posture validation process.
The Intercept ACL is not applied to a particular NAD interface, but instead applied to the NAC global policy.
In the Interface ACL one needs to deny EAPoUDP traffic to the NAD to enable the posture validation
process to work, and sometimes also allow posture bypass for DNS & DHCP traffic. This permitted traffic
should then be denied in the Intercept ACL.

If we assess the answers:
A) The syntax is correct, however we assume that we do not want to posture traffic to these servers as
these are used for the posturing process and the question states external network.
B) This has 2 problems, First the ACL number is 10 which contradicts the syntax and secondly it is only
looking at UDP traffic, we would want to posture all traffic.
C) The syntax is correct, however the diagram does not show us the IP address of the external network. If
the external network IP range is 192.50.0.x then this is the correct answer. Without the external IP range
information, by a process of elimination this is the most correct answer out of the options available.
D) The syntax for this ACL is incorrect for a named ACL.

QUESTION 68
Which is a benefit of using the dollar variable (like $TARGET01) when creating queries in MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuples information using a variable.
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C. The dollar variable allows matching of any unknown reporting device.
D. The dollar variable allows matching of any event type groups.
E. The dollar variable enables the same query to be applied to different reports.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 69
After manually adding the Certkiller 1 device shown in the MARS GUI screen, what additional steps do you need to perform?
A. Click “Activate” to enable the device.
B. Click “Submit” to enable the device.
C. Click “Submit” to test access to the device. When access is successful, click “Activate” to activate the device.
D. Click “Activate” to activate the device, then click “Submit” to save the device configuration.
E. Click “Discover” to initiate manual discovery. When discovery is completed, click “Submit”, then “Activate.

Correct Answer: E Section: (none) Explanation
Explanation/Reference: QUESTION 70
Once you have installed the Cisco Trust Agent (CTA), you want to verify that the agent is operating properly and communicating with the antivirus policy server. Which could you do to verify that status?
A. Issue the show eou all command on the intermediate NAD device.
B. From the endpoint device, ping the AV server. If this is successful, CTA is installed correctly.
C. If an “unhealthy user” pop-up window on the endpoint device is not displayed, the agent is working properly.
D. Check CTA activity logs for security posture validation messages.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

Free practice questions for Cisco 642-567 exam.These questions are aimed at giving you an idea of the type of questions you can expect on the actual exam.You will get an idea of the level of knowledge each topic goes into but because these are simple web pages you will not see the interactive and performance based questions – those are available in the Cisco 642-567.

Dumpsoon MB2-703 dumps with PDF + Premium VCE + VCE Simulator: http://www.dumpsoon.com/MB2-703.html