Your worries about Cisco 642-531 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the Cisco 642-531 exam. All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-531 exam.It 100% ensure you pass the exam without any doubt.
Exam A
QUESTION 1
Which of the following types of attacks is typical of an intruder who is targeting networks of systems in an effort to retrieve data of enhance their privileges?
A. Access attack
B. Denial of Service attack
C. Man in the middle attack
D. Authorization attack
E. Reconnaissance attack
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Access Attacks Access is a broad term used to describe any attack that requires the intruder to gain unauthorized access to a secure system with the intent to manipulate data, elevate privileges, or simply access the system. The term “access attack” is used to describe any attempt to gain system access, perform data manipulation, or elevate privileges. System Access Attacks System access is the act of gaining unauthorized access to a system for which the attacker doesn’t have a user account. Hackers usually gain access to a device by running a script or a hacking tool, or exploiting a known vulnerability of an application or service running on the host. Data Manipulation Access Attacks Data manipulation occurs when an intruder simply reads, copies, writes, deletes, or changes data that isn’t intended to be accessible by the intruder. This could be as simple as finding a share on a Windows 9x or NT computer, or as difficult as attempting to gain access to a credit bureau’s information, or breaking into the department of motor vehicles to change a driving record. Elevating Privileges Access Attacks Elevating privileges is a common type of attack. By elevating privileges an intruder can gain access to files, folders or application data that the user account was not initially granted access to. Once the hacker has gained a high-enough level of access, they can install applications, such as backdoors and Trojan horses, to allow further access and reconnaissance. A common goal of hackers is to CCSP: Cisco Certified Security Professional Certification All-in-One Exam Guide Cisco Courseware 13-6
QUESTION 2
Which of the following types of attacks would be a most probable consequence of the presence of a shared folder in a Windows operating system?
A. Denial of Service Attack
B. Access Attack
C. Authorization attack
D. Reconnaissance attack
E. Man-in-the-middle
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: Access Attacks Access is a broad term used to describe any attack that requires the intruder to gain unauthorized access to a secure system with the intent to manipulate data, elevate privileges, or simply access the system. The term “access attack” is used to describe any attempt to gain system access, perform data manipulation, or elevate privileges. System Access Attacks System access is the act of gaining unauthorized access to a system for which the attacker doesn’t have a user account. Hackers usually gain access to a device by running a script or a hacking tool, or exploiting a known vulnerability of an application or service running on the host. Data Manipulation Access Attacks Data manipulation occurs when an intruder simply reads, copies, writes, deletes, or changes data that isn’t intended to be accessible by the intruder. This could be as simple as finding a share on a Windows 9x orNT computer, or as difficult as attempting to gain access to a credit bureau’s information, or breaking into the department of motor vehicles to change a driving record.
Reference: CCSP Osborne page 810 Cisco Courseware 3-6
QUESTION 3
Which of the following represents a type of exploit that involves introducing programs that install in inconspicuous back door to gain unauthorized access?
A. File sharing
B. Trojan horse
C. Protocol weakness
D. Session hijack
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
To gain remote access, they rely on keystroke capture software that’s planted on a system, sometimes
through a worm or Trojan horse disguised as a game or screen saver.
Reference:
Cisco Courseware 2-46
QUESTION 4
Which of the following is typical of signature-based intrusion detection?
A. Signature creation is automatically defined
B. Signature match patterns of malicious activity
C. Signatures are prone to a high number of false positive alarms.
D. Signatures focus on TCP connection sequences
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Page 65 Cisco Press CCSP CSIDS 2nd edition under Misuse Detection
QUESTION 5
What does an attacker require to perform a Denial of Service attack?
A. a means of network access
B. prior access to the target
C. previously installed root kit
D. username and password
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
DOS attacks are performed by flooding the network, so the only requirement is access to the network.
C, the requirement of installing tools to perform distributed attacks (whatever a root toolkit may be) is only
true for DDOS attacks.
As the aim is not to gain access no usernames or passwords (D), and even no prior access to the target host (B) is required. Page 2-28 CIDS Courseware v4.0
QUESTION 6
Which value can be assigned to define the Cisco IDS 4210 Sensor’s sensing interface?
A. Auto
B. Detect
C. Probe
D. Sniffing
E. Select
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
An individual sensor contains two separate interfaces. The sensor used on of the interfaces to passively
sniff all the network packets by placing the interface in Promiscuous mode. The sensor uses the other
network interface for command and control traffic.
Reference:
Cisco Secure Intrusion Detection System (Ciscopress) page 98
QUESTION 7
What reconnaissance methods are used to discover servers running SMTP and SNMP? (Choose two)
A. TCP scans for port 25
B. UDP scans for port 25
C. UDP scans for port 161
D. ICMP sweeps for port 25
E. ICMP sweeps for port 161
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
If the public SMTP server were compromised, a hacker might try to attack the internal mail server over
TCP port 25, which is permitted to allow mail transfer between the two hosts.
SNMP is a network management protocol that can be used to retrieve information from a network device
(commonly referred to as read-only access) or to remotely configure parameters on the device (commonly
referred to as read-write access). SNMP agents listen on UDP port 161.
Reference:
SAFE Blueprint for Small, Midsize, and Remote-User Networks
Cisco 642-531 Questions & Answers with explanations is all what you surely want to have before taking Cisco 642-531 exam.Cisco 642-531 Interactive Testing Engine is ready to help you to get your Cisco 642-531 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 642-531 certification passed and are in search of some best and useful material,Cisco 642-531 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices Part 1 stydy.