2016 New Updated — Latest Cisco 642-564 Exam Questions with PDF and VCE


Completed the Cisco 642-564  test and passed with high scores.New Cisco 642-564 test have been changed with many questions last month ago,and now new exam questions and answers have been added on Cisco 642-564,which is realiable according to my real test.

Exam A
A new MARS appliance has been installed in the Certkiller network. Which protocol is used for transporting the event data from Cisco IPS 5.0 and later devices to the Cisco Security MARS appliance?
A. RDEP over SSL
B. SDEE over SSL
E. All of the above

Correct Answer: B Section: (none) Explanation
For Cisco IPS 5.x devices, MARS pulls the logs using SDEE (Security Device Event Exchange) over SSL.
Therefore, MARS must have HTTPS access to the sensor.
You work as a network technician at Certkiller .com. Your boss, Mrs Certkiller, is curious about attack
methodologies. Match the technology with the appropriate description.
Use each technology once and only once.

Select and Place:

Correct Answer: Section: (none) Explanation
Explanation: Reconnaissance Attacks Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also called information gathering. In most cases, it precedes an actual access or DoS attack. The malicious intruder typically ping-sweeps the target network first to determine what IP addresses are alive. After this is accomplished, the intruder determines what services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the application type and version as well as the type and version of the operating system running on the target host. Reconnaissance is somewhat analogous to a thief scoping out a neighborhood for vulnerable homes he can break into, such as an unoccupied residence, an easy-to-open door or window, and so on. In many cases, an intruder goes as far as “rattling the door handle”-not to go in immediately if it is open, but to discover vulnerable services he can exploit later when there is less likelihood that anyone is looking. Access Attacks Access is an all-encompassing term that refers to unauthorized data manipulation, system access, or privilege escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Sometimes this is as easy as finding shared folders in Windows 9x or NT, or NFS exported directories in UNIX systems with read or read-write access to everyone. The intruder has no problem getting to the files. More often than not, the easily accessible information is highly confidential and completely unprotected from prying eyes, especially if the attacker is already an internal user. System access is an intruder’s ability to gain access to a machine that he is not allowed access to (such as when the intruder does not have an account or password). Entering or accessing systems that you don’t have access to usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked. Another form of access attacks involves privilege escalation. This is done by legitimate users who have a lower level of access privileges or intruders who have gained lower-privileged access. The intent is to get information or execute procedures that are unauthorized at the user’s current level of access. In many cases this involves gaining root access in a UNIX system to install a sniffer to record network traffic, such as usernames and passwords that can be used to access another target.
In some cases, intruders only want to gain access, not steal information-especially when the motive is intellectual challenge, curiosity, or ignorance. DoS Attacks DoS is when an attacker disables or corrupts networks, systems, or services with the intent to deny the service to intended users. It usually involves either crashing the system or slowing it down to the point where it is unusable. But DoS can also be as simple as wiping out or corrupting information necessary for business. In most cases, performing the attack simply involves running a hack, script, or tool. The attacker does not need prior access to the target, because usually all that is required is a way to get to it. For these reasons and because of the great damaging potential, DoS attacks are the most feared-especially by e-commerce website operators.

Which Cisco management product provides a Security Audit wizard?
A. Cisco Security Auditor
B. CiscoWorks VPN/Security Management Solution
C. Cisco Adaptive Security Device Manager
D. Cisco Router and Security Device Manager
E. None of the above

Correct Answer: D Section: (none) Explanation
In the Cisco Router and Security Device Manager, the Security Audit is a feature that examines your
existing router configurations and then updates your router in order to make your router and network more
secure. Security Audit is based on the Cisco IOS AutoSecure feature; it performs checks on and assists in
configuration of almost all of the AutoSecure functions.
Security Audit operates in one of two modes-the Security Audit wizard, which lets you choose which
potential security-related configuration changes to implement on your router, and One-Step Lockdown,
which automatically makes all recommended security-related configuration changes.
A new MARS appliance has been installed in the Certkiller network. Which three features of Cisco Security MARS provide for identity and mitigation of threats? (Choose three)
A. Determines security incidents based on device messages, events, and sessions
B. Provides incident analysis that is topologically aware for visualization and replay
C. Integrates with Trend Micro to clean infected hosts
D. Performs mitigation on Layer 2 ports and at Layer 3 choke points
E. Provides a security solution for preventing DDoS attacks
F. Pushes signatures to Cisco IPS to keep viruses from entering the network

Correct Answer: ABD Section: (none) Explanation
Explanation: Cisco Security MARS obtains network intelligence by understanding the topology and device configurations from routers, switches, and firewalls, and by profiling network traffic. The system’s integrated network discovery function builds a topology map containing device configuration and current security policies, which enables it to model packet flows through your network. Since the appliance does not operate inline and makes minimal use of existing software agents, there is little impact on network or system performance. The appliance centrally aggregates logs and events from a wide range of popular network devices (such as routers and switches), security devices and applications (such as firewalls, intrusion detection systems [IDSs], vulnerability scanners, and antivirus applications), hosts (such as Windows, Solaris, and Linux syslogs), applications (such as databases, Web servers, and authentication servers), and network traffic (such as Cisco NetFlow). Cisco Security MARS transforms raw network and security data into intelligence that can be used to subvert valid security incidents and maintain compliance. This easy-to-use family of threat mitigation appliances enables operators to centralize, detect, mitigate, and report on priority threats using the network and security devices already deployed in your infrastructure. The threat mitigation features of MARS can be used to isolate and prevent problems from spreading in the network by stopping them key layer 2 and layer 3 network points. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-1 through 4-14.

How is Cisco IOS Control Plane Policing achieved?
A. By adding a service-policy to virtual terminal lines and the console port
B. By applying a QoS policy in control plane configuration mode
C. By disabling unused services
D. By rate-limiting the exchange of routing protocol updates
E. By using AutoQoS to rate-limit the control plane traffic
F. None of the above

Correct Answer: B Section: (none) Explanation
Explanation: The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of CiscoIOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.
To configure, follow these detailed steps:
Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/productsfeatureguide09186a008052446b.html

The Certkiller network is using NAC. Which component of the Cisco NAC framework is responsible for compliance evaluation and policy enforcement?
A. Cisco Secure ACS server
B. Cisco Trust Agent
C. Network access devices
D. Posture validation server

Correct Answer: A Section: (none) Explanation
Explanation: Cisco Secure ACS extends access security by combining authentication, user and administrator access, and policy control from a centralized identity networking framework, thereby allowing greater flexibility and mobility, increased security, and user productivity gains. Cisco Secure ACS is an important component of the Cisco Network Admission Control (NAC)-an industry initiative sponsored by Cisco Systems that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. Cisco Secure ACS 4.0 acts as a policy decision point in NAC deployments, evaluating credentials, determining the state of the host, and
sending out per-user authorization to the network access devices.
Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

You work as a network technician at Certkiller .com. Your trainee Sandra is curious about Network Security Lifecycles. Match each action with the appropriate task.
Select and Place:
Correct Answer: Section: (none) Explanation
What is a benefit of the Cisco Integrated Services Routers?
A. Intel Xeon CPUs
B. Built-in event correlation engine
C. Built-in encryption acceleration
D. Customer programmable ASIC

Correct Answer: C Section: (none) Explanation
Explanation: The Cisco 800, 1800, 2800, and 3800 Integrated Services Routers (ISR) were designed to incorporate security in every router by making hardware-based encryption a standard feature. This built-in, hardware-based encryption acceleration offloads the VPN processes to provide increased VPN throughput with minimal impact on the router CPU. If additional VPN throughput or scalability is required, optional VPN encryption advanced integration modules (AIMs) are available.
The Certkiller network has just implemented CSA for all end hosts. What are three functions of CSA in
helping to secure customer environments? (Choose three)
A. Application control
B. Control of executable content
C. Identification of vulnerabilities
D. Probing of systems for compliance
E. Real-time analysis of network traffic
F. System hardening

Correct Answer: ABF Section: (none) Explanation
The functions of the CSA are system hardening, resource protection, control of executable content,
application control, and detection.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 4-3.

The Certkiller network just upgraded to the ISR router series. Which two features can the USB eToken for Cisco Integrated Services Router be used for? (Choose two)
A. Distribution and storage of VPN credentials
B. Command authorization
C. One-time passwords
D. Secure deployment of configurations
E. Troubleshooting

Correct Answer: AD Section: (none) Explanation
The Cisco IOS Software-level integration of Aladdin’s eToken drivers provides partners and customers with
enhanced security router practices:

Secure Provisioning of Cisco Router Configurations: Combining eToken drivers with Cisco integrated
services routers helps Cisco partners mount router configuration on eToken and securely send them to
end customers.
Portable Credential Storage for Cisco VPN: VPN credential storage on eToken provides off-platform
generation and secure storage of VPN credentials. Encryption keys are loaded when eToken is plugged in,
and removed when eToken is removed.
Reference: http://www.aladdin.com/etoken/demos/cisco/ask.asp

Refer to the exhibit below. As each spoke site is added, spoke-to-spoke and spoke-to-hub connectivity will be required. What is the best VPN implementation option in this scenario? Exhibit:

A. GRE over IPSec with dynamic routing
C. IPSec Easy VPN

Correct Answer: B Section: (none) Explanation
Explanation: The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP). Benefits of Dynamic Multipoint VPN (DMVPN) Hub Router Configuration Reduction: Currently, for each spoke router, there is a separate block of configuration lines on the hub router that define the crypto map characteristics, the crypto access list, and the GRE tunnel interface. This feature allows users to configure a single mGRE tunnel interface, a single IPsec profile, and no crypto access lists on the hub router to handle all spoke routers. Thus, the size of the configuration on the hub router remains constant even if spoke routers are added to the network. DMVPN architecture can group many spokes into a single multipoint GRE interface, removing the need for a distinct physical or logical interface for each spoke in a native IPsec installation. Automatic IPsec Encryption Initiation GRE has the peer source and destination address configured or resolved with NHRP. Thus, this feature allows IPsec to be immediately triggered for the point-to-point GRE tunneling or when the GRE peer address is resolved via NHRP for the multipoint GRE tunnel. Support for Dynamically Addressed Spoke Routers When using point-to-point GRE and IPsec hub-and-spoke VPN networks, the physical interface IP address of the spoke routers must be known when configuring the hub router because IP address must be configured as the GRE tunnel destination address. This feature allows spoke routers to have dynamic physical interface IP addresses (common for cable and DSL connections). When the spoke router comes online, it will send registration packets to the hub router: within these registration packets, is the current physical interface IP address of this spoke. Dynamic Creation for Spoke-to-Spoke Tunnels This feature eliminates the need for spoke-to-spoke configuration for direct tunnels. When a spoke router wants to transmit a packet to another spoke router, it can now use NHRP to dynamically determine the required destination address of the target spoke router. (The hub router acts as the NHRP server, handling the request for the source spoke router.) The two spoke routers dynamically create an IPsec tunnel between them so data can be directly transferred. VRF Integrated DMVPN DMVPNs can be used to extend the Multiprotocol Label Switching (MPLS) networks that are deployed by service providers to take advantage of the ease of configuration of hub and spokes, to provide support for dynamically addressed customer premises equipment (CPEs), and to provide zero-touch provisioning for adding new spokes into a DMVPN. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/productsfeatureguide09186a0080110ba1.html
The Certkiller network is using GRE on their IPSec VPN WAN. What is a benefit of IPSec + GRE?
A. Bandwidth conservation
B. No need for a separate client
C. Full support of Cisco dynamic routing protocols
D. Support of dynamic connections

Correct Answer: C Section: (none) Explanation
Explanation: Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk. IPSec with GRE uses generic routing encapsulation (GRE) in order to accomplish routing between the different networks. All routing protocols will be supported as all traffic will be encapsulated within a GRE packet.
Which two are true about Cisco AutoSecure? (Choose two)
A. It blocks all IANA-reserved IP address blocks
B. It enables identification service
C. It enables log messages to include sequence numbers and time stamps
D. It disables tcp-keepalives-in and tcp-keepalives-out
E. It removes the exec-timeout

Correct Answer: AC Section: (none) Explanation
Cisco AutoSecure performs the following functions:

1. Disables the following Global Services


Small Servers


HTTP service

Identification Service



Source Routing
2. Enables the following Global Services
Password-encryption service

Tuning of scheduler interval/allocation

TCP synwait-time

TCP-keepalives-in and tcp-kepalives-out

SPD configuration

No ip unreachables for null 0
3. Disables the following services per interface


Directed Broadcast

Disables MOP service

Disables icmp unreachables

Disables icmp mask reply messages.
Provides logging for security

Enables sequence numbers & timestamp

Provides a console log

Sets log buffered size

Provides an interactive dialogue to configure the logging server ip address.

Secures access to the router

Checks for a banner and provides facility to add text to automatically configure:

Login and password

Transport input & output


Local AAA

SSH timeout and ssh authentication-retries to minimum number

Enable only SSH and SCP for access and file transfer to/from the router

Disables SNMP If not being used

Secures the Forwarding Plane

Enables Cisco Express Forwarding (CEF) or distributed CEF on the router, when available


Blocks all IANA reserved IP address blocks

Blocks private address blocks if customer desires

Installs a default route to NULL 0, if a default route is not being used
Configures TCP intercept for connection-timeout, if TCP intercept feature is available and the user is interested

Starts interactive configuration for CBAC on interfaces facing the Internet, when using a Cisco IOS Firewall image,

Enables NetFlow on software forwarding platforms Reference: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns336/ networkingsolutionswhitepaper09186a008018
Which two statements about the Firewall Services Module are true? (Choose two)
A. For traffic from high to low security levels, no access control list is needed.
B. Interfaces with the same security level cannot communicate without a translation rule.
C. Two VLAN interfaces connect MSFC and FWSM.
D. Up to 1 million simultaneous connections are possible.
E. Up to 100 separate security contexts are possible.

Correct Answer: DE Section: (none) Explanation
The Firewall Service Module (FWSM) is a high performance module used in Catalyst 6500 series switches
and 7600 series routers. It is capable of 5.5GB of throughput, supporting 1 million simultaneous
connections, 100,000 connection setup and teardowns per second, and 256,000 NAT and PAT
translations. It also supports up to 100 separate security contexts (virtual firewalls) with a license upgrade.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 2, page 4-2 and 4-7.

The Certkiller network administrator is installing a new Cisco Security MARS appliance. After powering up the MARS appliance, what is a valid task?
A. Use a Category 5 crossover cable to connect the computer Ethernet port to the MARS eth0 port.
B. Connect a keyboard and monitor directly to the MARS appliance to set up its initial configuration.
C. Set the IP address of the computer to
D. Telnet to using the username pnadmin and the password pnadmin.
Correct Answer: A Section: (none) Explanation

When installing the CS-MARS appliance and connecting to it for the first time, when the CS-MARS booted
up, connect a UTP Cat 5 crossover cable to your computer’s Etheret port and connect the other end of the
crossover cable to the CS-MARS’ Ethernet 0 (eth0) port.
Incorrect Answers:

B: To start the configuration process, you must connect another computer that is running Microsoft Internet Explorer to the appliance.
C: The default IP address of the CS-MARS device is, and it is recommended that the IP address of you computer is set to
D: Although the default user name/password is indeed pnadmin/pnadmin, you should connect to, not Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 6, page 4-65.
Which Cisco security product is an easily deployed software solution that can automatically detect, isolate, and repair infected or vulnerable devices that attempt to access the network?
A. Cisco Security Agent
B. Cisco Secure ACS server
C. NAC Appliance (Cisco Clean Access)
D. Cisco Traffic Anomaly Detector

Correct Answer: C Section: (none) Explanation
Explanation: Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources. With NAC Appliance, network administrators can authenticate, authorize, evaluate, and remediate wired, wireless, and remote users and their machines prior to network access. It identifies whether networked devices such as laptops, IP phones, or game consoles are compliant with your network’s security policies and repairs any vulnerabilities before permitting access to the network. When deployed, Cisco NAC Appliance provides the following benefits:
Recognizes users, their devices, and their roles in the network. This first step occurs at the point of
authentication, before malicious code can cause damage.
Evaluates whether machines are compliant with security policies. Security policies can include specific
antivirus or antispyware software, OS updates, or patches. Cisco NAC Appliance supports policies that
vary by user type, device type, or operating system.
Enforces security policies by blocking, isolating, and repairing noncompliant machines.
Noncompliant machines are redirected into a quarantine area, where remediation occurs at the discretion
of the administrator.

What is a benefit of high-performance AIM that is included with Cisco Integrated Services Routers?
A. Hardware-accelerated packet inspection engine
B. Hardware-based encryption and compression
C. Removable secure credentials
D. Support of SRTP

Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation: The VPN Advanced Integration Module (AIM) for the Cisco 1841 Integrated Services Router and Cisco 2800 and3800Series Integrated Services Routers optimizes the Cisco Integrated Services Router platforms for virtual private networks in both IP Security (IPSec) and Secure Sockets Layer (SSL) Web and VPN deployments. The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec VPN over the built-in IPsec encryption, and up to twice the performance for SSL Web VPN encryption. The Cisco VPN and SSL AIM supports all three of these functions in hardware: SSLencryption in hardware, VPN IPsec encryption in hardware using either Data Encryption Standard (DES) or Advanced Encryption Standard (AES), and the IP Payload Compression Protocol (IPPCP) in hardware. Reference: http://www.cisco.com/en/US/products/ps5853/productsdatasheet0900aecd804ff58a.html
In the context of Cisco NAC, what is a network access device?
A. A workstation without Cisco Trust Agent
B. A Cisco IOS router
C. An AAA server
D. A laptop with Cisco Trust Agent installed

Correct Answer: B Section: (none) Explanation
In NAC, network devices that can or will enforce admission control policy include routers, switches,
wireless access points, wireless LAN controllers, and security appliances. These devices demand host
credentials and relay this information to policy servers, where network admission control decisions are
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 1-11 and 1-13.

How does Cisco CSA protect endpoints?
A. It uses signatures to detect and stop attacks
B. It uses deep-packet application inspections to control application misuse and abuse
C. It uses file system, network, registry, and execution space interceptors to stop malicious activity
D. It works in conjunction with antivirus software to lock down the OS
E. It works at the application layer to provide buffer overflow protection

Correct Answer: C Section: (none) Explanation
The technology used to control the host is the CSA INCORE (Interceptor Correlate Rules Engine)
technology which supports four interceptors:
File System- All file read or write requests are intercepted and checked against a defined set of rules.
Network- Packet events at the driver (NDIS) or transport (TDI) level Configuration – Read or write requests
to the registry on Windows or to the RC files on UNIX.
Execution space – Deals with maintaining the integrity of each application’s dynamic run-time environment.
Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 4, page 4-3

Which two should be included in an analysis of a Security Posture Assessment? (Choose two)
A. A detailed action plan
B. An identification of bottlenecks inside the network
C. An identification of critical deficiencies
D. A recommendations based on security best practice
E. A service offer

Correct Answer: CD Section: (none) Explanation
Explanation: As the first step in planning network security, it is required to make an evaluation of the organization’s network security posture. The Security Posture Assessment provides a snapshot of the security state of the network by conducting a thorough assessment of the network devices, servers, databases, and desktops. Analyze the effectiveness of the network security in reference to recognized industry best practices, allowing identifying the relative strengths and weaknesses of the environment and documenting specific vulnerabilities that could threaten the business. Reference: Security Solutions for SE (SSSE) v1.0 Student Guide, Module 1, page 1-29

Cisco 642-564 tests containing questions that cover all sides of tested subjects that help our members to be prepared and keep high level of professionalism.The main purpose of Cisco 642-564 exam is to provide high quality test that can secure and verify knowledge, give overview of question types and complexity that can be represented on real exam certification