What does the Cisco security architecture called SAFE stand for?
A. Security Architecture for Enterprise
B. Standard Assessment for Enterprise
C. Security Analysis for Enterprise
D. Standard Architecture for Enterprise
Correct Answer: A
Section: Security Explanation
Cisco SAFE Architecture
Cisco Security Architecture for the Enterprise (SAFE) is a security reference architecture that provides detailed design and implementation guidelines to assist in the development of secure and reliable networks. Part of the SAFE architecture discusses the building blocks of secure networks that are resilient to well-known and new forms of attack. Because enterprise networks are key enablers of business, networks must be designed with integrated security in mind to ensure confidentiality, integrity, and availability of network resources, especially those networks that support critical business activity.
One key principle of Cisco SAFE architecture relates to the need for deep security and protection from both the inside and outside of the organization, along with providing guidelines for analyzing security requirements. The Cisco SAFE approach allows for the analysis of expected threats and supports the design of the network security strategy. In addition, the modular nature of Cisco SAFE allows for the security system to be expanded and scaled as the business grows.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
You are a network technician, can you tell me how many IP addresses are available for hosts in the subnet 220.127.116.11/27?
Correct Answer: B
Section: IP addressing Explanation
Which two encryption transforms will be used by both ESP and AH for authentication?
A. HMAC-MD5 or Hash Message Authentication Code-Secure Hash Algorithm-1(HMAC-SHA-1)
B. DES or 3DES
C. DES or Hash Message Authentication Code-Message Digest 5 (HMAC-MD5)
D. 3DES or MD5
Correct Answer: A
Section: WAN VPN Explanation
The IPsec protocols include Internet Security Association and Key Management Protocol (ISAKMP), and two other IPsec IP protocols: Encapsulating Security Payload (ESP) and Authentication Header (AH). IPsec uses symmetrical encryption algorithms to provide data protection. These algorithms need a secure method to exchange keys to ensure that the data is protected. Internet Key Exchange (IKE) ISAKMP protocols provide these functions. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, and anti-replay services. AH is used to provide integrity and data origin authentication, usually referred to as just authentication.
In addition, IPsec can secure data from eavesdropping and modification using transforms sets, which give you varying levels of strength for the data protection. IPsec also has several Hash Message Authentication Codes (HMAC) available to provide protection from attacks such as man-in-the-middle, packet-replay, and data-integrity attacks.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 7
A compliant ESP implementation MUST support the following mandatory-to-implement algorithms:
A compliant AH implementation MUST support the following mandatory-to-implement algorithms:
For the following options, which emerging WAN technology uses DSL coding and digital modulation techniques with Ethernet?
D. Long-Reach Ethernet (LRE)
Correct Answer: D
Section: WAN VPN Explanation
Long Reach Ethernet (LRE) was a proprietary networking protocol developed by Cisco Systems,
intended to support multi-megabit (5 to 15 Mbit/s) performance over telephone-grade Category 1/2/3 wiring
over distances up to 5, 000 feet (1.5 km). Supporting such great distances, LRE is technically classified a
Metropolitan area network (MAN) technology. Technically the protocol was similar to VDSL.
The technology was sometimes referred to as Ethernet in the First Mile (EFM). Several networking vendors
offered compatible networking hardware, but the technology became obsolete. Like standard VDSL, LRE
allowed existing telephone wiring that connects an organization’s offices to be used to network those offices
together using standard Ethernet protocol without incurring the huge cost of deploying fiber optic cable or
limiting organizations to the bandwidth provided by modems or xDSL devices. Other sample applications
included Ethernet access to hotel rooms or college dormitories over existing installed telephone wiring. LRE
was compatible with VDSL ETSI Band Plan 998. LRE sold Cisco Catalyst model 2900 switches using
Infineon PEF22822/PEB22811 VDSL QAM (10Base-S) chipset like many other VDSL concentrators. Cisco
announced end-of-sale for the LRE products in October 2006, and its Explanation: page was removed from
their web site in 2007. VDSL is a comparable or better solution.
What is SLC?
A. Standard level contracts
B. Standard level configuration
C. Service level contracts
D. Service level configuration
Correct Answer: C
Section: Management – Operations Explanation
SLA Defined A service-level agreement is a key component of a service-level contract (SLC). The SLC specifies connectivity and performance agreements for an end-user service from a provider of service. The service provider could be within the enterprisefor example the IS organization could be the service provider to internal departmentsor an external company such as an ISP providing wide-area or hosted application services.
The SLC typically includes multiple SLAs. A violation of any particular SLA could create a violation of the overall SLC. The service-level management solution needs to provide a means of managing collections of agreements that constitute a contract with the service provider. The solution should enable the user to monitor multiple SLCs individually, drill down into SLA details, and monitor the percentage of SLA conformance for a given SLC. For example, an SLC for connectivity from several branch sites to the central site may read a connection of 64 Kbps at a latency of no greater than 100 milliseconds averaged over one hour, and an availability of 99.9 percent is to be provided.
Ensurepass offers Latest 2013 640-864 Real Exam Questions, help you to pass exam 100%.