Implementing Cisco NAC Appliance

Exam Number: 642-591
Associated Certifications: CCSP/ Cisco Network Admission Control Specialist
Duration: 75 minutes (60 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions

Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The 642-591 CANAC Implementing Cisco NAC Appliance exam is associated with both the Cisco Certified Security Professional and the Cisco Network Admission Control Specialist certifications. Candidates can prepare for this exam by taking the Implementing Cisco NAC Appliance course. This exam tests a candidate’s knowledge of the Cisco NAC Appliance solution.

Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Implement Cisco NAC Appliance
Identify the components and features used for Cisco NAC Appliance
Configure and verify NAM and NAS to support the Cisco NAC Appliance In-Band server solutions
Configure and verify NAM and NAS to support the Cisco NAC appliance Out-of-Band server solutions
Configure Single Sign on
Configure and verify Cisco Switches as network access devices
Configure and verify user roles
Implement and verify rule based policies
Configure Cisco NAC Appliance network scanning
Configure NAM to implement NAA on user devices
Implement and verify an HA solution
Administer and monitor a Cisco NAC Appliance solution
Recommended Training
Implementing Cisco NAC Appliance (CANAC) is the recommended training for the 642-591 CANAC Exam

Courses listed are offered by Cisco Learning Partners, the only authorized source for Cisco IT training delivered exclusively by Certified Cisco Instructors. Check the List of Learning Partners for a Cisco Learning Partner near you.

Additional Resources
A variety of Cisco Press titles may be available for this exam. These titles can be purchased through the Cisco Marketplace Bookstore, directly from Cisco Press

TestInside 642-591

Cisco 642-591

Implementing Cisco NAC Appliance

Q&A Demo

English: www.TestInside.com BIG5: www.Testinside.net GB: www.testking.name

TestInside,help you pass any IT exam!

TestInside 642-591

1. The NAS is configured to autogenerate an IP address pool of 30 subnets with a netmask of /30, beginning at

address 192.168.10.0. Which IP address is leased to the end-user host on the second subnet? A. 192.168.10.4
B. 192.168.10.5

C. 192.168.10.6

D. 192.168.10.7

Answer: C

2. Which default administrator group has delete permissions? A. admin
B. help-desk

C. add-edit

D. full-control

Answer: D

3. What is the result when the condition statement in a Cisco NAA check for required software evaluates to false

on a client machine?

A. The required software is automatically downloaded to the user device. B. The required software is made available after the user is quarantined.
C. The user is put in the unauthenticated role and the software is considered missing. D. The user is placed in the temporary role and the software is made available. Answer: B

4. Which three components comprise a Cisco NAC Appliance solution? (Choose three.) A. a NAC-enabled Cisco router
B. a Linux server for in-band or out-of-band network admission control

C. a Linux server for centralized management of network admission servers

D. a Cisco router to provide VPN services

E. a read-only client operating on an endpoint device

F. a NAC-enabled Cisco switch

Answer: BCE

TestInside 642-591

5. When configuring the Cisco NAM to implement Cisco NAA requirement checking on client machines, what is

the next step after configuring checks and rules? A. retrieve updates
B. require the use of the Cisco NAA

C. configure session timeout and traffic policies

D. map rules to requirement E. configure requirements Answer: E

6. Refer to the exhibit. When logging in to a Cisco NAC Appliance solution, an end user is prompted for a username, password, and provider. What should be entered in the Provider drop-down field shown in the exhibit?

A. the authenticating NAS B. the authorizing NAM
C. the name of the ISP

D. the external authenticating server

Answer: D

7. What are the two types of traffic policies that apply to user roles? (Choose two.) A. IP-based
B. peer-based

C. host-based

D. manager-based

E. server-based

TestInside 642-591

F. VLAN-based

Answer: AC

8. After you implement a network scan and view the report, you notice that a plug-in did not access any of its dependent plug-ins. What did you forget to do?
A. enable the Dependent Plug-in check box on the General Tab form

PassGuide offers free demo for Certification Exams You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products. Download links:http://demo.passguide.com/download

B. configure dependent plug-in support when you mapped the Nessus scan check to the Nessus plug-in rule

C. install dependent plug-ins when you updated the Cisco NAC Appliance plug-in library

D. load the dependent plug-ins for that plug-in in the Plug-in Updates form

Answer: D

9. A client has a network with wireless and wired users. The wired users run mission-critical bandwidth-sensitive applications. The wireless users access web-based support portals within the central office.

Given only this information, which Cisco NAC Appliance solution would provide the most fault-tolerant option for this client?
A. one Cisco NAM and one in-band highly available Cisco NAS cluster

B. one load-balanced highly available Cisco NAM cluster and one out-of-band highly available Cisco NAS cluster

C. one highly available Cisco NAM cluster, one out-of-band highly available Cisco NAS cluster, and one in-band

Cisco NAS

D. one highly available Cisco NAM cluster and one in-band highly available Cisco NAS cluster

Answer: C
10. Based on the Boolean order of precedence, how would Cisco NAC Appliance evaluate the following rule? AdAwareLogRecent&(NorAVProcessIsActiveymAVProcessIsActive)

A. (The Norton Antivirus is active and there is a recent Ad Aware log entry) or (the Symantec antivirus process is active).
B. There is a recent Ad Aware log entry, the Norton Antivirus is active, and the Symantec antivirus process is active.
C. (Either the Norton Antivirus or the Symantec antivirus process is active) and (there is a recent Ad Aware log

TestInside 642-591

entry).

D. There is a recent Ad Aware log entry or the Norton Antivirus is active, or the Symantec antivirus process is active.
Answer: C

11. How do you ensure that the Cisco NAS has the most recent version of the Cisco NAA to install on user devices?
A. Each time the Cisco NAA is upgraded, the Cisco NAM automatically downloads the new version of Cisco

NAA to all Cisco NAS servers.

B. From the Cisco NAS Web Admin Console, enable Cisco NAA autoupdate on the Administration > Software

Update form.

C. The Cisco NAA is upgraded directly to each Cisco NAS using the Upgrade Server form available on the Cisco

NAM web console GUI.

D. Configure the Cisco NAS by selecting which Cisco NAA to upgrade in the Cisco NAA Upgrade form. Answer: A

12. A search of available switches has been performed and a list of switches is presented. Which two SNMP attributes need to match what is configured in the Cisco switch profile for a listed switch to be added to the Cisco NAM? (Choose two.)
A. SNMP read community string B. SNMP write community string C. SNMP read version
D. SNMP write version

E. SNMP trap

Answer: AC

13. In a Cisco NAC Appliance Windows Active Directory SSO deployment, what are the cached credentials and

Kerberos TGT from the client-machine Windows login used for? A. They are used to validate the user with the Cisco NAS.
B. They are used to validate the user authentication with the backend Windows Active Directory server.

C. They are used to validate user access with the Cisco NAA.

TestInside 642-591

D. They are used to validate the user authentication and access with the Cisco NAM.

Answer: B

14. What must you check on the switches for an out-of-band Cisco NAC Appliance deployment?

A. The Cisco or non-Cisco switch must support port security and SNMPv2 or SNMPv3. B. The Cisco switch must support VACL (VLAN ACL).
C. If you have stacked Cisco Catalyst 3750 Series Switches, you are using Cisco IOS Release 12.1(25)SEC or above.
D. The Cisco switch must use at least the minimum supported version of Cisco IOS or Catalyst OS supporting mac-notification or linkup-linkdown SNMP traps.
Answer: D

15. Drop

Answer:

TestInside 642-591

Interactive Testing Engine Included!
60 Questions
Updated : 03/15/2008
Price : $87.99 $79.99
Free download?testking ccsp 642-591
Free download?pass4sure ccsp 642-591

High quality IT Certification Training Exam Questions, Study Guides and Practice Tests are in Downloadable PassGuide Testing Engine,Successful for IT Certification or Full Refund for you.www.freepassguide.co.uk

Dowload PassGuide Practice Test Questions

• Testking Actualtests cisco vce dumps
• Testking Cisco ccsp 642-545
• Testking cisco ccsp 642-504
• Testking Cisco CCSP 642-542 CSI
• Testking CCSP Dumps
• CISCO CCSP 642-524
• Cisco CCSP 642-515 SNAA Exam
• cisco 642-551 SND
• cisco 642-541 CSI
• cisco 642-533 IPS
• cisco 642-532 IPS
• CISCO 642-522 SNPA
• cisco 642-521 CSPFA
• CISCO 642-511 CSVPN
• CISCO 642-502 SNRS