642-504 Exam

Quality and Value for the 642-504 Exam

Test4pass Practice Exams for Cisco 642-504 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 642-504 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the Others 642-504 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

Cisco 642-504 Downloadable, Printable Exams (in PDF format)

Our Exam 642-504 Preparation Material provides you everything you will need to take your 642-504 Exam. The 642-504 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

642-504 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-504 Exam will provide you with free 642-504 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-504 Exam:100% Guarantee to Pass Your Others exam and get your Others Certification.

Hot KeyWords On 642-504 test

We collect some hot keywords about this exam:
Test4pass , Pass 4 Sure , Test in Side ,Pass Guide ,Test King 642-504 exam | 642-504 pdf exam | 642-504 braindumps | 642-504 study guides | 642-504 trainning materials | 642-504 simulations | 642-504 testing engine | 642-504 vce | 642-504 torrent | 642-504 dumps | free download 642-504 | 642-504 practice exam | 642-504 preparation files | 642-504 questions | 642-504 answers.

How to pass your 642-504 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 642-504 test,The safer.easier way to get Others Certification .

��
��
Exam : Cisco 642-504
Title : Securing Networks with Cisco Routers and Switches


1. Refer to the exhibit.
What is correct based on the partial configuration shown?
A. The policy is configured to use an authentication key of 'rsa-sig'.
B. The policy is configured to use Diffie-Hellman group sha-1.
C. The policy is configured to use Triple DES IPsec encryption.
D. The policy is configured to use digital certificates.
E. The policy is configured to use access list 101 to identify the IKE-protected traffic.
Answer: D

2. The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protects which router plane?
A. control plane
B. management plane
C. data plane
D. network plane
Answer: B

3. In DMVPN, the NHRP process allows which requirement to be met?
A. dynamic physical interface IP address at the spoke routers
B. high-availability DMVPN designs
C. dynamic spoke-to-spoke on-demand tunnels
D. dynamic routing over the DMVPN
E. dual DMVPN hub designs
Answer: A

4. Cisco IOS Firewall supports which three of the following features? (Choose three.)
A. alerts
B. audit trails
C. multicontext firewalling
D. active/active stateful failover
E. DoS attacks protection
Answer: ABE

5. Refer to the exhibit.
Which two configuration commands are used to apply an inspect policy map for traffic traversing from the E0 or E1 interface to the S3 interface? (Choose two.)
A. zone-pair security test source Z1 destination Z2
B. interface E0
C. policy-map myfwpolicy
class class-default
inspect
D. ip inspect myfwpolicy out
E. ip inspect myfwpolicy in
F. service-policy type inspect myfwpolicy
Answer: AF

6. Which two are technologies that secure the control plane of the Cisco router? (Choose two.)
A. Cisco IOS Flexible Packet Matching
B. uRPF
C. routing protocol authentication
D. CPPr
E. BPDU protection
F. role-based access control
Answer: CD

7. Which is correct regarding the Management Plane Protection feature?
A. By default, Management Plane Protection is enabled on all interfaces.
B. Management Plane Protection provides for a default management interface.
C. Only SSH and SNMP management will be allowed on nondesignated management interfaces.
D. All incoming packets through the management interface are dropped except for those from the allowed management protocols.
Answer: D

8. Which is an advantage of implementing the Cisco IOS Firewall feature?
A. provides self-contained end-user authentication capabilities
B. integrates multiprotocol routing with security policy enforcement
C. acts primarily as a dedicated firewall device
D. is easily deployed and managed by the Cisco Adaptive Security Device Manager
E. provides data leakage protection capabilities
Answer: B

9. Which information will be shown by entering the command show zone-pair security?
A. zone descriptions and assigned interfaces
B. all service policy maps
C. source and destination zones, and attached policy
D. physical interface members of the zone pair
Answer: C

10. Which three statements correctly describe the GET VPN policy management? (Choose three.)
A. A central policy is defined at the ACS (AAA) server.
B. A local policy is defined on each group member.
C. A global policy is defined on the key server, and it is distributed to the group members.
D. The key server and group member policy must match.
E. The group member appends the global policy to its local policy.
Answer: BCE

11. When enabling Cisco IOS IPS using 5.x signatures, which required item can be downloaded from Cisco.com?
A. SDF files (128MB.sdf, 256MB.sdf, attack.drop.sdf)
B. public key
C. built-in signatures
D. Signature Micro-Engines
E. IME
Answer: B

12. Refer to the exhibit.
Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN functionality?
A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813
Answer: B

13. What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.)
A. basic
B. advanced
C. 128MB.sdf
D. 256MB.sdf
E. attack-drop
F. built-in
Answer: AB

14. What are the two enrollment options when using the SDM Certificate Enrollment wizard? (Choose two.)
A. SCEP
B. LDAP
C. OCSP
D. Cut-and-Paste/Import from PC
Answer: AD