100% New Questions–2016 Free Flydumps New Updated Cisco 642-504 Exam Questions

CCSP, Cisco Comments Off

 

Exam A Flydumps just published the newest Cisco 642-504 brain dumps with all the new updated exam questions and answers. We provide the latest version of Cisco 642-504 PDF and VCE files with up-to-date questions and answers to ensure your exam 100% pass,on our website you will get the Cisco 642-504 free new version VCE Player along with your VCE dumps

QUESTION 1
Which two technologies can secure the control plane of the Cisco router? (Choose two)
A. BPDU protection
B. role-based access control
C. routing protocol authentication
D. CPPr

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Cisco Secure Access Control Server (ACS) is a highly scalable, high-performance access control server that provides a comprehensive identity networking solution. Which of these statements is correct regarding user setup on ACS 4.0?
A. Users are assigned to the default group.
B. A user can belong to more than one group.
C. The username can contain characters such as “#” and “?”.
D. The settings at the group level override the settings configured at the user level

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Please study the exhibit carefully, and then answer the following question: .

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 3 Cisco 642-504: Practice Exam

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 4 Cisco 642-504: Practice Exam

Refer to the appropriate SDM screen(s), which two statements correctly describe the Cisco IOS Zone-Based Firewall configuration? (Choose two)
A. The “reset” action is applied to any HTTP request sourced from the “in” zone and destined to the “out” zone, which also has a request Uniform Resource Identifier (URI) that is greater than 500 bytes is length.
B. The “inspect” action is applied to Internet Control Message Protocol (ICMP) traffic sourced from the “in”zone and destined to the “out” zone.
C. The “http-policy” inspection policy map is applied to all HTTP and HTTPS traffic sourced from the “in” zone and destined to the “out” zone.
D. The “testpm” inspection polfcy map is applied to the r’inouf zone-pair.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the appropriate SDM screen(s), what is the User Datagram Protocol (UDP) idle time set for any HTTP traffic that is sourced from the “in” zone and destined to the “out” zone?

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 6 Cisco 642-504: Practice Exam

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 7 Cisco 642-504: Practice Exam

ActualTests.com
A. 10 seconds
B. 15 seconds
C. 30 seconds
“Pass Any Exam. Any Time.” – www.actualtests.com 8
Cisco 642-504: Practice Exam
D. 35 seconds

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the appropriate SDM screen(s), what is the reason that outside hosts can’t initiate Telnet (port 23) traffic to the 172.16.1.10 inside host?

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 9 Cisco 642-504: Practice Exam
ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 10 Cisco 642-504: Practice Exam

A. The implicit deny access control list (ACL) entry on the inbound ACL is applied to the outside ActualTests.com interface.
B. Static NAT is not correctly enabled to translate the 172.16.1.10 inside host address.
C. There is no zone-based firewall policy applied to the traffic sourced from the “out” zone and destined to the “in” zone.
D. The implicit denyacces control list (ACL) entry on the inbound ACL is applied to the outside interface.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 6
Which two categoiy types are associated with 5.x signature use in Cisco IOS IPS? (Choose two.)
A. basic
B. advanced
C. attack-drop
D. built-in

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Select two issues that you should consider when implementing IOS Firewall IDS. (Choose two)
A. The memory usage
B. The number of DMZs
C. The signature coverage
D. The number of router interfaces

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 8
You are the Cisco Configuration Assistant in your company. Which command is used to support 802.lx guest VLAN functionality based on the following configuration?

A. aaa authorization network default group radius
B. aaa authentication dotlx default group radius
C. aaa accounting dotlx default start-stop group radius
D. aaa accounting system default start-stop group radius

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
You are in charge of Securing Networks Cisco Routers and Switches in your company. Why is the Cisco IOS Firewall authentication proxy not working based on the following configuration?
aaa new model aaa authentication login default group tacacs aaa authentication auth-proxy default group tacacs + aaa accounting auth-proxy default start-stop group tacacs+ enable password TeSt_123 ip auto-proxy name pxy http ip auto-proxy auth-proxy-banner interface EthernetO/1 ip address 192.168.1.1 255.255.255.0 ip auto-proxy pxy no ip http server tacacs-server host 192.168.123.14 tacacs-server key Cisco lOutput omitted
A. Theaaa authentication auth-proxy default group tacacs+ command is missing
B. The router local username and password database is not configured.
C. You forgot to enable HTTP server and AAA authentication
D. Cisco IOS authentication proxy not support TACACS+,

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which advantage can be obtained by implementing the Cisco IOS Firewall feature?
A. provides data leakage protection capabilities
B. integrates multiprotocol routing with security policy enforcement
C. is easily deployed and managed by the Cisco Adaptive Security Device Manager
D. acts primarily as a dedicated firewall device

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 11
You are in charge of Securing Networks Cisco Routers and Switches in your company when troubleshooting site-to-site IPsec VPN, you see this console message: %CRYPT0-6-IKMP_SA_N0T_0FFERED: Remote peer %15i responded with attribute [chars] not offered or changed.
Which configuration should you verify?
A. the crypto ACL
B. the crypto map
C. theIPsec transform set
D. the ISAKMP policies

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which three descriptions are true about the GET VPN policy management? (Choose three,) A. The key server and group member policy must match.
B. A local policy is defined on each group member.
C. A global policy is defined on the key server, and it is distributed to the group members.
D. The group member appends the global policy to its local policy.

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 13
When you enter the CK-S(config)#aaa authentication dotlx default group radius command on a Cisco Catalyst switch, the Cisco IOS parser returns with the “invalid input detected” error message. What can be the cause of this error?
A. You must use thedotlx system – a uth- control command first to globally enable 802. lx.
B. You must define the RADIUS server IP address first, using the CK-S(config)# radius-server ActualTests.com host ip-address command.
C. You must enter theaaa new-model command first.
D. The local option is missing in the command,

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Please study the exhibit carefully, and then answer the following question: . What is the Fidenlity Rating of the DDoSTrinoo IPS signature (signature ID 4608,subsignature-id 3)?
ActualTests.com

“Pass Any Exam. Any Time.” – www.actualtests.com 15 Cisco 642-504: Practice Exam

ActualTests.com
A. 0
B. 50
C. 100
D. 150

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What is the value of the user defined variable used to indicate the criticality of the 10.10.10.99 host? This value is used in the Risk Rating calculations.

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 17 Cisco 642-504: Practice Exam
ActualTests.com
A. Low “Pass Any Exam. Any Time.” – www.actualtests.com 18 Cisco 642-504: Practice Exam
B. Medium
C. High
D. Mission Critical

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which Signature Engine supports Cisco IPS Signature ID 9423?

ActualTests.com
“Pass Any Exam. Any Time.” – www.actualtests.com 19 Cisco 642-504: Practice Exam
ActualTests.com
A. atomic-ip “Pass Any Exam. Any Time.” – www.actualtests.com 20 Cisco 642-504: Practice Exam
B. string-tcp
C. service-http
D. string-udp

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 17
When you implement Cisco IOS WebVPN on a Cisco router using a self-signed certificate, you notice that the router is not generating a self-signed certificate, What should you check to troubleshootthis issue?
A. Verify theip http server configuration.
B. Verify theWebVPN group policy configuration.
C. Verify the AAA authentication configuration.
D. Verify that theWebVPN gateway is inservice.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which item is correct about the relationship between the Cisco IOS SEAP feature and its description? Not all the features are used.
1.
Signature fidelity rating

2.
Alert severity rating

3.
Target value rating

4.
Risk rating ActualTests.com

5.
Event action filers

6.
Event action overrides
A. 1-3, 11-5,111-6
B. 1-3, 11-6,111-5
C. 1-2, 11-5,111-6
D. 1-2, 11-6,111-5

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks .When verifying Cisco IOS IPS “Pass Any Exam. Any Time.” -www.actualtests.com 21 Cisco 642-504: Practice Exam
operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. After you configure theip ips sdf location flash:filename command
B. After you configure theip ips sdf builtin command
C. After you configure a Cisco IOS IPS rule in the global configuration
D. when the first Cisco IOS IPS rule is enabled

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which router plane can be protected by the CPU and Memory Threshold Notifications of the Network Foundation Protection feature?
A. data plane
B. management plane
C. network plane
D. control plane

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 21
A new Company switch has been installed and you wish to secure it. Which Cisco Catalyst IOS command can be used to mitigate a CAM table overflow attack?
A. CK-S(config-if)# pott-security maximum 1
B. CK-S(config)# switchport port-security
C. CK-S(config-if)# port-security ActualTests.com
D. CK-S(config-if)£ switchport port-security maximum 1

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Please match NFP feature to the correct description
1, Flexible Packet Matching
2.
Control Plane Protection

3.
Control Plane Policing
(I) applies to all (caggregated) control-plane traffic
(Il) applies to a control-plane sub-if,example,host or transit or cef-exception (Ill) applies to data plane traffic
A. (I)-l (II)-2 (III)-3
B. (I)-2 (II)-3 (III)-l
C. (I)-3 (II)-l (III)-2
D. (I)-3 (II)-2 (III)-1

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Cisco IOS Flexible Packet Matching (FPM) uses flexible and granular Layer 2-7 pattern matching deep within the packet header or payload to provide a rapid first line of defense against network threats and notable worms and viruses, when configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Configure a class map of type “access-control” for classifying packets.
B. Configure a traffic policy.
C. Configure a service policy,
D. Configure a stack of protocol headers,

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 24
When an active signature is detected, Cisco IOS IPS can take specific actions. Which option is correct about the relationship between the action and its correct definition?
1.
Deny Attacker Inline

2.
Deny Connection Inline

3.
Deny Packet Inline

4.
Produce Alert

5.
Reset TCP Connection
A. I-3, II-5, III-2, IV-l, V-4
B. I-3, II-5, III-2, IV-4, V-1
C. I-3, II-5, III-l, IV-2, V-4
D. I-3, II-5, III-l, IV-4, V-2

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 23 Cisco 642-504: Practice Exam
QUESTION 25
You want to increase the security of a newly installed switch. Which Cisco Catalyst IOS command is used to mitigate a MAC spoofing attack?
A. CK-S(config-if)# port-security mac-address OOOO.ffff.aaaa
B. CK-S(config)# switchport port-security mac-address OOOO.ffff.aaaa
C. CK-S(config-if)# switchport port-security mac-address OOOO.ffff.aaaa
D. CK-S(config)£ port-security mac-address OOOO.ffff.aaaa

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 26
The NHRP process allows which requirement to be satisfied in DMVPN?
A. dynamic physical interface IP address at the spoke routers
B. dynamic spoke-to-spoke on-demand tunnels r
C. dynamic routing over the DMVPN
D. dual DMVPN hub designs

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Based on the following configuration, which two statements are correct? (Choose two,)
Ip ips name MYIPS ! ActualTests.com Interface GigabitEthernet 0/1 Ip address 10.1.1.16 255.255.255.0 Ip ip MYIPS IN !
A. SDEE alert messages will be enabled
B. The basic signatures will beusedl~~
C. The built-in signatures will be used.
D. Cisco IOS IPS will fail-open.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 24 Cisco 642-504: Practice Exam
QUESTION 28
Which statement accurately describes the Management Plane Protection feature?
A. Only SSH and SNMP management will be allowed onnondesignated management interfaces.
B. Management Plane Protection is enabled on all interfaces by default.
C. Management Plane Protection offers a default management interface,
D. All incoming packets through the management interface are dropped except for those from the allowed management protocols.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 29
The security administrator for Company InC. is working on defending the network against SYN flooding attacks. Which of the following are tools to protect the network from TCP SYN attacks?
A. Route authentication
B. Encryption
C. ACLs
D. TCP intercept

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 30
While using the SDM Certificate Enrollment wizard, which two are the enrollment options? (Choose two.)
A. SCEP
B. ocsp
C. LDAP
D. Cut-and-Paste/Import from PC

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 31
Which of the following IOS commands will you advise the Company trainee technician to use when setting the timeout for router terminal line?
A. exec-timeout minute [seconds]
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds]

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 32
You are the Cisco Configuration Assistant in Your company. Which tow configuration commands are used to apply an inspect policy map for traffic traversing from the E0 or E1 interface to the S3 interface based on the following configuration? (Choose tow)

A. zone-pair security test sourceZl destination Z2
B. interface EO
C. policy-mapmyfwpolicy class class-default inspect
D. service-policy type inspectmyfwpolicy

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 33
The Company network is implementing IBNS. In a Cisco Identity-Based Networking Service (IBNS) implementation, the endpoint that is seeking network access is known as what?
A. Host
B. Authentication
C. PC
D. Supplicant

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 26 Cisco 642-504: Practice Exam
QUESTION 34
Which three features are supported by Cisco IOS Firewall? (Choose three.)
A. alerts
B. audit trails
C. active/activestateful fail over
D. DoS attacks protection

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 35
A new IBNS system is being installed in the Company network. The Cisco Identity- Based Networking Services (IBNS) solution is based on which two standard implementations? (Choose two.)
A. TACACS+
B. RADIUS T
C. 802.11
D. 802.lx

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Which option is correct according to partial configuration displayed in the following exhibit?

A. The policy is configured to use Triple DESIPsec encryption,
B. The policy is configured to use an authentication key of ‘rsa-sig’.
C. The policy is configured to useDiffie-Hellman group sha-1.
D. The policy is configured to use digital certificates. “Pass Any Exam. Any Time.” – www.actualtests.com 27 Cisco 642-504: Practice Exam

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 37
In IKE phasel, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase. What are the three authentication methods that you can use during IKE Phase 1? (Choose three,)
A. AAA Authentication
B. pre-shared key
C. RSA signature
D. RSA encrypted nonce

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 38
While using 5.x signatures to enable Cisco IOS IPS, which required option, could be downloaded from Cisco.com?
A. Built-in signatures
B. public key
C. SDF files (128MB.sdf, 256MB.sdf,attack.drop.sdf)
D. Signature Micro-Engines and IME

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 39
You wish to configure 802.IX port control on your switch. Which three keywords are used with the dotlx port-control command? (Choose three.)
A. enable
B. force-authorized
C. force-unauthorized
D. auto

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 28 Cisco 642-504: Practice Exam
QUESTION 40
What information can be displayed by issuing the command show zone-pair security?
A. physical interface members of the zone pair
B. zone descriptions and assigned interfaces
C. source and destination zones, and attached policy
D. all service policy maps
Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Ensure that you are provided with only the best and most updated Cisco 642-504 Certification training materials, we also want you to be able to access Cisco 642-504 easily, whenever you want.We provide all our Cisco 642-504 Certification exam training material in PDF format, which is a very common format found in all computers and gadgets. Now we add the latest Cisco 642-504 content and to print and share content.

Author

Back to Top