2016 New Questions–Free Download New Questions for Cisco 642-504 Exam 100% Valid

CCSP, Cisco Comments Off

The Newest VCE and PDF! As we know, only valid and newest Cisco 642-504 Flydumps vce can help you a lot in passing the exam. Just try Flydumps Cisco 642-504 latest vce and pdf, which are authenticated by expert and covering every aspect of Cisco 642-504 exam.100% money back guarantee!

Exam A
QUESTION 1
Cisco Secure Access Control Server (ACS) is a highly scalable, high-performance access control server that provides a comprehensive identity networking solution. Which of these statements is correct regarding user setup on ACS 4.0?
A. In the case of conflicting settings, the settings at the group level override the settings configured at the user level.
B. A user can belong to more than one group.
C. The username can contain characters such as “#” and “?”.
D. By default, users are assigned to the default group.
E. The ACS PAP password cannot be used as the CHAP password also.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two commands are used to only allow SSH traffic to the router Eth0 interface and deny other management traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. interface eth0
B. control-plane host
C. policy-map type port-filter policy-name
D. service-policy type port-filter input policy-name
E. management-interface eth0 allow ssh
F. line vty 0 5 transport input ssh

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:

QUESTION 3
When troubleshooting site-to-site IPsec VPN on Cisco routers, you see this console message:
%CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
Which configuration should you verify?
A. the crypto ACL
B. the crypto map
C. the IPsec transform set
D. the ISAKMP policies
E. the pre-shared key
F. the DH group

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 4
When verifying Cisco IOS IPS operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. immediately after you configure the ip ips sdf location flash:filename command
B. immediately after you configure the ip ips sdf builtin command
C. after you configure a Cisco IOS IPS rule in the global configuration
D. after traffic reaches the interface with Cisco IOS IPS enabled
E. when the first Cisco IOS IPS rule is enabled on an interface
F. when the SMEs are put into active state using the ip ips name rule-name command

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. Why is the Total Active Signatures count zero?

A. The 128MB.sdf file in flash is corrupted.
B. IPS is in fail-open mode.
C. IPS is in fail-closed mode.
D. IPS has not been enabled on an interface yet.
E. The flash:/128MB.sdf needs to be merged with the built-in signatures first.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Cisco IOS Flexible Packet Matching (FPM) uses flexible and granular Layer 2-7 pattern matching deep within the packet header or payload to provide a rapid first line of defense against network threats and notable worms and viruses, when configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Define a stack of protocol headers.
B. Define a traffic policy.
C. Define a service policy.
D. Define a class map of type “access-control” for classifying packets.
E. Reload the router.
F. Save the PHDFs to startup-config.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Based on the following configuration, which two statements are correct? (Choose two)
Ip ips name MYIPS! Interface GigabitEthernet 0/1Ip address 10.1.1.16 255.255.255.0Ip ip MYIPS IN!
A. Cisco IOS IPS will fail-open.
B. The basic signatures (previously known as 128MB.sdf) will be used if the built-in signatures fail to load.
C. The built-in signatures will be used.
D. SDEE alert messages will be enabled.
E. syslog alert messages will be enabled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 8
You are the Cisco Configuration Assistant in your company. Which command is used to support 802.lx guest VLAN functionality based on the following configuration?

A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Our material on our site Cisco 642-504 is exam-oriented, keeping in view the candidates requirements and level of understanding.Cisco 642-504 materials are in the most popular and easy-to-use PDF version. You can use it on any devices with you anywhere.

Author

Back to Top