Flydumps Recently Updated Cisco 642-504 Real Exam Questions 100 Percent Pass

CCSP, Cisco Comments Off

New VCE and PDF– You can prepare Cisco 642-504 exam in an easy way with Flydumps Cisco 642-504 questions and answers. By training our vce dumps with all Cisco 642-504 the latest questions,you can pass the exam in the first attempt.

Exam A
QUESTION 1
Which two are technologies that secure the control plane of the Cisco router? (Choose two.)
A. Cisco IOS Flexible Packet Matching
B. uRPF
C. routing protocol authentication
D. CPPr
E. BPDU protection
F. role-based access control
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.)
A. basic
B. advanced
C. 128MB.sdf
D. 256MB.sdf
E. attack-drop
F. built-in
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit.
Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN
functionality?
A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813
Correct Answer: B Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
Which is an advantage of implementing the Cisco IOS Firewall feature?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
A. provides self-contained end-user authentication capabilities
B. integrates multiprotocol routing with security policy enforcement
C. acts primarily as a dedicated firewall device
D. is easily deployed and managed by the Cisco Adaptive Security Device Manager
E. provides data leakage protection capabilities
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which three statements correctly describe the GET VPN policy management? (Choose three.)
A. A central policy is defined at the ACS (AAA) server.
B. A local policy is defined on each group member.
C. A global policy is defined on the key server, and it is distributed to the group members.
D. The key server and group member policy must match.
E. The group member appends the global policy to its local policy.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 6
The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protects which router plane?
A. control plane
B. management plane
C. data plane
D. network plane
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
In DMVPN, the NHRP process allows which requirement to be met?
A. dynamic physical interface IP address at the spoke routers
B. high-availability DMVPN designs
C. dynamic spoke-to-spoke on-demand tunnels
D. dynamic routing over the DMVPN
E. dual DMVPN hub designs

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which is correct regarding the Management Plane Protection feature?
A. By default, Management Plane Protection is enabled on all interfaces.
B. Management Plane Protection provides for a default management interface.
C. Only SSH and SNMP management will be allowed on nondesignated management interfaces. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
D. All incoming packets through the management interface are dropped except for those from the allowed management protocols.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 9
What are the two enrollment options when using the SDM Certificate Enrollment wizard? (Choose two.)
A. SCEP
B. LDAP
C. OCSP
D. Cut-and-Paste/Import from PC
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit.
Which two configuration commands are used to apply an inspect policy map for traffic traversing from the
E0 or E1 interface to the S3 interface? (Choose two.)
A. zone-pair security test source Z1 destination Z2
B. interface E0
C. policy-map myfwpolicy class class-default inspect
D. ip inspect myfwpolicy out
E. ip inspect myfwpolicy in
F. service-policy type inspect myfwpolicy
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Cisco IOS Firewall supports which three of the following features? (Choose three.)
A. alerts
B. audit trails
C. multicontext firewalling
D. active/active stateful failover
E. DoS attacks protection PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit.
What is correct based on the partial configuration shown?
A. The policy is configured to use an authentication key of ‘rsa-sig’.
B. The policy is configured to use Diffie-Hellman group sha-1.
C. The policy is configured to use Triple DES IPsec encryption.
D. The policy is configured to use digital certificates.
E. The policy is configured to use access list 101 to identify the IKE-protected traffic.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
When enabling Cisco IOS IPS using 5.x signatures, which required item can be downloaded from Cisco.com?
A. SDF files (128MB.sdf, 256MB.sdf, attack.drop.sdf)
B. public key
C. built-in signatures
D. Signature Micro-Engines
E. IME
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which information will be shown by entering the command show zone-pair security?
A. zone descriptions and assigned interfaces
B. all service policy maps
C. source and destination zones, and attached policy
D. physical interface members of the zone pair
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
QUESTION 15
Cisco IOS SSL VPN thin-client mode has which two characteristics? (Choose two.)
A. uses a Java applet
B. supports TCP and UDP applications that use static port(s)
C. provides full tunnel access like the IPsec VPN software client
D. requires the use of browser plug-ins
E. provides TCP port forwarding capabilities
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:

Get certified Cisco 642-504 is a guaranteed way to succeed with IT careers.We help you do exactly that with our high quality ISC Cisco 642-504 Certification Certified Information Systems Security Professional training materials.

Author

Back to Top