REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Andrew
 
 

Braindumps of 642-504
Securing Networks with Cisco Routers and Switches Exam


 
Hi to all and thanks to www.exams.ws and www.4exam.com But there’s no need to have it from both of them, only questions from only one are sufficient I think. Here is my contribution.


 
QUESTION NO: 1
Which two are technologies that secure the control plane of the Cisco router? (Choose two.)
A. Cisco IOS Flexible Packet Matching
B. uRPF
C. routing protocol authentication
D. CPPr
E. BPDU protection
F. role-based access control
Answer: C,D
QUESTION NO: 2
When using Cisco Easy VPN, what are the three options for entering the XAUTH username and password for establishing the VPN connection from the Cisco Easy VPN remote router? (Choose three.)
A. using the router local user database
B. using an external AAA server
C. entering the information from the router console or SDM
D. entering the information from the PC browser when browsing
E. saving the XAUTH credentials to this router
Answer: C,D,E
QUESTION NO: 3
What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.)
A. basic
B. advanced
C. 128MB.sdf
D. 256MB.sdf
E. attack-drop
F. built-in
Answer: A,B
QUESTION NO: 4
You are an administrator configuring a Cisco router to enroll with a certificate authority. What is a recommended best practice to perform prior to configuring enrollment parameters?
A. Contact the registration authority to obtain the enrollment URL.
B. Manually verify the PKCS #10 certificate prior to enrollment.
C. Configure the certificate revocation list to ensure that you do not receive revoked CA certificates.
D. Configure Network Time Protocol
E. If using SCEP, ensure that TCP port 22 traffic is permitted to the router.
Answer: D
QUESTION NO: 5
Which is an advantage of implementing the Cisco IOS Firewall feature?
A. provides self-contained end-user authentication capabilities
B. integrates multiprotocol routing with security policy enforcement
C. acts primarily as a dedicated firewall device
D. is easily deployed and managed by the Cisco Adaptive Security Device Manager
E. provides data leakage protection capabilities
Answer: B
QUESTION NO: 6
Which three statements correctly describe the GET VPN policy management? (Choose three.)
A. A central policy is defined at the ACS (AAA) server.
B. A local policy is defined on each group member.
C. A global policy is defined on the key server, and it is distributed to the group members.
D. The key server and group member policy must match.
E. The group member appends the global policy to its local policy.
Answer: B,C,E
QUESTION NO: 7
DMVPN configuration uses which tunnel mode type on the tunnel interface?
A. dvmrp
B. iPseclPv4
C. NHRP
D. GRE multipoint
Answer: D
QUESTION NO: 8
When configuring GRE over IPsec, what is true regarding the GRE tunnel endpoints?
A. A mirror image of the IPsec crypto ACL needs to be configured to permit the interesting enduser traffic between the GRE endpoints.
B. The tunnel interface of both endpoints should be configured to use the outside IP address of the router as the unnumbered IP address.
C. The tunnel interface of both endpoints needs to be in the same IP subnet.
D. For high availability, the GRE tunnel interface should be configured with a primary and a backup tunnel destination IP address.
Answer: C
QUESTION NO: 9
The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protect which router plane?
A. control plane
B. management plane
C. data plane
D. network plane
Answer: B
QUESTION NO: 10
Cisco Easy VPN Server pushes parameters such as the client internal IP address, DHCP server IP address, and WINS server IP address to the Cisco Easy VPN Remote client during which of these phases?
A. IKE Phase 1 first-message exchange
B. IKE Phase 2 last-message exchange
C. IKE mode configuration
D. IKE XAUTH
E. IKE quick mode
Answer: C
QUESTION NO: 11
Which three statements correctly describe the GET VPN policy management? (Choose three.)
A. A central policy is defined at the ACS (AAA) server.
B. A local policy is defined on each group member.
C. A global policy is defined on the key server, and it is distributed to the group members.
D. The key server and group member policy must match.
E. The group member appends the global policy to its local policy.
Answer: B,C,E
QUESTION NO: 12
In DMVPN, the NHRP process allows which requirement to be met?
A. dynamic physical interface IP address at the spoke routers
B. high-availability DMVPN designs
C. dynamic spoke-to-spoke on-demand tunnels
D. dynamic routing over the DMVPN
E. dual DMVPN hub designs
Answer: A
QUESTION NO: 13
Which is correct regarding the Management Plane Protection feature?
A. By default, Management Plane Protection is enabled on all interfaces.
B. Management Plane Protection provides for a default management interface.
C. Only SSH and SNMP management will be allowed on nondesignated management interfaces.
D. All incoming packets through the management interface are dropped except for those from the allowed management protocols.
Answer: D


642-504

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend