REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
John Devis
 
 

Braindumps of 642-637
Securing Networks with Cisco Routers and Switches

 

Exam Questions, Answers, Braindumps (642-637)
Thanx to www.exams.ws for providing dumps.


Question:- 1
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?
A. EAP-MD5
B. IPsec
C. EAPOL
D. RADIUS
Answer:- D
Question:- 2
What will the authentication event fail retry 0 action authorize vlan 300 command accomplish?
A. assigns clients that fail 802.1X authentication into the restricted VLAN 300
B. assigns clients to VLAN 300 and attempts reauthorization
C. assigns a client to the guest VLAN 300 if it does not receive a response from the client to its EAPOL request/identity frame
D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain network access again for 300 seconds
Answer:- A
Question:- 3
You have configured a guest VLAN using 802.1X on a Cisco Catalyst switch. A client incapable of using 802.1X has accessed the port and has been assigned to the guest VLAN. What happens when a client capable of using 802.1Xjoins the network on the same port?
A. The client capable of using 802.1X is allowed access and proper security policies are applied to the client.
B. EAPOL packets will not be allowed on the guest VLAN and the access attempt with fail.
C. The port is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted.
D. This is considered a security breach by the authentication server and all users on the access port will be placed into the restricted VLAN.
Answer:- C
Question:- 4
You are loading a basic IPS signature package onto a Cisco router. After a period of time, you see this message:
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 275013 ms. What do you expect happened during downloading and compilation of the files?
A. The files were successfully copied with an elapse time of 275013 ms.The router will continue with extraction and compilation of the signature database.
B. The signature engines were compiles, but there is no indication that the actual signatures were compiled.
C. The compilation failed for some of the signature engines. There are 16 engines, but only 6 were completed according to the %IPS-6 message
D. The files were compiled without error.
Answer:- D
Question:- 5
Which two of these are benefits of implementing a zone-based policy firewall in transparent mode? (Choose two.)
A. Less firewall management is needed.
B. It can be easily introduced into an existing network.
C. IP readdressing is unnecessary.
D. It adds the ability tostatefully inspect non-IP traffic.
E. It has less impact on data flows.
Answer:- B,C
Question:- 6
When configuring a zone-based policy firewall, what will be the resulting action if you do not specify any zone pairs for a possible pair of zones?
A. All sessions will pass through the zone without being inspected.
B. All sessions will be denied between these two zones by default.
C. All sessions will have to pass through the router "self zone" for inspection before being allowed to pass to the destination zone.
D. This configurationstatelessly allows packets to be delivered to the destination zone.
Answer:- B
Question:- 7
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?
A. EAP-MD5
B. IPsec
C. EAPOL
D. RADIUS
Answer:- D
Question:- 8
What action will the parameter-map type ooo global command enable?
A. globally initiates tuning of the router's TCPnormalizer parameters for out-of-order packets
B. globally classifies typeooo packets within the parameter map and subsequent policy map
C. enables a parameter map namedooo
D. configures a global parameter map for traffic destined to the router itself
Answer:- A
Question:- 9
You are running Cisco lOS IPS software on your edge router. A new threat has become an issue. The Cisco lOS IPS software has a signature that can address the new threat, but you previously retired the signature. You decide to unretire that signature to regain the desired protection level. How should you act on your decision?
A. Retired signatures are not present in the routers memory. You will need to download a new signature package to regain the retired signature.
B. You should re-enable the signature and start inspecting traffic for signs of the new threat.
C. Unretiring a signature will cause the router to recompile the signature database, which can temporarily affect performance.
D. You cannotunretire a signature. To avoid a disruption in traffic flow, it's best to create a custom signature until you can download a new signature package and reload the router.
Answer:- C
Question:- 10
Which statement best describes inside policy based NAT?
A. Policy NAT rules are those that determine which addresses need to be translated per the enterprise security policy
B. Policy NAT consists of policy rules based on outside sources attempting to communicate with inside endpoints.
C. These rules use source addresses as the decision for translation policies.
D. These rules are sensitive to all communicating endpoints.
Answer:- A
Question:- 11
Which of these should you do before configuring IP Source Guard on a Cisco Catalyst switch?
A. enable NTP for event correlation
B. enable IP routing authentication
C. configure an access list with exempt DHCP-initiated IP address ranges
D. turn DHCP snooping on at least 24 hours in advance
Answer:- D
Question:- 12
When Cisco IOS IPS is configured to use SDEE for event notification, how are events managed?
A. They are stored in the router's event store and will allow authenticated remote systems to pull events from the event store.
B. All events are immediately sent to the remote SDEE server.
C. Events are sent viasyslog over a secure SSUTLS communications channel.
D. When the event store reaches its maximum configured number of event notifications, the stored events are sent via SDEE to a remote authenticated server and a new event store is created.
Answer:- A
Question:- 13
Which two of these will match a regular expression with the following configuration parameters?
[a-zA-Z][0-9][a-z] (Choose two.)
A. Q3h
B. B4Mn
C. aaB132AA
D. c7lm
E. BBpjnrIT
Answer:- A,D
Question:- 14
Which two of these are features of control plane security on a Cisco ISR? (Choose two.
A. CoPP
B. RBAC
C. AAA
D. CPPr
E. uRPF
F. FPM
Answer:- A,D

 

642-637

 

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend