Cisco 642-513 Actual Questions, High Pass Rate Cisco 642-513 Real Exam Questions And Answers Covers All Key Points

GOOD NEWS:Flydumps has published the new version with all the new added questions and answers.By training the Cisco 642-513 VCE dumps, you can pass the exam easily and quickly.

QUESTION 31
What happens if the Agent UI control rule is not present in any active rule modules?
A. The Agent UI becomes present on the system.
B. The Agent UI is not present on the system.
C. The Agent UI is visible on the system.
D. The Agent UI is not visible on the system.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 32
What are the three options that can be given to a user when a Query User window appears? (Choose three.)
A. allow
B. accept
C. deny
D. kill E. terminate

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which view within the CSA MC allows users to see a view of event records based on filtering criteria such as time and severity?
A. Event Summary
B. Event Log
C. Event Monitor
D. Event Sets
E. Event Alerts

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 34
When a rule is cloned, which part of the rule is not cloned?
A. sets
B. rule modules
C. hosts
D. variables

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 35
What is the purpose of the network interface control rule?
A. to prevent applications from opening devices and acting as a sniffer
B. to provide protocol stack hardening rules
C. to prevent users from opening devices that can act as a sniffer
D. to provide filtering of undesired traffic at the network interface level

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 36
What action must happen before a system that has CSA can download policies configured for it?
A. The system must be rebooted.
B. The system must install Agent kits.
C. The system must be polled by the CSA MC.
D. The system must register with the CSA MC.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Which rules will not be enforced if you fail to reboot a Windows system following installation of the CSA?
A. network access control rules
B. buffer overflow rules
C. COM component access control rules
D. network shield rules

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Which view within the CSA MC allows users to see overall system status information, including a summary of recorded events, agent configuration, and activity?
A. Status Summary
B. Event Log
C. Event Monitor
D. Event Sets
E. Alerts

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Which operating system does not allow Query User options?
A. OS2
B. Windows
C. Linux
D. Solaris
E. HPUX

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 40
For which layers of the OSI reference model does CSA enforce security?
A. Layer 1 through Layer 4
B. Layer 1 through Layer 7
C. Layer 2 through Layer 4
D. Layer 3 through Layer 7

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which view within the CSA MC allows users to see a continuously refreshed view of the most recently logged event records?
A. Event Log
B. Event Monitor
C. Event Sets
D. Event Alerts

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 42
What are the three CSA MC administrator roles? (Choose three.)
A. access
B. configure
C. deploy
D. view
E. monitor
F. administer

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 43
What can you optionally install when you choose the Quiet Install option when creating a new Windows Agent kit?
A. the Agent kit shim
B. the protocol shim
C. the network shim
D. the policy shim

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 44
When you choose the Log All Deny Actions option within a group, how are deny actions logged?
A. Deny actions are logged every 5 minutes.
B. Deny actions are logged every 10 minutes.
C. Every deny action is logged regardless of the specific rule settings.
D. Only those deny actions that are configured within specific rules are logged.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 45
For which operating system is the system API control rule available?
A. OS2
B. Windows
C. Linux
D. Solaris

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 46
How can you configure a host to poll in to the CSA MC before its scheduled polling interval using the CSA MC?
A. Click the Poll button on the Agent UI.
B. Choose the Poll Now button on the CSA MC.
C. Choose the Send Polling Hint option in the CSA MC.
D. Enter a polling interval in the appropriate box on the CSA MC.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 47
In which type of rules are file sets used?
A. COM component access control rules
B. resource access control rules
C. file version control rules
D. file access control rules

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
What status is shown when an Agent kit is prepared for downloading to hosts?
A. prepared
B. ready
C. needs rule generation
D. complete

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 50
Which protocol is required for the administrative workstation to communicate with the CSA MC?
A. SSH
B. Telnet
C. SSL
D. IPSec

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 51
How can the Agent kit be sent out to host machines?
A. via a URL that is e-mailed to clients
B. via a TFTP server
C. via an FTP server
D. via a Telnet server

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
What is the purpose of the sniffer and protocol detection rule?
A. to stop sniffers from running on a network
B. to allow sniffers to run on a network
C. to cause an event to be logged when non-IP protocols and sniffer programs are detected running on systems
D. to deny non-IP protocols and sniffer programs from running on systems

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
What are three types of variables used for CSA? (Choose three.)
A. global sets
B. file sets
C. API sets
D. data sets
E. network address sets

Correct Answer: BDE Section: (none) Explanation Explanation/Reference:
QUESTION 54
What is the purpose of connection rate limit rules?
A. to limit the number of connections to an application
B. to limit the number of calls to the kernel in a specified time frame
C. to limit the number of network connections within a specified time frame
D. to limit the number of malformed connection requests to a web server

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which port is used to access the CSA MC from the administrative workstation?
A. 21
B. 23
C. 1741
D. 1802

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which two of the following file access rule criteria can you use to allow or deny the operations that the selected applications can perform on files? (Choose two.)
A. the application attempting to access the file
B. the application attempting to access the service or address
C. the operation attempting to act on the file
D. the direction of the communications
E. the address with which a system is attempting to communicate

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 57
What action is taken on user query windows when the Agent UI is not present on a system?
A. The default action is always taken.
B. All actions are denied.
C. All actions are allowed.
D. All actions are allowed and logged.
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 58
Which three make up the CSA architecture model? (Choose three.)
A. Cisco Trust Agent
B. Cisco Security Agent
C. Cisco Security Agent Management Center
D. Cisco Intrusion Prevention System
E. an administrative workstation
F. a syslog server

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Which two of the following network access rules can you use to control access to specified network services? (Choose two.)
A. the application attempting to access the file
B. the application attempting to access the service or address
C. the operation attempting to act on the file
D. the direction of the communications

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

We provide thoroughly reviewed Cisco 642-513 using the training resources which are the best for Cisco 642-513,and to get certified by Microsoft Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 642-513 content and to print and share content.

Continue Reading

Cisco 642-504 Vce & PDF, Sale Latest Cisco 642-504 Certificate Latest Version PDF&VCE

New VCE and PDF– You can prepare Cisco 642-504 exam in an easy way with Flydumps Cisco 642-504 questions and answers.By training our vce dumps with all Cisco 642-504 the latest questions,you can pass the exam in the first attempt.

QUESTION 45
The Company network is using an 802.IX implementation, in an 802.lx implementation the supplicant directly connects to, and obtains network access permission through which device?
A. Host
B. Authenticator
C. PC
D. Authentication server

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 46
The Easy VPN Server feature allows Cisco IOS routers, Cisco Adaptive Security Appliances (ASA), and Cisco PIX Security Appliances to act as head-end devices in site-to-site or remote- access VPNs The feature pushes security policies defined at the central site to the remote device during which of these phases?
A. IKE Phase 1 first message exchange
B. IKE Phase 2 first message exchange
C. IKE Phase 2 last message exchange
D. IKE mode configuration

Correct Answer: D Section: (none) Explanation
QUESTION 47
You are in charge of Securing Networks Cisco Routers and Switches in your company please point out two benefits of using an IPsec GRE tunnel. (Choose two,)
A. It requires a more restrictive crypto ACL to provide finer security control
B. It has less overhead than runningIPsec in tunnel mode.
C. It allows IP multicast traffic. ActualTests.com
D. It allows dynamic routing protocol to run over the tunnel interface.

Correct Answer: CD Section: (none) Explanation
QUESTION 48
Which two capabilities are of the Cisco IOS Firewall Feature Set? (Choose two,)
A. protects against worms, malicious users, and denial of service
B. provides for secure connectivity between branch offices
C. provides intrusion protection capabilities
D. interoperates with Network Address Translation to conserve and simplify network address use “Pass Any Exam. Any Time.” – www.actualtests.com 31 Cisco 642-504: Practice Exam

Correct Answer: AD Section: (none) Explanation
QUESTION 49
Which two are typical Layer 2 attacks? (Choose two.)
A. MAC spoofing
B. CAM table overflow
C. Route poisoning
D. DHCP Starvation

Correct Answer: AB Section: (none) Explanation
QUESTION 50
You are the Cisco Configuration Assistant in your company.Which two commands would you use to only allow SSH traffic to the router EthO interface and deny other management traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. control-plane host
B. interfaceethO
C. policy-map type port-filter policy-name
D. management-interfaceethO allow ssh

Correct Answer: AD Section: (none) Explanation
QUESTION 51
You want to increase the security levels at layer 2 within the Company switched LAN. Which three are typical Layer 2 attack mitigation techniques? (Select three)
A. 802.lx authentication
B. Port security
C. ARP snooping
D. DHCP snooping

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which alerting protocol is used by Cisco IOS IPS with a pull mechanism for getting IPS alerts to the network management application?
A. SNMP
B. syslog
C. SDEE
D. POP3

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 53
You are the Cisco Configuration Assistant in your company.When you enter the switch(config)£aaa authentication dotlx default group radius command on a Cisco Catalyst switch, You get the error message “invalid input detected”, What is the most likely reason?
A. Enable 802.lx.first
B. Define the RADIUS server IP address first, using theswitch(config)# radius-server host ip- address command.
C. Method-list name is missing
D. Enter theaaa new-model command first,

Correct Answer: D Section: (none) Explanation
QUESTION 54
When configuring FPM, which is the next step after loading the PHDFs?
A. Define a stack of protocol headers. ActualTests.com
B. Define a class map of type “access-control” for classifying packets,
C. Reload the router.
D. Save the PHDFs to startup-config,

Correct Answer: A Section: (none) Explanation
QUESTION 55
The Company security administrator is in charge of creating a security policy for the company. Which two statements about the creation of a security policy are true? (Choose two)
A. It helps Chief Information Officers determine the return on investment of network security at Company Inc.
B. It defines how to track down and prosecute policy offenders at Company Inc.
C. It provides a process to audit existing network security at Company Inc.
D. It defines which behavior is and is not allowed at Company Inc.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which secure group keying mechanism is used by GET VPN?
A. public and private keys
B. Diffle-Hellman
C. Group Domain of Interpretation
D. group key agreement

Correct Answer: C Section: (none) Explanation
QUESTION 57
You are the network consultant from your company. Cisco IOS Zone-Based Firewall uses which of the following to identify a service or application from traffic flowing through the firewall?
A. Network Based Application Recognition
B. extended access list
C. deep packet inspection
D. PAM table ActualTests.com

Correct Answer: D Section: (none) Explanation
QUESTION 58
Which best practice is recommended while configuring the Auto Update feature for Cisco IOS IPS?
A. Synchronize the router’s clock to the PC before configuring Auto Update,
B. Download the realm-cisco.pub.key file and update the public key stored on the router.
C. Clear the router’s flash of unused signature files.
D. Enable anonymous TFTP downloads from Cisco.com and specify the download frequency. “Pass Any Exam. Any Time.” – www.actualtests.com 34 Cisco 642-504: Practice Exam

Correct Answer: A Section: (none) Explanation
QUESTION 59
Router CK1 is configured with the IOS firewall feature set to prevent TCP based attacks. How many incomplete connections must this router have by default before TCP Intercept will start dropping incomplete connections?
A. 500
B. 1100
C. 700
D. 900

Correct Answer: B Section: (none) Explanation
QUESTION 60
Which statement is correct about the GRE tunnel endpoints while configuring GRE over IPsec?
A. For high availability, the GRE tunnel interface should be configured with aprimaty and a backup tunnel destination IP address.
B. A mirror image of theIPsec crypto ACL needs to be configured to permit the interesting end- user traffic between the GRE endpoints.
C. The tunnel interface of both endpoints needs to be in the same IP subnet,
D. The tunnel interface of both endpoints should be configured to use the outside IP address of the router as the unnumbered IP address.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 61
Which of the following represents the behavior of the CBAC aggressive mode in a Cisco IOS firewall?
A. Delete all half-open session
B. Re-initiate half open session
C. Complete all half open sessions make the full open session
D. Delete half-open session as needed to accommodate new connection requests

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Cisco 642-504: Practice Exam
QUESTION 62
You are in charge of Securing Networks Cisco Routers and Switches in your company Given that the faO/1 interface is the trusted interface, what could be a reason for users on the trusted inside networks not to be able to successfully establish outbound HTTP connections based on the following configuration?

A. access-list on the faO/1intetface is not set.
B. The RVRULE inspection policy is not inspecting HTTP traffic.
C. access-list 104 is denying the outbound HTTP traffic.
D. The outgoing inspection rule on the fa0/1 interface is not set, ActualTests.com

Correct Answer: C Section: (none) Explanation
QUESTION 63
The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).Referring to a DMVPN hub router tunnel interface configuration, what will fail if the ip nhrp map multicast dynamic command is missing on the tunnel interface?
A. The NHRP request and response. “Pass Any Exam. Any Time.” – www.actualtests.com 36 Cisco 642-504: Practice Exam
B. The GRE tunnel
C. The IPsec peering
D. The dynamic routing protocol.

Correct Answer: D Section: (none) Explanation
QUESTION 64
What is the objective of the Cisco SDM IPS migration tool?
A. to migrate from promiscuous mode IPS to inline IPS
B. to migrate from Cisco IOS IPS version 4.0 to Cisco IOS IPS version 5.0
C. to migrate from Cisco IOS IPS to the Cisco AIM-IPS
D. to migrate from the Cisco NM-CIDS to the Cisco AIM-IPS

Correct Answer: B Section: (none) Explanation
QUESTION 65
What OSI layers can CBAC filter on? Select all that apply.
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 7

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 66
Which description is true about the Cisco IOS IPS configuration output shown in the following exhibit?
“Pass Any Exam. Any Time.” – www.actualtests.com 37 Cisco 642-504: Practice Exam

A. The SDF will be loaded from the IPS directory in flash.
B. The built-in signatures will be used.
C. The router is using the advanced IPS signature set.
D. The SMEs are stored in the IPS directory in flash.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 67
Router CK1 has been upgraded with the Cisco firewall IOS. Which of the following cannot be configured on a router unless the IOS Firewall feature set is installed? (Select all that apply)
A. PAM
B. Authentication Proxy
C. IDS
D. CBAC “Pass Any Exam. Any Time.” – www.actualtests.com 38 Cisco 642-504: Practice Exam

Correct Answer: ABCD Section: (none) Explanation
QUESTION 68
For the following Cisco IOS Firewall features, which one allows the firewall to function as a Layer 2 bridge on the network?
A. firewall ACL bypass
B. zone-based firewall
C. CBAC
D. transparent firewall

Correct Answer: D Section: (none) Explanation
QUESTION 69
While logged into a Company router, which of the following commands specifies that the IOS Firewall IDS engine drops packets and resets TCP connections for information signatures?
A. ip audit name auditi info attack drop reset
B. ip audit name auditi info action drop reset
C. ip audit name auditi info sig action drop reset
D. ip audit name auditi sig info drop reset

Correct Answer: D Section: (none) Explanation
QUESTION 70
Which statement best describes Cisco IOS Firewall URL-filtering services on Cisco IOS Release 12,4(15)T and later?
A. Enabling “allow mode” is required when using an external URL-filtering server.
B. Multiple URL lists and URL filter server lists can be configured on the router.
C. URL filtering with zone-based firewalls is configured using the type “inspect” parameter-map.
D. The services support Secure Computing server orWebsense server and the local URL list.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
You are the Cisco Configuration Assistant in your company. Which command will would you use totrigger the router to request certificates from the CA for the router RSA key pair?
A. cryptopki enroll CA-Name
B. enrollmenturl http://CA-Name:SO
C. cryptopki trustpoint CA-Name
D. cryptopki authenticate CA-Name

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which tow statements are correct according to the CLI configuration displayed in the exhibit? (Choose tow.)

A. SerialO/0/0 is the outside NAT interface.
B. access-list 1 defines the list of inside global IP addresses.
C. The overload option enables static PAT,
D. All HTTP connections to the SerialO/0/0 interface IP address will be translated to the 172.16.1.2 IP address port 8080,

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 73
The Company network is concerned about SPAM and wants to use IDS tools to prevent SPAM attacks. By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 40 Cisco 642-504: Practice Exam
QUESTION 74
Cisco Easy VPN greatly simplifies virtual private network (VPN) deployment for remote offices and teleworkers. While using Cisco Easy VPN, which three options are for entering the XAUTH username and password for establishing the VPN connection from the Cisco Easy VPN remote router? (Choose three.)
A. using an external AAA server
B. saving the XAUTH credentials to this router
C. entering the information from the router console or SDM
D. entering the information from the PC browser when browsing

Correct Answer: BCD Section: (none) Explanation
QUESTION 75
You are the Cisco Configuration Assistant in your company. You are configuring ACS 4.0 Network Access Profiles, which three things can be used to determine how an access request is classified and mapped to a profile? (Choose three)
A. Network Access Filters
B. RADIUS Authorization Components
C. the protocol types
D. advance filtering

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 76
For the following Cisco IOS IPS risk rating components, which one uses a law value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?
A. Attack Relevancy Rating
B. Promiscuous Delta
C. Target Value Rating
D. Watch List Rating

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 41 Cisco 642-504: Practice Exam
QUESTION 77
The security administrator at Company is seeing a large number of half opened TCP sessions, what are half open TCP sessions?
A. Sessions that were denied,
B. Sessions that have not reached the established state.
C. Sessions where the three-way handshake has been completed.
D. Sessions where the firewall detected return traffic.

Correct Answer: B Section: (none) Explanation
QUESTION 78
Which item is true about the zone-based firewall policy while configuring the zone-based firewall feature on a Cisco router?
A. The policy is appliedunidirectionally between two security zones.
B. Traffic between an interface belonging to a zone and the “self zone is denied by default unless it is explicitly allowed by a used-defined policy.
C. Interfaces in the same zone require that a bidirectional traffic policy be applied to permit traffic flow,
D. Traffic between an interface belonging to a zone and an interface that is not a zone member is allowed to pass without the policy being applied to the traffic,

Correct Answer: A Section: (none) Explanation
QUESTION 79
You are the Cisco Configuration Assistant in your company, what additional configuration is required for the Cisco IOS Firewall to reset the TCP connection if any peer-to-peer, tunneling, or instant messaging traffic is detected over HTTP based on the following configuration?
appfw policy-name my policy application http strict-http action reset alarm content-length maximum 1 action reset alarm content-type-verification match-req-rsp action reset alarm max-header-length request 1 response 1 action reset alarm max-url-length 1 laction reset alarm request-method rfc put action reset alarm transfer-encoding type default reset alarm !
ip inspect name firewall appfw mypolicy ip inspect name firewall http ! Interface FastEthernetO/0 ip inspect firewall in
A. class-map configuration
B. the PAM configuration
C. theip inspect name firewall im, ip inspect name firewall p2p, and ip inspect name firewall tunnel commands
D. the port-misuse default action reset alarm command in the HTTP application firewall policy configuration

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 80
While adding NADs as AAA clients in the ACS, which three parameters are configured for each AAA client? (Choose three,)
A. the NAD IP address
B. theEAPtype
C. the shared secret key
D. the AAA protocol to use for communication with the NADs

Correct Answer: ACD Section: (none) Explanation
QUESTION 81
What command configures the amount of time CBAC will wait for a TCP session to become ActualTests.com established before dropping the connection in the state table?
A. ip inspect global syn-establish (seconds)
B. ip inspect tcp global syn-time (seconds)
C. ip inspect global tcp syn (seconds)
D. ip inspect tcp synwait-time (seconds)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which one of the following Cisco IOS VPN features simplifies IPsec VPN configuration and design by use of on-demand virtual access interfaces cloned from a virtual template configuration?
A. DMVPN
B. dynamic VTI
C. GRE tunnels
D. GRE overIPsec tunnels

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 83
You are the Cisco Configuration Assistant in your company. What can you determine based on the following configuration? Crypto ipsec transform-set MINE esp-des ! Crypto map MYMAP 10 ipsec-isakmp Set peer 172.30.5.2 Set transform-set MINE Match address 101
A. The authentication method used between theIPsec peers is pre-shared key.
B. ESP tunnel mode will not be used.
C. This is a dynamic crypto map.
D. ESP tunnel mode will be used.

Correct Answer: D Section: (none) Explanation
QUESTION 84
Which option is correct about the output of the Cisco IOS IPS configuration displayed in the ActualTests.com following exhibit?

A. Inline IPS is applied in the outbound direction on the interfaces.
B. The router will drop all packets if the IPS engine is unable to scan data,
C. The basic signatures set has been disabled,
D. The signature delta file is stored in the IPS directory in flash.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 85
You have been tasked with setting up a new router with CBAC. How do you configure the CBAC global UDP idle session timeout?
A. ip inspect udp-session-timeout (seconds)
B. ip inspect udp-idle (seconds)
C. ip inspect udp-timeout (seconds)
D. ip inspect udp idle-time (seconds)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 45 Cisco 642-504: Practice Exam
QUESTION 86
While deploying S02.1X authentication on Cisco Catalyst switches, which traffic can be passed between the client PC and the Cisco Catalyst switch over the uncontrolled port?
A. DHCP
B. TACACS+
C. HTTP
D. EAPoLAN

Correct Answer: D Section: (none) Explanation
QUESTION 87
You have been tasked with setting up a new Company router with CBAC. How do you set the threshold of half-open sessions CBAC will allow per minute before deleting them?
A. ip inspect one-minute incomplete (number)
B. ip inspect one-minute (number)
C. ip inspect one-minute high (number)
D. ip inspect one-minute high incomplete (number)

Correct Answer: C Section: (none) Explanation
QUESTION 88
According to the partial configuration displayed in the following exhibit, which additional ActualTests.com configuration parameter is required under the GET VPN group member GDOI configuration?

A. key server IP address
B. mapping of theIPsec transform set to the GDOI group
C. mapping of theIPsec profile to the IPsec SA
D. local priority

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 89
You are the Cisco Configuration Assistant in your company. Which TCP port would you use to access the Cisco ACS web interface?
A. 22
B. SO
C. 127
D. 2002

Correct Answer: D Section: (none) Explanation
QUESTION 90
Which action can be enabled by the interface configuration command switchport protected?
A. allows traffic on protected ports to be forwarded at Layer 2
B. configures the interface for the PVLAN edge
C. groups ports into an isolated community when configured on multiplepotts
D. provides isolation between two protected ports located on different switches

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Flydumps.com

The actual Cisco 642-504 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your Cisco 642-504 certification exam. You will find we are a trustful partner if you choose us as your assistance on your Cisco 642-504 certification exam. Now we add the latest Cisco 642-504 content and to print and share content.

Continue Reading

Cisco 642-504 Exam Download, Sale Discount Cisco 642-504 Flydumps For Download

Flydumps just published the newest Cisco 642-504 brain dumps with all the new updated exam questions and answers. We provide the latest version of Cisco 642-504 PDF and VCE files with up-to-date questions and answers to ensure your exam 100% pass,on our website you will get the Cisco 642-504 free new version VCE Player along with your VCE dumps

QUESTION 55
The Company security administrator is in charge of creating a security policy for the company. Which two statements about the creation of a security policy are true? (Choose two)
A. It helps Chief Information Officers determine the return on investment of network security at Company Inc.
B. It defines how to track down and prosecute policy offenders at Company Inc.
C. It provides a process to audit existing network security at Company Inc.
D. It defines which behavior is and is not allowed at Company Inc.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which secure group keying mechanism is used by GET VPN?
A. public and private keys
B. Diffle-Hellman
C. Group Domain of Interpretation
D. group key agreement

Correct Answer: C Section: (none) Explanation
QUESTION 57
You are the network consultant from your company. Cisco IOS Zone-Based Firewall uses which of the following to identify a service or application from traffic flowing through the firewall?
A. Network Based Application Recognition
B. extended access list
C. deep packet inspection
D. PAM table ActualTests.com

Correct Answer: D Section: (none) Explanation
QUESTION 58
Which best practice is recommended while configuring the Auto Update feature for Cisco IOS IPS?
A. Synchronize the router’s clock to the PC before configuring Auto Update,
B. Download the realm-cisco.pub.key file and update the public key stored on the router.
C. Clear the router’s flash of unused signature files.
D. Enable anonymous TFTP downloads from Cisco.com and specify the download frequency. “Pass Any Exam. Any Time.” – www.actualtests.com 34 Cisco 642-504: Practice Exam

Correct Answer: A Section: (none) Explanation
QUESTION 59
Router CK1 is configured with the IOS firewall feature set to prevent TCP based attacks. How many incomplete connections must this router have by default before TCP Intercept will start dropping incomplete connections?
A. 500
B. 1100
C. 700
D. 900

Correct Answer: B Section: (none) Explanation
QUESTION 60
Which statement is correct about the GRE tunnel endpoints while configuring GRE over IPsec?
A. For high availability, the GRE tunnel interface should be configured with aprimaty and a backup tunnel destination IP address.
B. A mirror image of theIPsec crypto ACL needs to be configured to permit the interesting end- user traffic between the GRE endpoints.
C. The tunnel interface of both endpoints needs to be in the same IP subnet,
D. The tunnel interface of both endpoints should be configured to use the outside IP address of the router as the unnumbered IP address.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 61
Which of the following represents the behavior of the CBAC aggressive mode in a Cisco IOS firewall?
A. Delete all half-open session
B. Re-initiate half open session
C. Complete all half open sessions make the full open session
D. Delete half-open session as needed to accommodate new connection requests

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Cisco 642-504: Practice Exam
QUESTION 62
You are in charge of Securing Networks Cisco Routers and Switches in your company Given that the faO/1 interface is the trusted interface, what could be a reason for users on the trusted inside networks not to be able to successfully establish outbound HTTP connections based on the following configuration?

A. access-list on the faO/1intetface is not set.
B. The RVRULE inspection policy is not inspecting HTTP traffic.
C. access-list 104 is denying the outbound HTTP traffic.
D. The outgoing inspection rule on the fa0/1 interface is not set, ActualTests.com

Correct Answer: C Section: (none) Explanation
QUESTION 63
The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).Referring to a DMVPN hub router tunnel interface configuration, what will fail if the ip nhrp map multicast dynamic command is missing on the tunnel interface?
A. The NHRP request and response. “Pass Any Exam. Any Time.” – www.actualtests.com 36 Cisco 642-504: Practice Exam
B. The GRE tunnel
C. The IPsec peering
D. The dynamic routing protocol.

Correct Answer: D Section: (none) Explanation
QUESTION 64
What is the objective of the Cisco SDM IPS migration tool?
A. to migrate from promiscuous mode IPS to inline IPS
B. to migrate from Cisco IOS IPS version 4.0 to Cisco IOS IPS version 5.0
C. to migrate from Cisco IOS IPS to the Cisco AIM-IPS
D. to migrate from the Cisco NM-CIDS to the Cisco AIM-IPS

Correct Answer: B Section: (none) Explanation
QUESTION 65
What OSI layers can CBAC filter on? Select all that apply.
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 7

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 66
Which description is true about the Cisco IOS IPS configuration output shown in the following exhibit?
“Pass Any Exam. Any Time.” – www.actualtests.com 37 Cisco 642-504: Practice Exam

A. The SDF will be loaded from the IPS directory in flash.
B. The built-in signatures will be used.
C. The router is using the advanced IPS signature set.
D. The SMEs are stored in the IPS directory in flash.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 67
Router CK1 has been upgraded with the Cisco firewall IOS. Which of the following cannot be configured on a router unless the IOS Firewall feature set is installed? (Select all that apply)
A. PAM
B. Authentication Proxy
C. IDS
D. CBAC “Pass Any Exam. Any Time.” – www.actualtests.com 38 Cisco 642-504: Practice Exam

Correct Answer: ABCD Section: (none) Explanation
QUESTION 68
For the following Cisco IOS Firewall features, which one allows the firewall to function as a Layer 2 bridge on the network?
A. firewall ACL bypass
B. zone-based firewall
C. CBAC
D. transparent firewall

Correct Answer: D Section: (none) Explanation
QUESTION 69
While logged into a Company router, which of the following commands specifies that the IOS Firewall IDS engine drops packets and resets TCP connections for information signatures?
A. ip audit name auditi info attack drop reset
B. ip audit name auditi info action drop reset
C. ip audit name auditi info sig action drop reset
D. ip audit name auditi sig info drop reset

Correct Answer: D Section: (none) Explanation
QUESTION 70
Which statement best describes Cisco IOS Firewall URL-filtering services on Cisco IOS Release 12,4(15)T and later?
A. Enabling “allow mode” is required when using an external URL-filtering server.
B. Multiple URL lists and URL filter server lists can be configured on the router.
C. URL filtering with zone-based firewalls is configured using the type “inspect” parameter-map.
D. The services support Secure Computing server orWebsense server and the local URL list.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
You are the Cisco Configuration Assistant in your company. Which command will would you use totrigger the router to request certificates from the CA for the router RSA key pair?
A. cryptopki enroll CA-Name
B. enrollmenturl http://CA-Name:SO
C. cryptopki trustpoint CA-Name
D. cryptopki authenticate CA-Name

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which tow statements are correct according to the CLI configuration displayed in the exhibit? (Choose tow.)

A. SerialO/0/0 is the outside NAT interface.
B. access-list 1 defines the list of inside global IP addresses.
C. The overload option enables static PAT,
D. All HTTP connections to the SerialO/0/0 interface IP address will be translated to the 172.16.1.2 IP address port 8080,

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 73
The Company network is concerned about SPAM and wants to use IDS tools to prevent SPAM attacks. By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 40 Cisco 642-504: Practice Exam
QUESTION 74
Cisco Easy VPN greatly simplifies virtual private network (VPN) deployment for remote offices and teleworkers. While using Cisco Easy VPN, which three options are for entering the XAUTH username and password for establishing the VPN connection from the Cisco Easy VPN remote router? (Choose three.)
A. using an external AAA server
B. saving the XAUTH credentials to this router
C. entering the information from the router console or SDM
D. entering the information from the PC browser when browsing

Correct Answer: BCD Section: (none) Explanation
QUESTION 75
You are the Cisco Configuration Assistant in your company. You are configuring ACS 4.0 Network Access Profiles, which three things can be used to determine how an access request is classified and mapped to a profile? (Choose three)
A. Network Access Filters
B. RADIUS Authorization Components
C. the protocol types
D. advance filtering

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 76
For the following Cisco IOS IPS risk rating components, which one uses a law value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?
A. Attack Relevancy Rating
B. Promiscuous Delta
C. Target Value Rating
D. Watch List Rating

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 41 Cisco 642-504: Practice Exam
QUESTION 77
The security administrator at Company is seeing a large number of half opened TCP sessions, what are half open TCP sessions?
A. Sessions that were denied,
B. Sessions that have not reached the established state.
C. Sessions where the three-way handshake has been completed.
D. Sessions where the firewall detected return traffic.

Correct Answer: B Section: (none) Explanation
QUESTION 78
Which item is true about the zone-based firewall policy while configuring the zone-based firewall feature on a Cisco router?
A. The policy is appliedunidirectionally between two security zones.
B. Traffic between an interface belonging to a zone and the “self zone is denied by default unless it is explicitly allowed by a used-defined policy.
C. Interfaces in the same zone require that a bidirectional traffic policy be applied to permit traffic flow,
D. Traffic between an interface belonging to a zone and an interface that is not a zone member is allowed to pass without the policy being applied to the traffic,

Correct Answer: A Section: (none) Explanation
QUESTION 79
You are the Cisco Configuration Assistant in your company, what additional configuration is required for the Cisco IOS Firewall to reset the TCP connection if any peer-to-peer, tunneling, or instant messaging traffic is detected over HTTP based on the following configuration?
appfw policy-name my policy application http strict-http action reset alarm content-length maximum 1 action reset alarm content-type-verification match-req-rsp action reset alarm max-header-length request 1 response 1 action reset alarm max-url-length 1 laction reset alarm request-method rfc put action reset alarm transfer-encoding type default reset alarm !
ip inspect name firewall appfw mypolicy ip inspect name firewall http ! Interface FastEthernetO/0 ip inspect firewall in
A. class-map configuration
B. the PAM configuration
C. theip inspect name firewall im, ip inspect name firewall p2p, and ip inspect name firewall tunnel commands
D. the port-misuse default action reset alarm command in the HTTP application firewall policy configuration

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 80
While adding NADs as AAA clients in the ACS, which three parameters are configured for each AAA client? (Choose three,)
A. the NAD IP address
B. theEAPtype
C. the shared secret key
D. the AAA protocol to use for communication with the NADs

Correct Answer: ACD Section: (none) Explanation

We help you do exactly that with our high quality Cisco 642-504 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco 642-504 PDF readers that are available for free.

Continue Reading

Cisco 642-504 Exam Demo,Free Download Real Cisco 642-504 Preparation Materials Are The Best Materials

The Newest VCE and PDF! As we know,only valid and newest Cisco 642-504 Flydumps vce can help you a lot in passing the exam. Just try Flydumps Cisco 642-504 latest vce and pdf, which are authenticated by expert and covering every aspect of Cisco 642-504 exam.100% money back guarantee!

QUESTION 40
Which action does the interface configuration command switchport protected enable?
A. groups ports into an isolated community when configured on multiple ports
B. configures the interface for the PVLAN edge
C. provides isolation between two protected ports located on different switches PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
D. allows traffic on protected ports to be forwarded at Layer 2

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 41
What configuration task must you perform prior to configuring private VLANs?
A. enable port security on the interface
B. associate all isolated ports to the primary VLAN
C. set the VTP mode to transparent
D. configure PVLAN trunking

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 42
When deploying 802.1X authentication on Cisco Catalyst switches, what are two possible options for authenticating the clients that do not have an 802.1X supplicant? (Choose two.)
A. MAC Authentication Bypass
B. Active Directory Single Sign-On
C. authentication proxy
D. web authentication
E. Protected EAP

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 43
When implementing EIGRP dynamic routing over DMVPN, what are three configuration tasks required at the hub router tunnel interface? (Choose three.)
A. disabling EIGRP ip next-hop-self
B. disabling EIGRP ip split-horizon
C. disabling EIGRP auto-summary
D. disabling EIGRP stub
E. enabling multipoint GRE
F. configuring the NHRP next-hop server IP address

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit.
What is wrong with the GRE over IPsec configuration shown?

PassGuide.com-Make You Succeed To Pass IT Exams
PassGuide 642-504
A. The crypto map is not correctly configured.
B. The crypto ACL is not correctly configured.
C. The network 172.16.0.0 command is missing under router eigrp 1 .
D. ESP transport mode should be configured instead of using the default tunnel mode.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 45
When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS
F. OWA

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which three of these statements are correct regarding DMVPN configuration? (Choose three.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
A. If running EIGRP over DMVPN, the hub router tunnel interface must have “next hop self” enabled: ip next-hop-self eigrp AS-Number
B. If running EIGRP over DMVPN, the hub router tunnel interface must have split horizon disabled: no ip split-horizon eigrp AS-Number
C. The spoke routers must be configured as the NHRP servers: ip nhrp nhs spoke-tunnel-ip-address
D. At the spoke routers, static NHRP mapping to the hub router is required: ip nhrp map hub-tunnel-ip-address hub-physical-ip-address
E. The GRE tunnel mode must be set to point-to-point mode: tunnel mode gre point-to-point
F. The GRE tunnel must be associated with an IPsec profile: tunnel protection ipsec profile profile-name

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Refer to the exhibit.
What is wrong with the partial IPsec VPN high-availability configuration shown here?
A. A static crypto map should be used instead of a dynamic crypto map.
B. The crypto map CM interface configuration statement is missing the stateful option.
C. The crypto map interface configuration statement should reference the dynamic crypto map DM.
D. IPsec is not synchronized with HSRP.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
You are an administrator configuring a Cisco router to enroll with a certificate authority. What is a recommended best practice to perform prior to configuring enrollment parameters?
A. Contact the registration authority to obtain the enrollment URL.
B. Manually verify the PKCS #10 certificate prior to enrollment.
C. Configure the certificate revocation list to ensure that you do not receive revoked CA certificates.
D. Configure Network Time Protocol.
E. If using SCEP, ensure that TCP port 22 traffic is permitted to the router.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
QUESTION 49
DMVPN configuration uses which tunnel mode type on the tunnel interface?
A. DVMRP
B. IPsec IPv4
C. NHRP
D. GRE multipoint

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Refer to the exhibit.
What is true regarding the IKE security association?
A. The IPsec connection is in an idle state.
B. The IKE association is in the process of being set up.
C. The IKE status is authenticated.
D. The ISAKMP state is waiting for quick mode status to authenticate before IPsec parameters are passed between peers.

Correct Answer: C Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
When configuring a Cisco Easy VPN server, what must be configured prior to entering VPN configuration parameters?
A. AAA
B. ISAKMP peer authentication method
C. XAuth
D. SSH
E. crypto ACL
F. NTP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which parameter is configured under the router(config-isakmp)# configuration mode?
A. use of digital certificates for authentication
B. the IPsec transform set
C. the reference to the crypto ACL PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
D. the IPsec peer IP address
E. the pre-shared key value

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which two statements are correct regarding Network Address Translation and IPsec interoperability? (Choose two.)
A. ESP does not work with NAT.
B. AH does not work with NAT.
C. ESP does not work with PAT.
D. NAT-T uses TCP port 4500.
E. NAT-T sends NAT discovery packets after IKE Phase 2 establishment.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 54
If the show crypto isakmp sa output shows a state of “QM_IDLE” with the “Active” status, what does that most likely indicate?
A. IKE Phase 1 quick mode negotiation has failed.
B. The security association is waiting for the timeout to expire before retrying the ISAKMP SA establishment.
C. An ISAKMP SA exists.
D. Peer authentication has failed during IKE Phase 1.
E. IKE Phase 1 is in the negotiation state.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?
A. Signature Fidelity Rating
B. Attack Severity Rating
C. Target Value Rating
D. Attack Relevancy Rating
E. Promiscuous Delta
F. Watch List Rating

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
In DMVPN, the NHRP process allows which requirement to be met?
A. dynamic physical interface IP address at the spoke routers
B. high-availability DMVPN designs PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
C. dynamic spoke-to-spoke on-demand tunnels
D. dynamic routing over the DMVPN
E. dual DMVPN hub designs

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When deploying 802.1X authentication on Cisco Catalyst switches, which traffic can be passed between the client PC and the Cisco Catalyst switch over the uncontrolled port?
A. RADIUS
B. TACACS+
C. HTTP
D. DHCP
E. EAPoLAN
F. CDP

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Refer to the exhibit.
Which two configuration commands are used to apply an inspect policy map for traffic traversing from the
E0 or E1 interface to the S3 interface? (Choose two.)
A. zone-pair security test source Z1 destination Z2
B. interface E0
C. policy-map myfwpolicy class class-default inspect
D. ip inspect myfwpolicy out
E. ip inspect myfwpolicy in
F. service-policy type inspect myfwpolicy

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Cisco IOS SSL VPN thin-client mode has which two characteristics? (Choose two.)
A. uses a Java applet
B. supports TCP and UDP applications that use static port(s) PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
C. provides full tunnel access like the IPsec VPN software client
D. requires the use of browser plug-ins
E. provides TCP port forwarding capabilities

Correct Answer: AE Section: (none) Explanation
Explanation/Reference: QUESTION 60
Refer to the exhibit.
Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN
functionality?
A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

We provide thoroughly reviewed Cisco 642-504 using the training resources which are the best for Cisco 642-504,and to get certified by Microsoft Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 642-504 content and to print and share content.

Continue Reading

Flydumps Recently Updated Cisco 642-542 Real Exam Questions Ensure High Pass Rate

Flydumps is one of the leading exam preparation material providers.We have a complete range of exams offered by the top vendors of their respective industries. You can download Cisco 642-542 free demos in PDF files that are the latest.

Exam A
QUESTION 1
Threats that come from hackers who are more highly motivated and technically competent are called:
A. Sophisticated
B. Advanced
C. External
D. Structured
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Structured threats come from adversaries that are highly motivated and technically competent. Ref: Cisco Secure Intrusion Detection System (Ciscopress) Page 9
QUESTION 2
The worst attacks are the ones that:
A. Are intermittent.
B. Target the applications
C. You can not stop them.
D. Target the executables.
E. Target the databases.
F. You can not determine the source.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The worst attack is the one that you cannot stop. When performed properly, DDoS is just such an attack.
QUESTION 3
What type of network requires availability to the Internet and public networks as a major requirement and has several access points to other networks, both public and private?
A. Open
B. Closed
C. Intermediate
D. Balanced
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The networks of today are designed with availability to the Internet and public networks, which is a major requirement. Most of today’s networks have serverla access points to other network both public and private;therefore,securing these networks has become fundamentally important. Reference: CSI Student guide v2.0 p.2-4
QUESTION 4
The security team at Certkiller Inc. is working on network security design. What is an example of a trust model?
A. One example is NTFS
B. One example is NTP
C. One example is NFS
D. One example is NOS
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all traffic should be denied. one the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 5
Which type of attack can be mitigated only through encryption?
A. DoS
B. Brute force
C. Man-in-the-middle
D. Trojan horse
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
1. Man-in-the-middle attacks-Mitigated through encrypted remote traffic Reference: Safe white papers; page 26 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 6
The security team at Certkiller Inc. is working on understanding attacks that happen in the network. What type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Man-in-the-middle
C. Trust exploitation
D. Application layer
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Reference: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 7
You are the security administrator at Certkiller and you need to know the attacks types to the network. Which two general IP spoofing techniques does a hacker use? (Choose two)
A. An IP address within the range of trusted IP addresses.
B. An unknown IP address which cannot be traced.
C. An authorized external IP address that is trusted.
D. An RFC 1918 address.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP Spoofing An IP spoofing attack occurs when a hacker inside or outside a network impersonates the conversations of a trusted computer. A hacker can do this in one of two ways. The hacker uses either an IP address that is within the range of trusted IP addresses for a network or an authorized external IP address that is trusted and to which access is provided to specified resources on a network. IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity. Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. To enable bidirectional communication, the hacker must change all routing tables to point to the spoofed IP address. Another approach hackers sometimes take is to simply not worry about receiving any response from the applications. If a hacker tries to obtain a sensitive file from a system, application responses are unimportant. However, if a hacker manages to change the routing tables to point to the spoofed IP address, the hacker can receive all the network packets that are addressed to the spoofed address and reply just as any trusted user can. Reference: Safe white papers; page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 8
John the security administrator at Certkiller Inc. is working on securing the network with strong passwords. What is the definition of a strong password?
A. The definition of a strong password is at least ten characters long and should contain cryptographic characters.
B. The definition of a strong password is at least eight characters long;contains uppercase letters, lowercase letters, numbers, and should not contain special characters.
C. The definition of a strong password is defined by each company depending on the product being used.
D. The definition of a strong password is at least eight characters long;contains uppercase letters, lowercase letters, numbers, and special characters.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Passwords should be at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters (#, %, $, and so forth). Reference: Safe white papers; page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 9
The two Denial of Service attack methods are: (Choose two) A. Out of Band data crash
B. SATAN
C. TCP session hijack
D. Resource Overload

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation: When involving specific network server applications; such as a web server or an FTP server, these attacks can focus on acquiring and keeping open all the available connections supported by that server, effectively locking out valid users of the server or service. Some attacks compromise the performance of your network by flooding the network with undesired-and often useless-network packets and by providing false information about the status of network resources. REF; Safe white papers; page 66&67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Incorrect Answers:
B: SATAN is a testing and reporting tool that collects a variety of information about networked hosts.
C: TCP session hijack is when a hacker takes over a TCP session between two machines.
QUESTION 10
This program does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it.
A. What is a Virus.
B. What is a Macro Virus.
C. What is a Trojan Horse.
D. What is a Worm.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on the user’s workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every user in the user’s address book. Then other users get the game and play it, thus spreading the Trojan horse. Ref: Safe White papers; Page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 11
Choose the true statements regarding IP spoofing attack and DoS attack. (Choose all that apply)
A. IP spoofing attack is a prelude for a DoS attack.
B. DoS attack is a prelude for a IP spoofing attack.
C. IP spoofing attack is generally performed by inserting a string of malicious commands into the data that is passed between a client and a server.
D. A DoS attack is generally performed by inserting a string of malicious command into the data that is passed between a client and a server.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation: IP spoofing attacks are often a launch point for other attacks. The classic example is to launch a denial-of-service (DoS) attack using spoofed source addresses to hide the hacker’s identity.
Normally, an IP spoofing attack is limited to the injection of malicious data or commands into an existing stream of data that is passed between a client and server application or a peer-to-peer network connection. REF; Safe white papers;page 65 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 12
What method helps mitigate the threat of IP spoofing?
A. Access control
B. Logging
C. SNMP polling
D. Layer 2 switching
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: The most common method for preventing IP spoofing is to properly configure access control. To reduce the effectiveness of IP spoofing, configure access control to deny any traffic from the external network that has a source address that should reside on the internal network. REF;Safe white papers;page 67 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 13
What is an example of a trust model?
A. NTFS
B. NFS
C. NTP
D. NOS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: One of the key factors to building a successful network security design is to identify and enforce a proper trust model. The proper trust model defines who needs to talk to whom and what kind of traffic needs to be exchanged; all other traffic should be denied. Once the proper trust model has been identified, then the security designer should decide how to enforce the model. As more critical resources are globally available and new forms of network attacks evolve, the network security infrastructure tends to become more sophisticated, and more products are available. Firewalls, routers, LAN switches, intrusion detection systems, AAA servers, and VPNs are some of the technologies and products that can help enforce the model. Of course, each one of these products and technologies plays a particular role within the overall security implementation, and it is essential for the designer to understand how these elements can be deployed. Network File Sharing seems to be the best answer out of all the answers listed. Reference: Securing Networks with Private VLANs and VLAN Access Control Lists
QUESTION 14
Which type of attack is usually implemented using packet sniffers?
A. Man-in-the-middle
B. DoS
C. Brute force
D. IP spoofing
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Man-in-the-middle attacks are often implemented using network packet sniffers and routing and transport protocols. REF;Safe white papers;page 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 15
Which type of attack is characterized by exploitation of well-known weaknesses, use of ports that are allowed through a firewall, and can never be completely eliminated?
A. Network reconnaissance
B. Application layer
C. Man-in-the-middle
D. Trust exploitation
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 16
What is the only way to effectively prevent the Man-in-the-middle attacks?
A. Firewalls
B. ISP filtering and rate limiting
C. HIDS & Firewall filtering
D. Encryption
E. Access Control
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Man-in-the-middle attacks can be effectively mitigated only through the use of cryptography. If someone hijacks data in the middle of a cryptographically private session, all the hacker will see is cipher text, and not the original message. Ref: Safe White papers 68 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 17
What is not a specific type of attack, but refers to most attacks that occur today?
A. DoS
B. Brute force password
C. IP spoofing
D. Unauthorized access
Correct Answer: D Section: (none) Explanation Explanation/Reference:
Explanation: Although unauthorized-access attacks are not a specific type of attack, they refer to most attacks executed in networks today. REF;Safe white papers;page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks
QUESTION 18
This method of attack will always compute the password if it is made up of the character set you have selected to test.
A. What is LOphtCracks
B. What is brute force computation
C. What is dictionary lookup
D. What is brute force mechanism
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What is the primary method of mitigating port redirection attacks?
A. Keep firewalls up to date with the latest patches and fixes.
B. Do not allow trust models.
C. Keep OS and applications up to date with the latest patches and fixes.
D. Use proper trust models.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Port redirection can be mitigated primarily through the use of proper trust models (as mentioned earlier). If we assume that a system is under attack, host-based IDS can help detect and prevent a hacker installing such utilities on a host. Ref: Safe white papers;page 70 SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Reference: Cisco Courseware page 2-28
QUESTION 20
What are two characteristics of a packet sniffer designed for attack purposes? (Choose two)
A. Captures first 300 to 400 bytes.
B. Typically captures login sessions.
C. Captures the last 300 to 400 bytes.
D. Deciphers encrypted passwords.
E. Enable to capture UDP packets.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

Both PDF and software format demos for Cisco 642-542 exam dumps are offered by Flydumps for free.You can try Cisco 642-542 free demo before you decide to buy the full version practice test.Cisco 642-542 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-542 exam dumps will not only help you pass in one attempt,but also save your valuable time.

Continue Reading

New Dumps- Free Download Of Cisco 642-503 VCE And PDF Certification

Why not try Flydumps Cisco 642-503 vce or pdf exam dumps? All the new questions and answers were timely added to the Cisco 642-503 study guide.Visit Flydumps.com to get free Cisco 642-503 VCE and PDF.

Exam A
QUESTION 1
Which of these statements is correct regarding user setup on ACS 4.0?
A. In the case of conflicting settings, the settings at the group level override the settings configured at the user level.
B. A user can belong to more than one group.
C. The username can contain characters such as “#” and “?”.
D. By default, users are assigned to the default group.
E. The ACS PAP password cannot be used as the CHAP password also.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two commands are used to only allow SSH traffic to the router Eth0 interface and deny other management traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. interface eth0
B. control-plane host
C. policy-map type port-filter policy-name
D. service-policy type port-filter input policy-name
E. management-interface eth0 allow ssh
F. line vty 0 5 transport input ssh

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit. Why is the Cisco IOS Firewall authentication proxy not working?

A. The aaa authentication auth-proxy default group tacacs+ command is missing in the configuration.
B. The router local username and password database is not configured.
C. Cisco IOS authentication proxy only supports RADIUS and not TACACS+.
D. HTTP server and AAA authentication for the HTTP server is not enabled.
E. The AAA method lists used for authentication proxy should be named “pxy” rather than “default” to match the authentication proxy rule name.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
When troubleshooting site-to-site IPsec VPN on Cisco routers, you see this console message:
%CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
Which configuration should you verify?
A. the crypto ACL
B. the crypto map
C. the IPsec transform set
D. the ISAKMP policies
E. the pre-shared key
F. the DH group

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 5
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 6
When verifying Cisco IOS IPS operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. immediately after you configure the ip ips sdf location flash:filename command
B. immediately after you configure the ip ips sdf builtin command
C. after you configure a Cisco IOS IPS rule in the global configuration
D. after traffic reaches the interface with Cisco IOS IPS enabled
E. when the first Cisco IOS IPS rule is enabled on an interface
F. when the SMEs are put into active state using the ip ips name rule-name command

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Why is the Total Active Signatures count zero?

A. The 128MB.sdf file in flash is corrupted.
B. IPS is in fail-open mode.
C. IPS is in fail-closed mode.
D. IPS has not been enabled on an interface yet.
E. The flash:/128MB.sdf needs to be merged with the built-in signatures first.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Define a stack of protocol headers.
B. Define a traffic policy.
C. Define a service policy.
D. Define a class map of type “access-control” for classifying packets.
E. Reload the router.
F. Save the PHDFs to startup-config.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. Which two statements are correct? (Choose two.)
A. Cisco IOS IPS will fail-open.
B. The basic signatures (previously known as 128MB.sdf) will be used if the built-in signatures fail to load.
C. The built-in signatures will be used.
D. SDEE alert messages will be enabled.
E. syslog alert messages will be enabled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit. When you configure DHCP snooping, which ports should be configured as trusted ?

A. port A only
B. port E only
C. ports B and C
D. ports A, B, and C
E. ports B, C, and E
F. ports A, B, C, and E

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1x guest VLAN functionality?

A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What does this command do?
router(config)# ip port-map user-1 port tcp 4001
A. enables application firewall inspection on a user-defined application that is mapped to TCP port 4001
B. enables NBAR to recognize a user-defined application on TCP port 4001
C. enables the Cisco IOS Firewall to inspect TCP port 4001 as part of the ip inspect name xxx TCP inspection rule
D. defines a user application in the PAM table where the user-defined application is called “user-1” and that application is mapped to TCP port 4001

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
What are the three authentication methods that you can use during IKE Phase 1? (Choose three.)
A. AAA or Local Authentication
B. Kerberos
C. pre-shared key
D. RSA signature
E. RSA encrypted nonce
F. DH

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference: QUESTION 14
The PHDF stored in the router flash memory is required for which of these applications to function?
A. NBAR
B. CPPr
C. FPM
D. PAM
E. CoPP
F. Zone-Based Firewall

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS
F. OWA

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What are two benefits of using an IPsec GRE tunnel? (Choose two.)
A. It allows dynamic routing protocol to run over the tunnel interface.
B. It has less overhead than running IPsec in tunnel mode.
C. It allows IP multicast traffic.
D. It requires a more restrictive crypto ACL to provide finer security control.
E. It supports the use of dynamic crypto maps to reduce configuration complexity.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 18
When you enter the switch(config)#aaa authentication dot1x default group radius command on a Cisco Catalyst switch, the Cisco IOS parser returns with the “invalid input detected” error message. What can be the cause of this error?
A. You must use the dot1x system-auth-control command first to globally enable 802.1x.
B. You must define the RADIUS server IP address first, using the switch(config)# radius-server host ip-address command.
C. You must enter the aaa new-model command first.
D. The method-list name is missing in the command.
E. The local option is missing in the command.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Cisco IOS Zone-Based Firewall uses which of these to identify a service or application from traffic flowing through the firewall?
A. NBAR
B. extended access list
C. PAM table
D. deep packet inspection
E. application layer inspection
F. CEF table

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 20
Refer to the DMVPN topology diagram in the exhibit. Which two statements are correct? (Choose two.)

A. The hub router needs to have EIGRP split horizon disabled.
B. At the Spoke A router, the next hop to reach the 192.168.2.0/24 network is 10.0.0.1.
C. Before a spoke-to-spoke tunnel can be built, the spoke router needs to send an NHRP query to the hub to resolve the remote spoke router physical interface IP address.
D. At the Spoke B router, the next hop to reach the 192.168.1.0/24 network is 172.17.0.1.
E. The spoke routers act as the NHRP servers for resolving the remote spoke physical interface IP address.
F. At the Spoke A router, the next hop to reach the 192.168.0.0/24 network is 172.17.0.1.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

The actual Cisco 642-503 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your Cisco 642-503 certification exam. You will find we are a trustful partner if you choose us as your assistance on your Cisco 642-503 certification exam. Now we add the latest Cisco 642-503 content and to print and share content.

Continue Reading

2016 New Updated — Latest Cisco 642-503 Exam Questions with PDF and VCE 100% Pass Gurantee

If you want to pass Cisco 642-503 successfully, do not missing to read Flydumps latest Cisco 642-503 practice tests. 100% Guarantee! All the dumps are updated timely.

Exam A QUESTION 1
:
Please study the exhibit carefully.
What traffic will be matched to the “qt-class” traffic class?
A. all traffic matched by the “host-protocols” named access list
B. all other traffic arriving at the interface where the “qt-policy” policy map is applied
C. all TCP and UDP protocol ports open on the router not specifically matched
D. all traffic other than SNMP and Telnet to the router
E. all traffic matched by the “host-protocols” nested class map

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
:

DRAG DROP You work as a network technician at Certkiller .com. Your boss, miss Certkiller, is interested
in IBNS 802.1x authentication features. Match the proper features with appropriate descriptions.
Note: not all features are used.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 3
:
Please study the exhibit carefully.
Which two statements are true about the configurations shown? (Choose two.)
A. The clickable links will have a heading entitled “MYLINKS”.
B. ACS will be used for remote-user authentication by default.
C. This is an example of a clientless configuration.
D. The home page will have three clickable links on it.
E. Thin client (port forwarding) has been enabled using the url-text command.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
:

What can you determine about the configuration?
A. 3DES encryption will be used.
B. The authentication method used between the IPsec peers is pre-shared key.
C. This is a dynamic crypto map.
D. Traffic matched by ACL 101 will not be encrypted.
E. HMAC-MD5 authentication will be used.
F. ESP tunnel mode will be used.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Cisco Easy VPN Server pushes parameters such as the client internal IP address, DHCP server IP address, and WINS server IP address to the Cisco Easy VPN Remote client during which of these phases?
A. IKE mode configuration
B. IKE XAUTH
C. IKE Phase 1 first message exchange
D. IKE quick mode
E. IKE Phase 2 last message exchange
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
The PHDF stored in the router flash memory is required for which of these applications to function?
A. PAM
B. Zone-Based Firewall
C. CPPr
D. CoPP
E. NBAR
F. FPM
Correct Answer: F Section: (none) Explanation
Explanation/Reference:

We help you do exactly that with our high quality Cisco 642-503 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco 642-503 PDF readers that are available for free.

Continue Reading