Cisco 642-504 Exam Download, Sale Discount Cisco 642-504 Flydumps For Download

Flydumps just published the newest Cisco 642-504 brain dumps with all the new updated exam questions and answers. We provide the latest version of Cisco 642-504 PDF and VCE files with up-to-date questions and answers to ensure your exam 100% pass,on our website you will get the Cisco 642-504 free new version VCE Player along with your VCE dumps

QUESTION 55
The Company security administrator is in charge of creating a security policy for the company. Which two statements about the creation of a security policy are true? (Choose two)
A. It helps Chief Information Officers determine the return on investment of network security at Company Inc.
B. It defines how to track down and prosecute policy offenders at Company Inc.
C. It provides a process to audit existing network security at Company Inc.
D. It defines which behavior is and is not allowed at Company Inc.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which secure group keying mechanism is used by GET VPN?
A. public and private keys
B. Diffle-Hellman
C. Group Domain of Interpretation
D. group key agreement

Correct Answer: C Section: (none) Explanation
QUESTION 57
You are the network consultant from your company. Cisco IOS Zone-Based Firewall uses which of the following to identify a service or application from traffic flowing through the firewall?
A. Network Based Application Recognition
B. extended access list
C. deep packet inspection
D. PAM table ActualTests.com

Correct Answer: D Section: (none) Explanation
QUESTION 58
Which best practice is recommended while configuring the Auto Update feature for Cisco IOS IPS?
A. Synchronize the router’s clock to the PC before configuring Auto Update,
B. Download the realm-cisco.pub.key file and update the public key stored on the router.
C. Clear the router’s flash of unused signature files.
D. Enable anonymous TFTP downloads from Cisco.com and specify the download frequency. “Pass Any Exam. Any Time.” – www.actualtests.com 34 Cisco 642-504: Practice Exam

Correct Answer: A Section: (none) Explanation
QUESTION 59
Router CK1 is configured with the IOS firewall feature set to prevent TCP based attacks. How many incomplete connections must this router have by default before TCP Intercept will start dropping incomplete connections?
A. 500
B. 1100
C. 700
D. 900

Correct Answer: B Section: (none) Explanation
QUESTION 60
Which statement is correct about the GRE tunnel endpoints while configuring GRE over IPsec?
A. For high availability, the GRE tunnel interface should be configured with aprimaty and a backup tunnel destination IP address.
B. A mirror image of theIPsec crypto ACL needs to be configured to permit the interesting end- user traffic between the GRE endpoints.
C. The tunnel interface of both endpoints needs to be in the same IP subnet,
D. The tunnel interface of both endpoints should be configured to use the outside IP address of the router as the unnumbered IP address.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 61
Which of the following represents the behavior of the CBAC aggressive mode in a Cisco IOS firewall?
A. Delete all half-open session
B. Re-initiate half open session
C. Complete all half open sessions make the full open session
D. Delete half-open session as needed to accommodate new connection requests

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 35 Cisco 642-504: Practice Exam
QUESTION 62
You are in charge of Securing Networks Cisco Routers and Switches in your company Given that the faO/1 interface is the trusted interface, what could be a reason for users on the trusted inside networks not to be able to successfully establish outbound HTTP connections based on the following configuration?

A. access-list on the faO/1intetface is not set.
B. The RVRULE inspection policy is not inspecting HTTP traffic.
C. access-list 104 is denying the outbound HTTP traffic.
D. The outgoing inspection rule on the fa0/1 interface is not set, ActualTests.com

Correct Answer: C Section: (none) Explanation
QUESTION 63
The Dynamic Multipoint VPN (DMVPN) feature allows users to better scale large and small IP Security (IPsec) Virtual Private Networks (VPNs) by combining generic routing encapsulation (GRE) tunnels, IPsec encryption, and Next Hop Resolution Protocol (NHRP).Referring to a DMVPN hub router tunnel interface configuration, what will fail if the ip nhrp map multicast dynamic command is missing on the tunnel interface?
A. The NHRP request and response. “Pass Any Exam. Any Time.” – www.actualtests.com 36 Cisco 642-504: Practice Exam
B. The GRE tunnel
C. The IPsec peering
D. The dynamic routing protocol.

Correct Answer: D Section: (none) Explanation
QUESTION 64
What is the objective of the Cisco SDM IPS migration tool?
A. to migrate from promiscuous mode IPS to inline IPS
B. to migrate from Cisco IOS IPS version 4.0 to Cisco IOS IPS version 5.0
C. to migrate from Cisco IOS IPS to the Cisco AIM-IPS
D. to migrate from the Cisco NM-CIDS to the Cisco AIM-IPS

Correct Answer: B Section: (none) Explanation
QUESTION 65
What OSI layers can CBAC filter on? Select all that apply.
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 7

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 66
Which description is true about the Cisco IOS IPS configuration output shown in the following exhibit?
“Pass Any Exam. Any Time.” – www.actualtests.com 37 Cisco 642-504: Practice Exam

A. The SDF will be loaded from the IPS directory in flash.
B. The built-in signatures will be used.
C. The router is using the advanced IPS signature set.
D. The SMEs are stored in the IPS directory in flash.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 67
Router CK1 has been upgraded with the Cisco firewall IOS. Which of the following cannot be configured on a router unless the IOS Firewall feature set is installed? (Select all that apply)
A. PAM
B. Authentication Proxy
C. IDS
D. CBAC “Pass Any Exam. Any Time.” – www.actualtests.com 38 Cisco 642-504: Practice Exam

Correct Answer: ABCD Section: (none) Explanation
QUESTION 68
For the following Cisco IOS Firewall features, which one allows the firewall to function as a Layer 2 bridge on the network?
A. firewall ACL bypass
B. zone-based firewall
C. CBAC
D. transparent firewall

Correct Answer: D Section: (none) Explanation
QUESTION 69
While logged into a Company router, which of the following commands specifies that the IOS Firewall IDS engine drops packets and resets TCP connections for information signatures?
A. ip audit name auditi info attack drop reset
B. ip audit name auditi info action drop reset
C. ip audit name auditi info sig action drop reset
D. ip audit name auditi sig info drop reset

Correct Answer: D Section: (none) Explanation
QUESTION 70
Which statement best describes Cisco IOS Firewall URL-filtering services on Cisco IOS Release 12,4(15)T and later?
A. Enabling “allow mode” is required when using an external URL-filtering server.
B. Multiple URL lists and URL filter server lists can be configured on the router.
C. URL filtering with zone-based firewalls is configured using the type “inspect” parameter-map.
D. The services support Secure Computing server orWebsense server and the local URL list.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 71
You are the Cisco Configuration Assistant in your company. Which command will would you use totrigger the router to request certificates from the CA for the router RSA key pair?
A. cryptopki enroll CA-Name
B. enrollmenturl http://CA-Name:SO
C. cryptopki trustpoint CA-Name
D. cryptopki authenticate CA-Name

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which tow statements are correct according to the CLI configuration displayed in the exhibit? (Choose tow.)

A. SerialO/0/0 is the outside NAT interface.
B. access-list 1 defines the list of inside global IP addresses.
C. The overload option enables static PAT,
D. All HTTP connections to the SerialO/0/0 interface IP address will be translated to the 172.16.1.2 IP address port 8080,

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 73
The Company network is concerned about SPAM and wants to use IDS tools to prevent SPAM attacks. By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 40 Cisco 642-504: Practice Exam
QUESTION 74
Cisco Easy VPN greatly simplifies virtual private network (VPN) deployment for remote offices and teleworkers. While using Cisco Easy VPN, which three options are for entering the XAUTH username and password for establishing the VPN connection from the Cisco Easy VPN remote router? (Choose three.)
A. using an external AAA server
B. saving the XAUTH credentials to this router
C. entering the information from the router console or SDM
D. entering the information from the PC browser when browsing

Correct Answer: BCD Section: (none) Explanation
QUESTION 75
You are the Cisco Configuration Assistant in your company. You are configuring ACS 4.0 Network Access Profiles, which three things can be used to determine how an access request is classified and mapped to a profile? (Choose three)
A. Network Access Filters
B. RADIUS Authorization Components
C. the protocol types
D. advance filtering

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 76
For the following Cisco IOS IPS risk rating components, which one uses a law value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?
A. Attack Relevancy Rating
B. Promiscuous Delta
C. Target Value Rating
D. Watch List Rating

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 41 Cisco 642-504: Practice Exam
QUESTION 77
The security administrator at Company is seeing a large number of half opened TCP sessions, what are half open TCP sessions?
A. Sessions that were denied,
B. Sessions that have not reached the established state.
C. Sessions where the three-way handshake has been completed.
D. Sessions where the firewall detected return traffic.

Correct Answer: B Section: (none) Explanation
QUESTION 78
Which item is true about the zone-based firewall policy while configuring the zone-based firewall feature on a Cisco router?
A. The policy is appliedunidirectionally between two security zones.
B. Traffic between an interface belonging to a zone and the “self zone is denied by default unless it is explicitly allowed by a used-defined policy.
C. Interfaces in the same zone require that a bidirectional traffic policy be applied to permit traffic flow,
D. Traffic between an interface belonging to a zone and an interface that is not a zone member is allowed to pass without the policy being applied to the traffic,

Correct Answer: A Section: (none) Explanation
QUESTION 79
You are the Cisco Configuration Assistant in your company, what additional configuration is required for the Cisco IOS Firewall to reset the TCP connection if any peer-to-peer, tunneling, or instant messaging traffic is detected over HTTP based on the following configuration?
appfw policy-name my policy application http strict-http action reset alarm content-length maximum 1 action reset alarm content-type-verification match-req-rsp action reset alarm max-header-length request 1 response 1 action reset alarm max-url-length 1 laction reset alarm request-method rfc put action reset alarm transfer-encoding type default reset alarm !
ip inspect name firewall appfw mypolicy ip inspect name firewall http ! Interface FastEthernetO/0 ip inspect firewall in
A. class-map configuration
B. the PAM configuration
C. theip inspect name firewall im, ip inspect name firewall p2p, and ip inspect name firewall tunnel commands
D. the port-misuse default action reset alarm command in the HTTP application firewall policy configuration

Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 80
While adding NADs as AAA clients in the ACS, which three parameters are configured for each AAA client? (Choose three,)
A. the NAD IP address
B. theEAPtype
C. the shared secret key
D. the AAA protocol to use for communication with the NADs

Correct Answer: ACD Section: (none) Explanation

We help you do exactly that with our high quality Cisco 642-504 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco 642-504 PDF readers that are available for free.

         

You may also like

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *