Because the Cisco 642-504 exam has changed recently, Flydumps presents the new version of the Cisco 642-504 practice test, which helps candidates to pass the Cisco 642-504 exam easily.The exam dumps cover all aspects of the Cisco 642-504 exam. You can visit our website to free Cisco 642-504 and download the New Version VCE Player.
QUESTION 55
The NHRP process allows which requirement to be satisfied in DMVPN?
A. dynamic physical interface IP address at the spoke routers
B. dynamic spoke-to-spoke on-demand tunnels
C. dynamic routing over the DMVPN
D. dual DMVPN hub designs
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 56
The security administrator for Company InC. is working on defending the network against SYN flooding attacks. Which of the following are tools to protect the network from TCP SYN attacks?
A. Route authentication
B. Encryption
C. ACLs
D. TCP intercept
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
While using the SDM Certificate Enrollment wizard, which two are the enrollment options? (Choose two.)
A. SCEP
B. OSCP
C. LDAP
D. Cut-and-Paste/Import from PC
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Which of the following IOS commands will you advise the Company trainee technician to use when setting the timeout for router terminal line?
A. exec-timeout minute [seconds]
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds]
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
You are the Cisco Configuration Assistant in Your company. Which tow configuration commands are used to apply an inspect policy map for traffic traversing from the E0 or E1 interface to the S3 interface based on the following configuration? (Choose two)
A. zone-pair security test sourceZl destination Z2
B. interface EO
C. policy-mapmyfwpolicy class class-default inspect
D. service-policy type inspectmyfwpolicy
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 60
The Company network is implementing IBNS. In a Cisco Identity-Based Networking Service (IBNS) implementation, the endpoint that is seeking network access is known as what?
A. Host
B. Authentication
C. PC
D. Supplicant
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 61
Which three features are supported by Cisco IOS Firewall? (Choose three.)
A. alerts
B. audit trails
C. active/active stateful fail over
D. DoS attacks protection
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
A new IBNS system is being installed in the Company network. The Cisco Identity-Based Networking Services (IBNS) solution is based on which two standard implementations? (Choose two.)
A. TACACS+
B. RADIUS
C. 802.11
D. 802.lx
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 63
In IKE phasel, IKE creates an authenticated, secure channel between the two IKE peers, called the IKE security association. The Diffie-Hellman key agreement is always performed in this phase. What are the three authentication methods that you can use during IKE Phase 1? (Choose three)
A. AAA Authentication
B. pre-shared key
C. RSA signature
D. RSA encrypted nonce
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 64
While using 5.x signatures to enable Cisco IOS IPS, which required option, could be downloaded from Cisco.com?
A. Built-in signatures
B. public key
C. SDF files (128MB.sdf, 256MB.sdf,attack.drop.sdf)
D. Signature Micro-Engines and IME
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 65
You wish to configure 802.IX port control on your switch. Which three keywords are used with the dotlx port-control command? (Choose three.)
A. enable
B. force-authorized
C. force-unauthorized
D. auto
Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 66
What information can be displayed by issuing the command show zone-pair security?
A. physical interface members of the zone pair
B. zone descriptions and assigned interfaces
C. source and destination zones, and attached policy
D. all service policy maps
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 67
The PHDF defines the structure of a particular packet and adds the protocol inspection capabilities to Cisco IOS Software .The PHDF stored in the router flash memory is required for which of these applications to function?
A. NBAR
B. CAC
C. PAM
D. FPM
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Which two features are included in Cisco [OS SSL VPN thin-client mode? (Choose two.)
A. uses a Java applet
B. provides full tunnel access like theIPsec VPN software client
C. requires the use of browser plug-ins
D. provides TCP port forwarding capabilities
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 69
You are the network consultant from your company. What will result from this zone-based firewall configuration based on the following configuration?
A. Traffic from the private zone to the public zone will be dropped.
B. Traffic from the private zone to the public zone will be permitted but not inspected.
C. Traffic from the private zone to the public zone will be permitted and inspected,
D. Traffic from the public zone to the private zone will be permitted but not inspected.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 70
The Easy VPN Server feature allows Cisco IOS routers, Cisco Adaptive Security Appliances (ASA), and Cisco PIX Security Appliances to act as head-end devices in site-to-site or remote-access VPNs The feature pushes security policies defined at the central site to the remote device during which of these phases?
A. IKE Phase 1 first message exahange
B. IKE Phase 2 first message exahange
C. IKE Phase 2 last message exahange
D. IKE mode configuration
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
We provide Cisco 642-504 help and information on a wide range of issues. Cisco 642-504 is professional and confidential and your issues will be replied within 12 hous. Cisco 642-504 free to send us any questions and we always try our best to keeping our Customers Satisfied.