Good News!who Want to get Cisco 642-504 Certified? We know that the Cisco 642-504 certification exam is challenging, but with the new version Cisco 642-504 exam dumps, you will pass the exam easily and quickly.Free download the VCE and PDF files on Flydumps.com

QUESTION 92
Before configuring private VLANs, which configuration task should be performed?
A. configure PVLANtrunking
B. enables port security on the interface
C. settheVTP mode to transparent
D. associate all isolatedpoits to the primary VLAN

Correct Answer: C Section: (none) Explanation
QUESTION 93
You are setting up a new Company router with CBAC, If CBAC is configured to inspect telnet traffic on an interface, how should outbound telnet traffic be configured in any ACL’s?
A. Outbound telnet should be permitted in anyad’s
B. Outbound telnet should be denied in anyad’s
C. Telnet should not be referenced at all in the ad
D. Outbound telnet should be denied only if inbound telnet is allowed

Correct Answer: A Section: (none) Explanation
QUESTION 94
Which two options are possible for authenticating the clients that do not have an 802, IX supplicant ActualTests.com while deploying 802.IX authentication on Cisco Catalyst switches? (Choose two.)
A. MAC Authentication Bypass
B. Protected EAP
C. Active Directory Single Sign-On
D. web authentication

Correct Answer: AD Section: (none) Explanation
QUESTION 95
CBAC has been configured on router CK1 to increase the security of the Company network. CBAC intelligently filters TCP and UDP packets based on which protocol-session information?
A. Network layer
B. Transport layer
C. Data-link
D. Application layer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 96
While deploying EIGRP dynamic routing over DMVPN, which three configuration tasks are needed at the hub router tunnel interface? (Choose three.)
A. disabling EIGRPip next-hop-self
B. disabling EIGRPip split-horizon
C. disabling EIGRP stub
D. enablingmultipoint GRE

Correct Answer: ABD Section: (none) Explanation
QUESTION 97
You are the Cisco Configuration Assistant in your company. After you enable all the authentication protocols under the Global Authentication Setup in Cisco ACS, how can you select a specific EAP type to use for 802. Ix authentication?
A. Specify the particular EAP type to use when you configure the RAC. ActualTests.com
B. Specify the particular EAP type to use when you configure the NAF
C. Specify the particular EAP type to use when you configure the NAP authentication policy
D. Specify the particular EAP type to use when you configure the NAP authorization policy

Correct Answer: C Section: (none) Explanation
QUESTION 98
What is the problem with the GRE over IPsec configuration displayed in the exhibit?

A. The network 172, 16.0,0 commands is missing under router eigrp 1, ActualTests.com
B. The crypto ACL is not correctly configured.
C. ESP transport mode should be configured instead of using the default tunnel mode.
D. The crypto map is not correctly configured.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
John and Kathy are working on configuring the [OS firewall together. They are figuring out what CBAC uses for inspection rules to configure on a per-application protocol basis. Which one of these is the correct one?
A. ODBC filtering
B. Tunnel, transport models, or both
C. Alerts and audit trails
D. Stateful failover

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 100
Which is the correct sequence of the Cisco Easy VPN remote connection process steps?
1.
VPN client establishes an ISAKMP SA

2.
Cisco Easy VPN server initiates a username and password challenge

3.
The MODE configuration process is initiated

4.
IPsec quick mode completes the connection process

5.
VPN client initiates IKE Phase 1

6.
The RRJ process is initiated

7.
Cisco Easy VPN server accepts the SA proposal
A. I-5, II-l, III-7, IV-2, V-3, VI-6, VII-4
B. 1-5, 11-1, III-7, IV-3, V-2, VI-6, VII-4 T C. I-5, II-l, III-7, IV-2, V-3, VI-4, VII-6
C. 1-5, 11-1, III-7, IV-3, V-2, VI-4, VII-6

Correct Answer: A Section: (none) Explanation
QUESTION 101
You are the security administrator for Company and you need to know what CBAC does on the Cisco IOS Firewall Which one of these is the best answer?
A. Creates specific security policies for each user at Company Inc.
B. Provides additional visibility at intranet, extranet, and Internet perimeters at Company Inc.
C. Protects the network from internal attacks and threats at Company Inc.
D. Provides secure, per-application access control across network perimeters at Company Inc.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
While configuring Cisco IOS WebVPN, which function can be enabled by using the port-forward command?
A. CIFS
B. OWA
C. Cisco Secure Desktop
D. thin client

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 103
By default, how many half-open sessions need to be in the state table before CBAC will begin to delete the half-open sessions?
A. 500
B. 250
C. 1000
D. 2000

Correct Answer: A Section: (none) Explanation
QUESTION 104
Which three statements accurately describe DMVPN configuration? (Choose three,)
A. The GRE tunnel mode must be set to point-to-point mode: tunnel mode gre point-to-point
B. If running EIGRP overDMVPNf the hub router tunnel interface must have split horizon disabled: no ip split-horizon eigrp AS-Number
C. At the spoke routers, static NHRP mapping to the hub router is required:ip nhrp map hub- tunnel-ip-address hub-physical-ip-address
D. The GRE tunnel must be associated with an IPsec profile: tunnel protection ipsec profile profile-ActualTests.com name

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 105
The authentication proxy feature has been configured on one of the Company routers. What does authentication proxy on the Cisco IOS Firewall do?
A. Creates specific authorization policies for each user with Cisco Secure ACS, dynamic, per-user security and authorization
B. Provides additional visibility at intranet, extranet, and Internet perimeters “Pass Any Exam. Any Time.” -www.actualtests.com 52 Cisco 642-504: Practice Exam
C. Creates specific security policies for each user with Cisco Secure ACS, dynamic, per-user authentication and authorization
D. Provides secure, per-application access control across network perimeters I

Correct Answer: C Section: (none) Explanation
QUESTION 106
What is wrong with the partial IPsec VPN high-availability configuration displayed in the following exhibit?

A. The crypto map interface configuration statement should reference the dynamic crypto map DM.
B. A static crypto map should be used instead of a dynamic crypto map.
C. The crypto map CM interface configuration statement is missing thestateful option.
D. IPsec is not synchronized with HSRP. ActualTests.com

Correct Answer: D Section: (none) Explanation
QUESTION 107
You are the Cisco Configuration Assistant in your company. Which configuration is not required to enable the Cisco IOS Firewall to inspect a user-defined application which uses TCP ports 8000 and 8001? (Choose three.)
A. access-list 101 permittcp any any eq 8000 access-list 101 permit tcp any any eq 8001 class- map user-10 match access-group 101
B. ip port-map user-10 port tcp 8000 8001 description “TEST PROTOCOL” f~ “Pass Any Exam. Any Time.” – www.actualtests.com 53 Cisco 642-504: Practice Exam
C. ip inspect name test user-10
D. int {type|number} ip inpsect name test in

Correct Answer: BCD Section: (none) Explanation
QUESTION 108
VolumWhich item is true about the relationship between the CLI command and its definition? Not all commands will be used.
1.
clear crypto sa

2.
clear crypto isakmp

3.
show crypto map

4.
show crypto ipsec transform-set

5.
show crypto isakmp policy

6.
show crypto isakmp sa

7.
show crypto ipsec sa
A. 1-2, II-4, III-7, IV-1, V-3
B. 1-2, II-5, III-7, IV-1, V-3
C. 1-2, II-4, III-7, IV-3, V-l D. 1-2, II-5, III-7, IV-3, V-l

Correct Answer: A Section: (none) Explanation
QUESTION 109
You are configuring the authentication feature on a new Company router. Which of the following ActualTests.com correctly sets the IOS Firewall authentication-proxy idle timer to 20 minutes?
A. ip auth-proxy auth-cache 20
B. ip auth-proxy auth-time 20
C. ip auth-proxy auth-cache-time 20
D. ip auth-proxy idle 20

Correct Answer: C Section: (none) Explanation
QUESTION 110
You are a network administrator for the CK Company. You are asked to configure a Cisco router to enroll with a certificate authority. Before configuring enrollment parameters, what is a recommended best practice to perform?
A. If using SCEP, ensure that TCP port 22 traffic is permitted to the router.
B. Contact the registration authority to obtain the enrollment URL.
C. Manually verify the PKC5 #10 certificate prior to enrollment.
D. Configure Network Time Protocol.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 111
You are the Cisco Configuration Assistant in your company, When you configure a site-to-site IPsec VPN tunnel, which configuration must be the exact reverse of the other IPsec peer?
A. IPsec policy
B. ISAKMP policy
C. pre-shared key
D. crypto ACL

Correct Answer: D Section: (none) Explanation
QUESTION 112
Which type of tunnel mode can be used by DM VPN configuration on the tunnel interface?
A. DVMRP
B. IPsec IPv4
C. NHRP D. GRE multipoint

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
ActualTests.com
QUESTION 113
You are configuring the authentication feature on a new Company router. Which of the following configures an authentication proxy rule for the IOS Firewall?
A. ip inspect-proxy name proxyname http
B. ip auth-proxy name proxyname http
C. ip auth-rule proxyname http
D. ip proxy-name proxyname http

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
“Pass Any Exam. Any Time.” – www.actualtests.com 55 Cisco 642-504: Practice Exam
QUESTION 114
NO: 114Which option is correct about the IKE security association according to the exhibit below?

A. The IPsec connection is in an idle state.
B. The IKE association is in the process of being set up.
C. The IKE status is authenticated.
D. The ISAKMP state is waiting for quick mode status to authenticate before IPsec parameters are passed between peers,

Correct Answer: C Section: (none) Explanation
QUESTION 115
You are the Cisco Configuration Assistant in your company. When you implement 802.Ix authentication, which other ACS component will refer the RACs configured under the Shared Profile Components in the ACS?
A. user setup
B. group setup
C. NAP authentication policy
D. NAP authorization policy ActualTests.com

Correct Answer: D Section: (none) Explanation

Both PDF and software format demos for Cisco 642-504 exam dumps are offered by Flydumps for free.You can try Cisco 642-504 free demo before you decide to buy the full version practice test.Cisco 642-504 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-504 dumps will not only help you pass in one attempt,but also save your valuable time.