Cisco 642-637 Dump, Most Popular Cisco 642-637 Tests With The Knowledge And Skills

Completed the Cisco 642-637 test and passed with high scores.New Cisco 642-637 test have been changed with many questions last month ago,and now new exam questions and answers have been added on Cisco 642-637,which is realiable according to my real test.

QUESTION 50

You have enabled Cisco IOS IPS on a router in your network. However, you are not seeing expected events on your monitoring system (such as Cisco IME). On the router, you see events being captured. What is the next step in troubleshooting the problem?
A. verify that syslog is configured to send events to the correct server www.test-inexam.com 20 / 56 The safer , easier way to help you pass any IT exams.
B. verify SDEE communications
C. verify event action rules
D. verify that the IPS license is valid

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Which two of these are features of control plane security on a Cisco ISR? (Choose two.
A. CoPP
B. RBAC
C. AAA
D. CPPr
E. uRPF
F. FPM

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 52
Which two of these are potential results of an attacker performing a DHCP server spoofing attack? (Choose two.)
A. DHCP snooping
B. DoS
C. confidentiality breach
D. spoofed MAC addresses
E. switch ports being converted to an untrusted state

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 53
When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned?
A. It is calculated from the Event Risk Rating.
B. It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating
C. It is manually set by the administrator.
D. It is set based upon SEAP functions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which of these should you do before configuring IP Source Guard on a Cisco Catalyst switch?
A. Enable NTP for event correlation
B. Enable IP routing authentication
C. Configure an access list with exempt DHCP-initiated IP address ranges
D. Turn DHCP snooping on at least 24 hours in advance

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
What action will the parameter-map type ooo global command enable?
A. globally initiates tuning of the router’s TCP normalizer parameters for out-of-order packets www.test-inexam.com 21 / 56 The safer , easier way to help you pass any IT exams.
B. globally classifies type ooo packets within the parameter map and subsequent policy map
C. enables a parameter map named ooo
D. configures a global parameter map for traffic destined to the router itself
Correct Answer: A Section: (none) Explanation

Explanation/Reference:
QUESTION 56
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 57

CORRECT TEXT www.test-inexam.com 22 / 56 The safer , easier way to help you pass any IT exams.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: R1# show crypto gdoi -or- R2# show crypto gdoi
QUESTION 58
CORRECT TEXT

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: R2# show crypto ipsec transform-set
QUESTION 59
CORRECT TEXT www.test-inexam.com 23 / 56 The safer , easier way to help you pass any IT exams.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: R2# show crypto gdoi ks -or- R2# show crypto gdoi ks members -or- R1# show ip interface brief
QUESTION 60
CORRECT TEXT A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: R2# show crypto gdoi group GETVPNGROUP
QUESTION 61
CORRECT TEXT www.test-inexam.com 24 / 56 The safer , easier way to help you pass any IT exams.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: R1# show crypto map -or- R1# show crypto isakmp key
QUESTION 62
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?
A. EAP-MD5
B. IPsec
C. EAPOL
D. RADIUS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
You are loading a basic IPS signature package onto a Cisco router. After a period of time, you see this
message:
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 275013 ms. What do you expect happened
during downloading and compilation of the files?

A. The files were successfully copied with an elapse time of 275013 ms. The router will continue with extraction and compilation of the signature database.
B. The signature engines were compiles, but there is no indication that the actual signatures were compiled.
C. The compilation failed for some of the signature engines. There are 16 engines, but only 6 were completed according to the %IPS-6 message
D. The files were compiled without error.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 64
www.test-inexam.com 25 / 56
The safer , easier way to help you pass any IT exams.
Refer to the exhibit. Given the configuration shown, which of these statements is correct?

A. An external service is providing URL filtering via a subscription service.
B. All HTTP traffic to websites with the name “Gambling” included in the URL will be reset.
C. A service policy on the zone pair needs to be configured in the opposite direction or all return HTTP traffic will be blocked by policy
D. The URL filter policy has been configured in a fail-closed scenario.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 65
DRAG DROP www.test-inexam.com 26 / 56 The safer , easier way to help you pass any IT exams.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 66

Refer to the exhibit. Which two of these are most likely to have caused the issue with NHRP, given this output of the show command? (Choose two.)

A. There was a network ID mismatch.
B. The spoke router has not yet sent a request via Tunnel0.
C. The spoke router received a malformed NHRP packet.
D. There was an authentication key mismatch.
E. The registration request was expecting a return request ID of 1201, but received an ID of 120.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 67
www.test-inexam.com 27 / 56
The safer , easier way to help you pass any IT exams.
DRAG DROP
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 68

You have configured a guest VLAN using 802.1X on a Cisco Catalyst switch. A client incapable of using 802.1X has accessed the port and has been assigned to the guest VLAN. What happens when a client capable of using 802.1Xjoins the network on the same port?
A. The client capable of using 802.1X is allowed access and proper security policies are applied to the client.
B. EAPOL packets will not be allowed on the guest VLAN and the access attempt with fail.
C. The port is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted.
D. This is considered a security breach by the authentication server and all users on the access port will be placed into the restricted VLAN.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Refer to the exhibit. What can be determined from the information shown?
The safer , easier way to help you pass any IT exams.

A. The user has been restricted to privilege level 1.
B. The standard access list should be reconfigured as an extended access list to allow desired user permissions
C. RBAC has been configured with restricted views.
D. IP access list DMZ_ACL has not yet been configured with proper permissions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit. Assuming that all other supporting configurations are correct, what can be determined from the partial IP admission configuration shown?

A. The router will forward authentication requests to a AAA server for authentication and authorization.
B. The user maint3nanc3 will have complete CLI command access once authenticated.
C. After a period of 20 minutes, the user will again be required to provide authentication credentials. www.test-inexam.com 29 / 56 The safer , easier way to help you pass any IT exams.
D. The authentication proxy will fail, because the router’s HTTP server has not been enabled.
E. All traffic entering interface GO/1 will be intercepted for authentication, but only Telnet traffic will be authorized.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 71
What will the authentication event fail retry 0 action authorize vlan 300 command accomplish?
A. assigns clients that fail 802.1X authentication into the restricted VLAN 300
B. assigns clients to VLAN 300 and attempts reauthorization
C. assigns a client to the guest VLAN 300 if it does not receive a response from the client to its EAPOL request/identity frame
D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain network access again for 300 seconds

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 72
DRAG DROP

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 73

When you are configuring a DMVPN network, which tunnel mode should you use for the hub router configuration?
A. GRE multipoint
B. Nonbroadcast multiaccess www.test-inexam.com 30 / 56 The safer , easier way to help you pass any IT exams.
C. Classic point-to-point GRE
D. IPsec multipoint

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which Cisco IOS feature provides secure, on-demand meshed connectivity?
A. DMVPN
B. Easy VPN
C. IPsec VPN
D. mGRE

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 75
You have configured a Cisco router to act a PKI certificate server. However, you are experiencing problems starting the server. You have verified that al CA parameters have been correctly configured. What is the next step you should take in troubleshooting this problem?
A. Disable and restart the router’s HTTP server function
B. Enable the SCEP interface
C. Verify the RSA key pair and generate new keys
D. Verify that the correct time is being used and time source are reachable

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which three of these are features of data plane security on a Cisco ISR? (Choose three)
A. uRPF
B. NetFlow export
C. FPM
D. CPPr
E. RBAC
F. routing protocol filtering

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What will the authentication event fail retry 0 action authorize vlan 300 command accomplish?
A. assigns clients that fail 802.1X authentication into the restricted VLAN 300
B. assigns clients to VLAN 300 and attempts reauthorization
C. assigns a client to the guest VLAN 300 if it does not receive a response from the client to its EAPOL request/identity frame
D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain network access again for 300 seconds

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 78
When you are configuring DHCP snooping, how should you classify access ports?
www.test-inexam.com 31 / 56
The safer , easier way to help you pass any IT exams.
A. untrusted
B. trusted
C. promiscuous
D. private

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 79
When configuring URL filtering with the Trend Micro filtering service. Which of these steps must you take to prepare for configuration?
A. define blacklists and whitelists
B. categorize traffic types
C. install the appropriate root CA certificate on the router
D. synchronize clocks via NTP to ensure accuracy of URL filter updates from the service

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which of these is correct regarding the functionality of DVTI tunnels?
A. DVTI tunnels are created dynamically from a preconfigured template as tunnels are established to the hub.
B. The hub router needs a static DVT1 tunnel to each spoke router in order to establish remote communications from spoke to spoke.
C. Spoke routers require a virtual template to clone the configuration on which the DVTI tunnel is established.
D. DVTI tunnels appear on the hub as tunnel interfaces.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

CCNA Cisco 642-637 Certification Exam contains a powerful new testing engine that allows you to focus on individual topic areas or take complete, timed exams from Cisco 642-637.The assessment engine also tracks your performance and presents feedback on a module-by-module basis, providing question-by-question CheckPoint 156-215 Certification to the text and laying out a complete study plan for review.CCNA Cisco 642-637 Certification also includes a wealth of hands-on practice exercises and a copy of the Cisco 642-637 Certification network simulation software that allows you to practice your CCNA Cisco 642-637 Certification hands-on skills in a virtual lab environment.The Cisco 642-637  Certification supporting website keeps you fully informed of any exam changes.