Cisco 642-637 Vce Dumps, Welcome To Buy Cisco 642-637 Exam With Accurate Answers

Welcome to download the newest Newcerts 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html

Every point of flydumps Cisco 642-637 exam sample questions are loaded with time saving questions and answers exactly like you will find on the Citrix Cisco 642-637 exam. In fact, each Citrix Killtest Cisco 642-637 exam test is guaranteed to give you the edge you require to answer any Cisco 642-637 exam questions with confidence and ease. Additionally, we will offer you our guarantee that our Killtest Cisco 642-637 exam sample questions will ensure your success with actual Cisco 642-637 questions and answers.

QUESTION 81
When implementing GET VPN, which of these is a characteristic of GDOI IKE?
A. GDOI IKE sessions are established between all peers in the network.
B. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy.
C. Each pair of peers has a private set of IPsec security associations that is only shared between the two peers.
D. GDOI IKE uses UDP port 500.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 82
DRAG DROP A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 83

DRAG DROP www.test-inexam.com 33 / 56 The safer , easier way to help you pass any IT exams.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 84

Which of these are the two types of keys used when implementing GET VPN? (Choose two) A. key encryption
A. group encryption
B. pre-shared key
C. public key
D. private key
E. traffic encryption key

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 85
CORRECT TEXT
www.test-inexam.com 34 / 56
The safer , easier way to help you pass any IT exams.
Scenario: You have been given the task of performing initial zone-based policy firewall configurations. You will need to create zones, assign the zones to specific interfaces, and create zone pairs to allow for traffic flow between interfaces. You will also need to define a zone-based policy firewall and assign the policy to the zone pair. To access the router console ports, refer to the exhibit, click the router for access, and perform the following tasks. Note that when performing the configuration, you should use the exact names highlighted in bold below: Globally create zones and label them with the following names: . OUTSIDE . IHSIDE . Assign interfaces to zones as indicated in the exhibit . Create a zone pair for traffic flowing from the inside to outside zones named IH-TO-OUT – . Define a zone-based firewall policy named IH-TO-OUT-POLICY . Use the “match protocol” classification option to statefully inspect HTTP traffic and drop all other traffic . Use a class-map named HTTP_POLICY Apply zone-based firewall policy IN-TO-OUT-POLICY to the zone pair
A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
First we divide the networks into 2 zones: Inside and Outside. Router(config)#zone security INSIDE Router(config)#zone security OUTSIDE Router(config)#interface fa0/0/1 Router(config-if)#no shutdown Router(config-if)#zone-member security INSIDE Router(config)#interface fa0/0/0 Router(config-if)#no shutdown Router(config-if)#zone-member security OUTSIDE Router(config)#class-map type inspect match-any HTTP_POLICY Router(config-cmap)#match protocol http Router(config)#policy-map type inspect IN-TO-OUT-POLICY Router(config-pmap)#class type inspect HTTP_POLICY Router(config-pmap-c)#inspect Router(config)#zone-pair security IN-TO-OUT-POLICY source INSIDE destination OUTSIDE Router (config-sec-zone-pair)#service-policy type inspect IN-TO-OUT-POLICY
QUESTION 86
Refer to the exhibit.
What can be determined from the partial configuration shown?

www.test-inexam.com 35 / 56

The safer , easier way to help you pass any IT exams.
A. The zone-based policy firewall is providing for bridging of non-IP protocols.
B. Since the interfaces are in the same bridge group, access policies are not required.
C. Traffic flow will be allowed to pass between the interfaces without being inspected.
D. The zone-based policy firewall is operating in transparent mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 87
When is it feasible for a port to be both a guest VLAN and a restricted VLAN?
A. this configuration scenario is never be implemented
B. when you have configured the port for promiscuous mode
C. when private VLANs have been configured to place each end device into different subnets
D. when you want to allow both types of users the same services

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Refer to the exhibit.
What can be determined from the information provided in the system image output?
A. The router supports LDAP.
B. A Key Version of “A” indicates that this is an advanced IP security image of the Cisco IOS system.
C. The router is in ROM monitor mode.
D. This is a digitally-signed Cisco IOS image.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Which three of these are sources used when the router is configured for URL filtering? (Choose three.)
A. Websense URL filter
B. AAA server downloadable ACLs www.test-inexam.com 36 / 56 The safer , easier way to help you pass any IT exams.
C. ASA URL filter feature set
D. Trend Micro cloud-based URL filter service
E. locally configured filter rules on the router
F. Cisco SenderBase URL filtering service

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 90
In an 802.1X environment, which feature allows for non-802.1X-supported devices such as printers and fax machines to authenticate?
A. multiauth
B. WebAuth
C. MAB
D. 802.1X guest VLAN

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 91
The advantages of virtual tunnel interfaces (VTIs) over GRE VPN solutions are which three of the following? (Choose three.)
A. VTI can support QoS.
B. VTI provides a routable interface.
C. VTI supports nonencrypted tunnels.
D. VTI is more scalable than a GRE-based VPN solution.
E. IPsec VTIs need fewer established SAs to cover different types of traffic, both unicast and multicast, thus enabling improved scaling.
F. IPsec VTIs require a loopback interface for configuration.

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 92
In Cisco IOS 15.0.1M code for the router platform, which new feature has been added to the zone-based policy firewall?
A. removal of support for port-to-application matching
B. ability to configure policies for traffic that is traveling between interfaces in the same security zone
C. intrazone traffic is not freely permitted by default now
D. NBAR is not compatible with transparent firewall

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 93
When configuring NAT, which three protocols that are shown may have limitations or complications when using NAT? (Choose three.)
A. Kerberos
B. HTTPS
C. NTP
D. SIP
E. FTP www.test-inexam.com 37 / 56
The safer , easier way to help you pass any IT exams.
F. SQL

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Which two answers are potential results of an attacker that is performing a DHCP server spoofing attack? (Choose two.)
A. ability to selectively change DHCP options fields of the current DHCP server, such as the giaddr field.
B. DoS
C. excessive number of DHCP discovery requests
D. ARP cache poisoning on the router
E. client unable to access network resources

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Cisco IOS Software displays the following message: DHCP_SNOOPING_5-DHCP_SNOOPING_MATCH_MAC_FAIL. What does this message indicate?
A. The message indicates that an attacker is pretending to be a DHCP server on an untrusted port.
B. The source MAC address in the Ethernet header does not match the address in the “chaddr” field of the DHCP request message.
C. The message indicates that the DHCP snooping has dropped a DHCP message that claimed an existing, legitimate host is present on an unexpected interface.
D. A Layer 2 port security MAC address violation has occurred on an interface that is set up for untrusted DHCP snooping.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Refer to the exhibit.
Based on the partial configuration that is provided, if a non-802.1X client connects to a port on this switch,
which VLAN will it be assigned to, and how long will it take for the port to time out and transition to the
guest VLAN? (Choose all that apply.)
A. The switch is configured for the default 802.1X timeout period of 90 seconds. www.test-inexam.com 38 / 56 The safer , easier way to help you pass any IT exams.
B. The 802.1X authentication process will time out in 10 seconds and immediately change the port to the guest VLAN.
C. The 802.1X authentication process will time out, and the switch will roll over the port to the guest VLAN in 15 seconds.
D. The non-802.1X client and phones will all be assigned to VLAN 30.
E. The non-802.1X client will be assigned to VLAN 40.
F. The non-802.1X client will be assigned to VLAN 10.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
When 802.1X is implemented, how do the authenticator and authentication server communicate?
A. RADIUS
B. TACACS+
C. MAB
D. EAPOL

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Refer to the exhibit.
What can be determined about IPS updates from the configuration shown?
A. Updates will be stored on the ida-client server.
B. Updates will be stored in the directory labeled “cisco.”
C. Updates will be retrieved from an external source every day of the week.
D. Updates will occur once per week on Sundays between midnight and 6 a.m. (0000 and 0600).

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit.
Which of these is correct based on the partial configuration shown?
www.test-inexam.com 39 / 56
The safer , easier way to help you pass any IT exams.
A. The policy is configured to use an authentication key of “rsa-sig.”
B. The policy is configured to use hashing group sha-1.
C. The policy is configured to use triple DES IPsec encryption.
D. The policy is configured to use digital certificates.
E. The policy is configured to use access list 101 to identify the IKE-protected traffic.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 100
When uploading an IPS signature package to a Cisco router, what is required for the upload to self-extract the files?
A. the idconf on the end of the copy command
B. a public key on the Cisco router
C. IPS must be disabled on the upload interface
D. HTTP Secured server must be enabled

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 101
To prevent a spanning-tree attack, which command should be configured on a distribution switch port that is connected to an access switch?
A. spanning-tree portfast bpduguard default
B. spanning-tree backbone fast
C. spannning-tree bpduguard enable
D. spanning-tree guard root

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
In a GETVPN solution, which two ways can the key server distribute the new keys to the group members during the rekey process? (Choose two.)
A. multicast UDP transmission
B. multicast TCP transmission
C. unicast UDP transmission
D. unicast TCP transmission

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
www.test-inexam.com 40 / 56
The safer , easier way to help you pass any IT exams.
QUESTION 103
You are a network administrator and are moving a web server from inside the company network to a DMZ segment that is located on a Cisco router. The web server was located at IP address 172.16.10.50 on the inside and changed to the IP address 172.20.10.5 on the DMZ. Additionally, you are moving the web port to 8080 but do not want your inside users to be affected. Which NAT statement should you configure on your router to support the change?
A. hostname(config)# ip nat inside source static 172.16.10.50 172.20.10.5
B. hostname(config)# ip nat inside source static tcp 172.16.10.50 80 172.20.10.5 8080
C. hostname(config)# ip nat outside source static tcp 172.16.10.50 80 172.20.10.5 8080
D. hostname(config)# ip nat static outside source tcp 172.20.10.5 80 172.16.10.50 8080
E. hostname(config)# ip nat static inside source udp 172.20.10.50 172.20.10.5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Flydumps.com Cisco 642-637 material details are researched and created by the most professional certified authors who are regularly using current exams experience to create precise and logical dumps. You can get questions and answers from many other websites or books, but logic is the main key of success. And Flydumps will give you this key of success.

Welcome to download the newest Newcerts 350-060 VCE dumps: https://www.pass4itsure.com/350-060.html

Cisco 642-637 Vce Dumps, Welcome To Buy Cisco 642-637 Exam With Accurate Answers