The Newest VCE and PDF! As we know,only valid and newest Cisco 642-504 Flydumps vce can help you a lot in passing the exam. Just try Flydumps Cisco 642-504 latest vce and pdf, which are authenticated by expert and covering every aspect of Cisco https://www.pass4itsure.com/642-504.html exam.100% money back guarantee!
QUESTION 40
Which action does the interface configuration command switchport protected enable?
A. groups ports into an isolated community when configured on multiple ports
B. configures the interface for the PVLAN edge
C. provides isolation between two protected ports located on different switches PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
D. allows traffic on protected ports to be forwarded at Layer 2
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 41
What configuration task must you perform prior to configuring private VLANs?
A. enable port security on the interface
B. associate all isolated ports to the primary VLAN
C. set the VTP mode to transparent
D. configure PVLAN trunking
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 42
When deploying 802.1X authentication on Cisco Catalyst switches, what are two possible options for authenticating the clients that do not have an 802.1X supplicant? (Choose two.)
A. MAC Authentication Bypass
B. Active Directory Single Sign-On
C. authentication proxy
D. web authentication
E. Protected EAP
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 43
When implementing EIGRP dynamic routing over DMVPN, what are three configuration tasks required at the hub router tunnel interface? (Choose three.)
A. disabling EIGRP ip next-hop-self
B. disabling EIGRP ip split-horizon
C. disabling EIGRP auto-summary
D. disabling EIGRP stub
E. enabling multipoint GRE
F. configuring the NHRP next-hop server IP address
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 44
Refer to the exhibit.
What is wrong with the GRE over IPsec configuration shown?
PassGuide.com-Make You Succeed To Pass IT Exams
PassGuide 642-504
A. The crypto map is not correctly configured.
B. The crypto ACL is not correctly configured.
C. The network 172.16.0.0 command is missing under router eigrp 1 .
D. ESP transport mode should be configured instead of using the default tunnel mode.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 45
When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS
F. OWA
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which three of these statements are correct regarding DMVPN configuration? (Choose three.)
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
A. If running EIGRP over DMVPN, the hub router tunnel interface must have “next hop self” enabled: ip next-hop-self eigrp AS-Number
B. If running EIGRP over DMVPN, the hub router tunnel interface must have split horizon disabled: no ip split-horizon eigrp AS-Number
C. The spoke routers must be configured as the NHRP servers: ip nhrp nhs spoke-tunnel-ip-address
D. At the spoke routers, static NHRP mapping to the hub router is required: ip nhrp map hub-tunnel-ip-address hub-physical-ip-address
E. The GRE tunnel mode must be set to point-to-point mode: tunnel mode gre point-to-point
F. The GRE tunnel must be associated with an IPsec profile: tunnel protection ipsec profile profile-name
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Refer to the exhibit.
What is wrong with the partial IPsec VPN high-availability configuration shown here?
A. A static crypto map should be used instead of a dynamic crypto map.
B. The crypto map CM interface configuration statement is missing the stateful option.
C. The crypto map interface configuration statement should reference the dynamic crypto map DM.
D. IPsec is not synchronized with HSRP.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
You are an administrator configuring a Cisco router to enroll with a certificate authority. What is a recommended best practice to perform prior to configuring enrollment parameters?
A. Contact the registration authority to obtain the enrollment URL.
B. Manually verify the PKCS #10 certificate prior to enrollment.
C. Configure the certificate revocation list to ensure that you do not receive revoked CA certificates.
D. Configure Network Time Protocol.
E. If using SCEP, ensure that TCP port 22 traffic is permitted to the router.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
QUESTION 49
DMVPN configuration uses which tunnel mode type on the tunnel interface?
A. DVMRP
B. IPsec IPv4
C. NHRP
D. GRE multipoint
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 50
Refer to the exhibit.
What is true regarding the IKE security association?
A. The IPsec connection is in an idle state.
B. The IKE association is in the process of being set up.
C. The IKE status is authenticated.
D. The ISAKMP state is waiting for quick mode status to authenticate before IPsec parameters are passed between peers.
Correct Answer: C Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
When configuring a Cisco Easy VPN server, what must be configured prior to entering VPN configuration parameters?
A. AAA
B. ISAKMP peer authentication method
C. XAuth
D. SSH
E. crypto ACL
F. NTP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which parameter is configured under the router(config-isakmp)# configuration mode?
A. use of digital certificates for authentication
B. the IPsec transform set
C. the reference to the crypto ACL PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
D. the IPsec peer IP address
E. the pre-shared key value
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which two statements are correct regarding Network Address Translation and IPsec interoperability? (Choose two.)
A. ESP does not work with NAT.
B. AH does not work with NAT.
C. ESP does not work with PAT.
D. NAT-T uses TCP port 4500.
E. NAT-T sends NAT discovery packets after IKE Phase 2 establishment.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 54
If the show crypto isakmp sa output shows a state of “QM_IDLE” with the “Active” status, what does that most likely indicate?
A. IKE Phase 1 quick mode negotiation has failed.
B. The security association is waiting for the timeout to expire before retrying the ISAKMP SA establishment.
C. An ISAKMP SA exists.
D. Peer authentication has failed during IKE Phase 1.
E. IKE Phase 1 is in the negotiation state.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which Cisco IOS IPS risk rating component uses a low value of 75, a medium value of 100, a high value of 150, and a mission-critical value of 200?
A. Signature Fidelity Rating
B. Attack Severity Rating
C. Target Value Rating
D. Attack Relevancy Rating
E. Promiscuous Delta
F. Watch List Rating
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 56
In DMVPN, the NHRP process allows which requirement to be met?
A. dynamic physical interface IP address at the spoke routers
B. high-availability DMVPN designs PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
C. dynamic spoke-to-spoke on-demand tunnels
D. dynamic routing over the DMVPN
E. dual DMVPN hub designs
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
When deploying 802.1X authentication on Cisco Catalyst switches, which traffic can be passed between the client PC and the Cisco Catalyst switch over the uncontrolled port?
A. RADIUS
B. TACACS+
C. HTTP
D. DHCP
E. EAPoLAN
F. CDP
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Refer to the exhibit.
Which two configuration commands are used to apply an inspect policy map for traffic traversing from the
E0 or E1 interface to the S3 interface? (Choose two.)
A. zone-pair security test source Z1 destination Z2
B. interface E0
C. policy-map myfwpolicy class class-default inspect
D. ip inspect myfwpolicy out
E. ip inspect myfwpolicy in
F. service-policy type inspect myfwpolicy
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Cisco IOS SSL VPN thin-client mode has which two characteristics? (Choose two.)
A. uses a Java applet
B. supports TCP and UDP applications that use static port(s) PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-504
C. provides full tunnel access like the IPsec VPN software client
D. requires the use of browser plug-ins
E. provides TCP port forwarding capabilities
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: QUESTION 60
Refer to the exhibit.
Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN
functionality?
A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
We provide thoroughly reviewed Cisco 642-504 using the training resources which are the best for Cisco https://www.pass4itsure.com/642-504.html,and to get certified by Microsoft Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 642-504 content and to print and share content.