New Dumps- Free Download Of Cisco 642-503 VCE And PDF Certification

Why not try Flydumps Cisco 642-503 vce or pdf exam dumps? All the new questions and answers were timely added to the Pass4itsure Cisco 642-503 study guide.Visit Flydumps.com to get free Cisco 642-503 VCE and PDF.

Exam A
QUESTION 1
Which of these statements is correct regarding user setup on ACS 4.0?
A. In the case of conflicting settings, the settings at the group level override the settings configured at the user level.
B. A user can belong to more than one group.
C. The username can contain characters such as “#” and “?”.
D. By default, users are assigned to the default group.
E. The ACS PAP password cannot be used as the CHAP password also.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which two commands are used to only allow SSH traffic to the router Eth0 interface and deny other management traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. interface eth0
B. control-plane host
C. policy-map type port-filter policy-name
D. service-policy type port-filter input policy-name
E. management-interface eth0 allow ssh
F. line vty 0 5 transport input ssh

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit. Why is the Cisco IOS Firewall authentication proxy not working?

A. The aaa authentication auth-proxy default group tacacs+ command is missing in the configuration.
B. The router local username and password database is not configured.
C. Cisco IOS authentication proxy only supports RADIUS and not TACACS+.
D. HTTP server and AAA authentication for the HTTP server is not enabled.
E. The AAA method lists used for authentication proxy should be named “pxy” rather than “default” to match the authentication proxy rule name.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
When troubleshooting site-to-site IPsec VPN on Cisco routers, you see this console message:
%CRYPTO-6-IKMP_SA_NOT_OFFERED: Remote peer %15i responded with attribute [chars] not offered or changed
Which configuration should you verify?
A. the crypto ACL
B. the crypto map
C. the IPsec transform set
D. the ISAKMP policies
E. the pre-shared key
F. the DH group

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 5
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 6
When verifying Cisco IOS IPS operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. immediately after you configure the ip ips sdf location flash:filename command
B. immediately after you configure the ip ips sdf builtin command
C. after you configure a Cisco IOS IPS rule in the global configuration
D. after traffic reaches the interface with Cisco IOS IPS enabled
E. when the first Cisco IOS IPS rule is enabled on an interface
F. when the SMEs are put into active state using the ip ips name rule-name command

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Why is the Total Active Signatures count zero?

A. The 128MB.sdf file in flash is corrupted.
B. IPS is in fail-open mode.
C. IPS is in fail-closed mode.
D. IPS has not been enabled on an interface yet.
E. The flash:/128MB.sdf needs to be merged with the built-in signatures first.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 8
When configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Define a stack of protocol headers.
B. Define a traffic policy.
C. Define a service policy.
D. Define a class map of type “access-control” for classifying packets.
E. Reload the router.
F. Save the PHDFs to startup-config.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Refer to the exhibit. Which two statements are correct? (Choose two.)
A. Cisco IOS IPS will fail-open.
B. The basic signatures (previously known as 128MB.sdf) will be used if the built-in signatures fail to load.
C. The built-in signatures will be used.
D. SDEE alert messages will be enabled.
E. syslog alert messages will be enabled.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit. When you configure DHCP snooping, which ports should be configured as trusted ?

A. port A only
B. port E only
C. ports B and C
D. ports A, B, and C
E. ports B, C, and E
F. ports A, B, C, and E

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1x guest VLAN functionality?

A. aaa authentication dot1x default group radius
B. aaa authorization network default group radius
C. aaa accounting dot1x default start-stop group radius
D. aaa accounting system default start-stop group radius
E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What does this command do?
router(config)# ip port-map user-1 port tcp 4001
A. enables application firewall inspection on a user-defined application that is mapped to TCP port 4001
B. enables NBAR to recognize a user-defined application on TCP port 4001
C. enables the Cisco IOS Firewall to inspect TCP port 4001 as part of the ip inspect name xxx TCP inspection rule
D. defines a user application in the PAM table where the user-defined application is called “user-1” and that application is mapped to TCP port 4001

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
What are the three authentication methods that you can use during IKE Phase 1? (Choose three.)
A. AAA or Local Authentication
B. Kerberos
C. pre-shared key
D. RSA signature
E. RSA encrypted nonce
F. DH

Correct Answer: CDE Section: (none) Explanation
Explanation/Reference: QUESTION 14
The PHDF stored in the router flash memory is required for which of these applications to function?
A. NBAR
B. CPPr
C. FPM
D. PAM
E. CoPP
F. Zone-Based Firewall

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS
F. OWA

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What are two benefits of using an IPsec GRE tunnel? (Choose two.)
A. It allows dynamic routing protocol to run over the tunnel interface.
B. It has less overhead than running IPsec in tunnel mode.
C. It allows IP multicast traffic.
D. It requires a more restrictive crypto ACL to provide finer security control.
E. It supports the use of dynamic crypto maps to reduce configuration complexity.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 18
When you enter the switch(config)#aaa authentication dot1x default group radius command on a Cisco Catalyst switch, the Cisco IOS parser returns with the “invalid input detected” error message. What can be the cause of this error?
A. You must use the dot1x system-auth-control command first to globally enable 802.1x.
B. You must define the RADIUS server IP address first, using the switch(config)# radius-server host ip-address command.
C. You must enter the aaa new-model command first.
D. The method-list name is missing in the command.
E. The local option is missing in the command.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Cisco IOS Zone-Based Firewall uses which of these to identify a service or application from traffic flowing through the firewall?
A. NBAR
B. extended access list
C. PAM table
D. deep packet inspection
E. application layer inspection
F. CEF table

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 20
Refer to the DMVPN topology diagram in the exhibit. Which two statements are correct? (Choose two.)

A. The hub router needs to have EIGRP split horizon disabled.
B. At the Spoke A router, the next hop to reach the 192.168.2.0/24 network is 10.0.0.1.
C. Before a spoke-to-spoke tunnel can be built, the spoke router needs to send an NHRP query to the hub to resolve the remote spoke router physical interface IP address.
D. At the Spoke B router, the next hop to reach the 192.168.1.0/24 network is 172.17.0.1.
E. The spoke routers act as the NHRP servers for resolving the remote spoke physical interface IP address.
F. At the Spoke A router, the next hop to reach the 192.168.0.0/24 network is 172.17.0.1.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:

The actual Cisco 642-503 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your Cisco 642-503 certification exam. You will find we are a trustful partner if you choose us as your assistance on your Cisco 642-503 certification exam. Now we add the latest Cisco 642-503 content and to print and share content.

Continue Reading

2016 New Updated — Latest Cisco 642-503 Exam Questions with PDF and VCE 100% Pass Gurantee

If you want to pass Cisco 642-503 successfully, do not missing to read Flydumps latest Cisco https://www.pass4itsure.com/642-503.html practice tests. 100% Guarantee! All the dumps are updated timely.

Exam A QUESTION 1
:
Please study the exhibit carefully.
What traffic will be matched to the “qt-class” traffic class?
A. all traffic matched by the “host-protocols” named access list
B. all other traffic arriving at the interface where the “qt-policy” policy map is applied
C. all TCP and UDP protocol ports open on the router not specifically matched
D. all traffic other than SNMP and Telnet to the router
E. all traffic matched by the “host-protocols” nested class map

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
:

DRAG DROP You work as a network technician at Certkiller .com. Your boss, miss Certkiller, is interested
in IBNS 802.1x authentication features. Match the proper features with appropriate descriptions.
Note: not all features are used.

A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 3
:
Please study the exhibit carefully.
Which two statements are true about the configurations shown? (Choose two.)
A. The clickable links will have a heading entitled “MYLINKS”.
B. ACS will be used for remote-user authentication by default.
C. This is an example of a clientless configuration.
D. The home page will have three clickable links on it.
E. Thin client (port forwarding) has been enabled using the url-text command.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
:

What can you determine about the configuration?
A. 3DES encryption will be used.
B. The authentication method used between the IPsec peers is pre-shared key.
C. This is a dynamic crypto map.
D. Traffic matched by ACL 101 will not be encrypted.
E. HMAC-MD5 authentication will be used.
F. ESP tunnel mode will be used.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Cisco Easy VPN Server pushes parameters such as the client internal IP address, DHCP server IP address, and WINS server IP address to the Cisco Easy VPN Remote client during which of these phases?
A. IKE mode configuration
B. IKE XAUTH
C. IKE Phase 1 first message exchange
D. IKE quick mode
E. IKE Phase 2 last message exchange
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
The PHDF stored in the router flash memory is required for which of these applications to function?
A. PAM
B. Zone-Based Firewall
C. CPPr
D. CoPP
E. NBAR
F. FPM
Correct Answer: F Section: (none) Explanation
Explanation/Reference:

We help you do exactly that with our high quality Cisco 642-503 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco https://www.pass4itsure.com/642-503.html PDF readers that are available for free.

Continue Reading