About the Free Cisco 642-502 Study Guide With The All New Exam Questions Of FlydumpsAbout the Free Cisco 642-502 Study Guide With The All New Exam Questions Of Flydumps
Important Info — Cisco 642-502 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-502 exam dumps.Visit Flydumps.com to get more valid information.
Exam A
QUESTION 1
What are the two functions that crypto ACLs perform on outbound traffic? Choose two.
A. bypasses outbound traffic that should be protected by IPSec
B. selects inbound traffic that should be protected by IPSec
C. selects outbound traffic that should be protected by IPSec
D. sends outbound traffic that should not be protected by IPSec as clear text
E. discards outbound traffic that should not be protected by IPSec
F. discards outbound traffic that requires protection by IPSec
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Refer to the exhibit. An administrator cannot telnet to the router. The administrator is not prompted for a username or password and cannot ping the router. After reviewing the output of a show running-config command, what do you determine?
A. AAA is not enabled.
B. Everything is configured correctly (the problem must be caused by something else).
C. An access control list is blocking traffic.
D. The wrong passwords are being used.
E. The TACACS server must be unreachable.
F. The wrong authentication method is applied to lines.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 3
Which three thresholds does CBAC on the Cisco IOS Firewall provide against DoS attacks? Choose three.
A. number of half-open sessions based upon time
B. total number of half-open TCP or UDP sessions
C. number of fully open sessions based upon time
D. number of half-open TCP-only sessions per host
E. total number of fully open TCP or UDP sessions
F. number of fully open TCP-only sessions per host
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the LAN Wizard screen in the exhibit. How many bits would you input to configure this host for a subnet consisting of two hosts on subnet 172.26.26.0?
A. 3
B. 4
C. 24
D. 30
E. 128
F. 255
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the Cisco Router and Security Device Manager page in the exhibit.
What would be the result of clicking the “Launch the selected task” button in the VPN configuration screen?
A. to start the GRE site-to-site VPN connection configuration
B. to edit the site-to-site VPN connection
C. to start the security audit
D. to start the Easy VPN Server configuration
E. to start the default site-to-site VPN connection configuration
F. to start the Easy VPN Remote configuration
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Where are access profiles stored with the authentication proxy features of the Cisco IOS Firewall?
A. PIX Firewall
B. Cisco router
C. Cisco VPN Concentrator
D. Cisco Secure ACS authentication server
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Choose the correct command to allow IKE to establish the IPSec security associations.
A. crypto map 10 isakmp
B. crypto map 10 manual
C. crypto map MYMAP ipsec-isakmp
D. crypto map MYMAP ipsec-manual
E. crypto map MYMAP 10 ipsec-isakmp
F. crypto map MYMAP 10 ipsec-manual
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Choose the correct command to generate two RSA key pairs for use with certificate authority.
A. key generate rsa general-keys
B. key generate rsa usage-keys
C. crypto key generate rsa general-keys
D. crypto key generate rsa usage-keys
E. enable crypto key generate rsa general-keys
F. enable crypto key generate rsa usage-keys
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which command is required to specify the authorization protocol for authentication proxy?
A. auth-proxy group tacacs+
B. aaa auth-proxy default group tacacs+
C. authorization auth-proxy default group tacacs+
D. aaa authorization auth-proxy default group tacacs+
E. aaa authorization auth-proxy group tacacs+
F. aaa authorization auth-proxy default group
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which Cisco Catalyst IOS command can be used to mitigate a CAM table overflow attack?
A. switch(config-if)# port-security maximum 1
B. switch(config)# switchport port-security
C. switch(config-if)# port-security
D. switch(config-if)# switchport port-security maximum 1
E. switch(config-if)# switchport access
F. switch(config-if)# access maximum 1
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
An authentication attempt to a Cisco Secure ACS for Windows server failed, yet no log entries are in the reports. What are two possible causes of this problem? (Choose two.)
A. user is not defined
B. user belongs to the wrong group
C. CSAUTH service is down on the Cisco Secure ACS server
D. password has expired
E. user entered an incorrect password
F. communication path between the NAS and Cisco Secure ACS server is down
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What are three main components of the Cisco IOS Firewall feature set? (Choose three.)
A. Context-based Access Control
B. port security
C. authentication proxy
D. authentication, authorization, and accounting
E. Intrusion Prevention System
F. neighbor router authentication
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 13
The SDF uses which type of file format, with a definition of each signature along with relevant configurable actions?
A. ASCII
B. HTML
C. JPEG
D. Word
E. text
F. XML
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two are typical Layer 2 attacks? (Choose two.)
A. MAC spoofing
B. CAM table overflow
C. route poisoning
D. DHCP Starvation
E. ARP Starvation
F. spam
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What kind of signatures trigger on a single packet? (Choose one.)
A. regenerative
B. cyclical
C. atomic
D. dynamic
E. compound
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What does authentication proxy on the Cisco IOS Firewall do?
A. creates specific authorization policies for each user with Cisco Secure ACS, dynamic, per-user security and authorization
B. provides additional visibility at intranet, extranet, and Internet perimeters
C. creates specific security policies for each user with Cisco Secure ACS, dynamic, per-user authentication and authorization
D. provides secure, per-application access control across network perimeters
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Select the two protocols used to provide secure communications between SDM and the target router. (Choose two.)
A. HTTPS
B. RCP
C. Telnet
D. SSH
E. HTTP
F. AES
Correct Answer: AD Section: (none) Explanation Explanation/Reference:
QUESTION 18
Which one of the following actions is used to send SDM generated commands to the target router?
A. Refresh
B. Save
C. Deliver
D. Download
E. Copy-config
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Select the maximum number of routers SDM can manage simultaneously?
A. 1
B. 5
C. 50
D. 100
E. 1000
F. determined by router model
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Drag Drop question A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 21
The Cisco Identity-Based Networking Services (IBNS) solution is based on which two standard implementations? (Choose two.)
A. TACACS+
B. RADIUS
C. 802.11
D. 802.1x
E. 802.1q
F. IPSec
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Which module is audited first when packets enter an IOS Firewall IDS and match a specific audit rule?
A. TCP
B. ICMP
C. IP
D. application level
E. UDP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 23
How does the user trigger the authentication proxy after the idle timer expires?
A. authenticates the user
B. initiates another HTTP session
C. enters a new username and password
D. enters a valid username and password
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Refer to the exhibit. Given the output of the show crypto ipsec sa command, which encryption algorithm is being used?
A. PCP
B. ESP
C. DES
D. 3DES
E. AH
F. HMAC
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which Cisco Catalyst IOS command is used to mitigate a MAC spoofing attack?
A. switch(config-if)# port-security mac-address 0000.ffff.aaaa
B. switch(config)# switchport port-security mac-address 0000.ffff.aaaa
C. switch(config-if)# switchport port-security mac-address 0000.ffff.aaaa
D. switch(config)# port-security mac-address 0000.ffff.aaaa
E. switch(config-if)# mac-address 0000.ffff.aaaa
F. switch(config)# security mac-address 0000.ffff.aaaa
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 26
Which three keywords are used with the dot1x port-control command? (Choose three.)
A. enable
B. force-authorized
C. force-unauthorized
D. authorized
E. unauthorized
F. auto
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit. After reviewing the running-config file, what do you determine?
A. No one will be able to log in.
B. No one will be able to console in.
C. The wrong authentication method is applied to lines.
D. Users will use the local database to log in to console.
E. Users will use the password cisco to log in to console.
F. Users will use the local database to log in to vty.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which one of the following actions is used to prevent newly configured SDM commands from being sent to a target router?
A. Delete
B. Remove
C. Undo
D. Clear-commands
E. Refresh
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Choose the correct command that will load the SDF into a router and merge the new signatures with those that are already loaded in the router.
A. copy flash ips-sdf
B. copy url ips-sdf
C. copy ips-sdf url
D. write flash ips-sdf
E. write ips-sdf url
F. write url ips-sdf
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Choose the correct command to disable signature 1000 in the SDF file.
A. 1000 disable
B. no ip ips signature 1000
C. no ip ips signature 1000 enable
D. ip ips signature 1000 disable
E. ip signature 1000 disable
F. signature 1000 disable
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 31
What is the minimum IOS release that supports SDM?
A. 11.2
B. 12.0
C. 12.1
D. 12.2
E. 6.1
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
Choose the correct global command that will specify the TACACS server.
A. host 10.1.1.4
B. server 10.1.1.4
C. tacacs-server host 10.1.1.4
D. tacacs-server 10.1.1.4
E. tacacs-host host 10.1.1.4
F. server-tacacs host 10.1.1.4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 33
What defines the standard certificate format?
A. CEP
B. CRLv2
C. ISAKMP
D. X.509v3
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which four files are required for basic HTTP connectivity to SDM? (Choose four.)
A. home.html
B. home.tar
C. home.cfg
D. sdm.tar
E. sdm.html
F. sdmconfig-xxxx.cfg
Correct Answer: ABDF Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Choose the two types of signature implementations that the IOS Firewall IDS can detect. (Choose two.)
A. atomic
B. dynamic
C. regenerative
D. cyclical
E. compound
F. complex
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Cisco 642-502 tests containing questions that cover all sides of tested subjects that help our members to be prepared and keep high level of professionalism. The main purpose of Cisco 642-502 exam is to provide high quality test that can secure and verify knowledge, give overview of question types and complexity that can be represented on real exam certification