Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-503 Exam -

Free 642-503 Sample Questions:

1. Which two statements are true regarding classic Cisco IOS Firewall configurations? (Choose two.)
A. You can apply the IP inspection rule in the inbound direction on the trusted interface.
B. You can apply the IP inspection rule in the outbound direction on the untrusted interface.
C. For temporary openings to be created dynamically by Cisco IOS Firewall, the access list for the returning traffic must be a standard ACL.
D. For temporary openings to be created dynamically by Cisco IOS Firewall, you must apply the IP
inspectionrule to the trusted interface.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the inbound access list on the trustedinterface must be an extended ACL.
Answer: A, B

2. When verifying Cisco IOS IPS operations, when should you expect Cisco IOS IPS to start loading the signatures?
A. immediately after you configure the ip ips sdf location flash:filename command
B. immediately after you configure the ip ips sdf builtin command
C. after you configure a Cisco IOS IPS rule in the global configuration
D. after traffic reaches the interface with Cisco IOS IPS enabled
E. when the first Cisco IOS IPS rule is enabled on an interface
F. when the SMEs are put into active state using the ip ips name rule­name command
Answer: E

3. When you implement IBNS (802.1x authentication), what is defined using the Tunnel­Private­Group­ID (81)RADIUS attribute?
A. the EAP type
B. the shared secret key
C. the ACL name
D. the VLAN name
E. the NAPF. the NAF
Answer: D

4. Cisco IOS Zone­Based Firewall uses which of these to identify a service or application from traffic flowingthrough the firewall?
B. extended access list
C. PAM table
D. deep packet inspection
E. application layer inspection
F. CEF table
Answer: C

5. Which three configurations are required to enable the Cisco IOS Firewall to inspect a user­defined application which uses TCP ports 8000 and 8001? (Choose three.)
A. access­list 101 permit tcp any any eq 8000 access­list 101 permit tcp any any eq 8001 class­map user­10 match access­group 101
B. policy­map user­10 class user­10 inspect
C. ip port­map user­10 port tcp 8000 8001 description "TEST PROTOCOL" D. ip inspect name test appfw user­10
E. ip inspect name test user­10
F. int {type|number} ip inpsect name XXY Y
Answer: C, E, F

6. What are two benefits of using an IPsec GRE tunnel? (Choose two.)
A. It allows dynamic routing protocol to run over the tunnel interface.
B. It has less overhead than running IPsec in tunnel mode.
C. It allows IP multicast traffic.
D. It requires a more restrictive crypto ACL to provide finer security control.
E. It supports the use of dynamic crypto maps to reduce configuration complexity.
Answer: A, C

7. When configuring ACS 4.0 Network Access Profiles (NAPs), which three things can be used to determinehow an access request is classified and mapped to a profile? (Choose three.)
A. Network Access Filters (NAFs)
B. RADIUS Authorization Components (RACs)
C. the authentication method
D. the protocol types
E. advance filtering F. RADIUS VSAs
Answer: A, D, E

8. Referring to a DMVPN hub router tunnel interface configuration, what can happen if the ip nhrp map multicastdynamic command is missing on the tunnel interface?
A. The NHRP request and response between the spoke router and hub router will fail.
B. The GRE tunnel between the hub router and the spoke router will be down.
C. The IPsec peering between the hub router and the spoke router will fail.
D. The dynamic routing protocol between the hub router and the spoke router will fail.
E. The NHRP mappings at the spoke routers will be incorrect.
F. The NHRP mappings at the hub router will be incorrect.
Answer: D

9. Which three of these statements are correct regarding DMVPN configuration? (Choose three.)
A. If running EIGRP over DMVPN, the hub router tunnel interface must have "next hop self" enabled: ip
next­hop­self eigrp AS­Number
B. If running EIGRP over DMVPN, the hub router tunnel interface must have split horizon disabled: no ip split­horizon eigrp AS­Number
C. The spoke routers must be configured as the NHRP servers: ip nhrp nhs spoke­tunnel­ip­address
D. At the spoke routers, static NHRP mapping to the hub router is required: ip nhrp map hub­tunnel­ip­address hub­physical­ip­address
E. The GRE tunnel mode must be set to point­to­point mode: tunnel mode gre point­to­point
F. The GRE tunnel must be associated with an IPsec profile: tunnel protection ipsec profile profile­name
Answer: B, D, F

10. When you configure Cisco IOS WebVPN, you can use the port­forward command to enable which function?
A. web­enabled applications
B. Cisco Secure Desktop
C. full­tunnel client
D. thin clientE. CIFS F. OWA
Answer: D

11. Which two commands are used to only allow SSH traffic to the router Eth0 interface and deny othermanagement traffic (BEEP, FTP, HTTP, HTTPS, SNMP, Telnet, TFTP) to the router interfaces? (Choose two.)
A. interface eth0
B. control­plane host
C. policy­map type port­filter policy­name
D. service­policy type port­filter input policy­name
E. management­interface eth0 allow sshF. line vty 0 5transport input ssh
Answer: B, E

12. Which of these statements is correct regarding user setup on ACS 4.0?
A. In the case of conflicting settings, the settings at the group level override the settings configured at the user level.
B. A user can belong to more than one group.
C. The username can contain characters such as "#" and "?".
D. By default, users are assigned to the default group.
E. The ACS PAP password cannot be used as the CHAP password also.
Answer: D

© 2014, All Rights Reserved