Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-637 Exam -

Free 642-637 Sample Questions:

1.What will the authentication event fail retry 0 action authorize vlan 3 00 command accomplish?
A. assigns clients that fail 802.1X authentication into the restricted VLAN 300
B. assigns clients to VLAN 300 and attempts reauthorization
C. assigns a client to the guest VLAN 300 if it does not receive a r esponse from the client to its EAPOL request/identity frame
D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain network access again for 300 seconds
Answer: A

2.Which two of these are benefits of implementing a zone -based policy firewall in transparent mode? (Choose two.)
A. Less firewall management is needed.
B. It can be easily introduced into an existing network.
C. IP readdressing is unnecessary.
D. It adds the ability tostatefully inspect non-IP traffic.
E. It has less impact on data flows.
Answer: B,C

3.When configuring a zone-based policy firewall, what will be the resulting action if you do not specify any zone pairs for a possible pair of zones?
A. All sessions will pass through the zone without being inspected.
B. All sessions will be denied between these two zones by default.
C. All sessions will have to pass through the router "self zone" for inspection before being allowed to pass to the destination zone.
D. This configurationstatelessly allows packets to be delivered to the destination zone.
Answer: B

4.You are running Cisco lOS IPS software on your edge router. A new threat has become an issue.
The Cisco lOS IPS software has a signature that can address the new threat, but you previously retired the signature. You decide to unretire that signature to regain the desired protection level.
How should you act on your decision?
A. Retired signatures are not present in the routers memory. You will need to download a new signature package to regain the retired signature.
B. You should re-enable the signature and start inspecting traffic for signs of the new threat.
C. Unretiring a signature will cause the router to recompile the signature database, which can temporarily affect performance.
D. You cannotunretire a signature. To avoid a disruption in traffic flow, it's best to create a custom signature until you can download a new signature package and reload the router.
Answer: C

5.Which statement best describes inside policy based NAT?
A. Policy NAT rules are those that determine which addresses need to be translated per the enterprise security policy
B. Policy NAT consists of policy rules based on outside sources attempting to communicate with inside endpoints.
C. These rules use source addresses as the decision for translation policies.
D. These rules are sensitive to all communicating endpoints.
Answer: A

6.When Cisco IOS IPS is configured to use SDEE for event notification, how are events managed?
A. They are stored in the router's event store and will allow authenticated rem ote systems to pull events from the event store.
B. All events are immediately sent to the remote SDEE server.
C. Events are sent viasyslog over a secure SSUTLS communications channel.
D. When the event store reaches its maximum configured number of eve nt notifications, the stored events are sent via SDEE to a remote authenticated server and a new event store is created.
Answer: A

7.Which two of these will match a regular expression with the following configuration parameters?
[a-zA-Z][0-9][a-z] (Choose two.)
A. Q3h
B. B4Mn
C. aaB132AA
D. c7lm
E. BBpjnrIT
Answer: A,D

8.Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts to exhaust critical router resources and if preventative controls have been bypassed or are not working correctly?
A. Control Plane Protection
B. Management Plane Protection
C. CPU and memorythresholding
Answer: A

9.Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures based on the attacker and/or target address criteria, as well as the event risk rating criteria?
A. signature event action filters
B. signature event action overrides
C. signature attack severity rating
D. signature event risk rating
Answer: A

© 2014, All Rights Reserved