TestInside ccsp 642-503
Securing Networks with Cisco Routers and Switches : 642-503 Exam
Exam Number/Code: 642-503
Exam Name: Securing Networks with Cisco Routers and Switches
Questions and Answers: 53 Q&As
Price: $79.00
Update Time: 2008-6-23
“Securing Networks with Cisco Routers and Switches”, also known as 642-503 exam, is a Cisco certification.
Preparing for the 642-503 exam? Searching 642-503 Test Questions, 642-503 Practice Exam, 642-503 Dumps?
Free 642-503 Demo Download
TestInside offers free demo for 642-503 exam ( Securing Networks with Cisco Routers and Switches). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.
1. Which two statements are true regarding classic Cisco IOS Firewall configurations? (Choose two.)
A. You can apply the IP inspection rule in the inbound direction on the trusted interface.
B. You can apply the IP inspection rule in the outbound direction on the untrusted interface.
C. For temporary openings to be created dynamically by Cisco IOS Firewall, the access list for the returning traffic must be a standard ACL.
D. For temporary openings to be created dynamically by Cisco IOS Firewall, you must apply the IP inspection rule to the trusted interface.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the inbound access list on the trusted interface must be an extended ACL.
Answer: AB
2. Refer to the exhibit. Why is the Cisco IOS Firewall authentication proxy not working?
A. The aaa authentication auth-proxy default group tacacs+ command is missing in the configuration.
B. The router local username and password database is not configured.
C. Cisco IOS authentication proxy only supports RADIUS and not TACACS+.
D. HTTP server and AAA authentication for the HTTP server is not enabled.
E. The AAA method lists used for authentication proxy should be named “pxy” rather than “default” to match the authentication proxy rule name.
Answer: D
3. Refer to the exhibit. What additional configuration is required for the Cisco IOS Firewall to reset the TCP
connection if any peer-to-peer, tunneling, or instant messaging traffic is detected over HTTP?
A. class-map configuration for matching peer-to-peer, tunneling, and instant messaging traffic over HTTP, and a
policy map specifying the reset action
B. the port-misuse default action reset alarm command in the HTTP application firewall policy configuration
C. the PAM configuration for mapping the peer-to-peer, tunneling, and instant messaging TCP ports to the HTTP
application
D. the ip inspect name firewall im, ip inspect name firewall p2p, and ip inspect name firewall tunnel commands
E. the service default action reset command in the HTTP application firewall policy configuration
Answer: B
4. Which three configurations are required to enable the Cisco IOS Firewall to inspect a user-defined application
which uses TCP ports 8000 and 8001? (Choose three.) A. access-list 101 permit tcp any any eq 8000
access-list 101 permit tcp any any eq 8001
class-map user-10
match access-group 101
B. policy-map user-10
class user-10
inspect
C. ip port-map user-10 port tcp 8000 8001 description “TEST PROTOCOL” D. ip inspect name test appfw user-10
E. ip inspect name test user-10
F. int {type|number}
ip inpsect name test in
Answer: CEF
5. What are two benefits of using an IPsec GRE tunnel? (Choose two.) A. It allows dynamic routing protocol to run over the tunnel interface.
B. It has less overhead than running IPsec in tunnel mode. C. It allows IP multicast traffic.
D. It requires a more restrictive crypto ACL to provide finer security control.
E. It supports the use of dynamic crypto maps to reduce configuration complexity. Answer: AC
6. Referring to a DMVPN hub router tunnel interface configuration, what can happen if the ip nhrp map multicast dynamic command is missing on the tunnel interface?
A. The NHRP request and response between the spoke router and hub router will fail. B. The GRE tunnel between the hub router and the spoke router will be down.
C. The IPsec peering between the hub router and the spoke router will fail.
D. The dynamic routing protocol between the hub router and the spoke router will fail. E. The NHRP mappings at the spoke routers will be incorrect.
F. The NHRP mappings at the hub router will be incorrect.
Answer: D
7. Refer to the DMVPN topology diagram in the exhibit. Which two statements are correct? (Choose two.)
A. The hub router needs to have EIGRP split horizon disabled.
B. At the Spoke A router, the next hop to reach the 192.168.2.0/24 network is 10.0.0.1.
C. Before a spoke-to-spoke tunnel can be built, the spoke router needs to send an NHRP query to the hub to resolve the remote spoke router physical interface IP address.
D. At the Spoke B router, the next hop to reach the 192.168.1.0/24 network is 172.17.0.1.
E. The spoke routers act as the NHRP servers for resolving the remote spoke physical interface IP address.
F. At the Spoke A router, the next hop to reach the 192.168.0.0/24 network is 172.17.0.1. Answer: AC
8. Which three of these statements are correct regarding DMVPN configuration? (Choose three.)
A. If running EIGRP over DMVPN, the hub router tunnel interface must have “next hop self” enabled: ip next-hop-self eigrp AS-Number
B. If running EIGRP over DMVPN, the hub router tunnel interface must have split horizon disabled: no ip split-horizon eigrp AS-Number
C. The spoke routers must be configured as the NHRP servers: ip nhrp nhs spoke-tunnel-ip-address
D. At the spoke routers, static NHRP mapping to the hub router is required: ip nhrp map hub-tunnel-ip-address
hub-physical-ip-address
E. The GRE tunnel mode must be set to point-to-point mode: tunnel mode gre point-to-point
F. The GRE tunnel must be associated with an IPsec profile: tunnel protection ipsec profile profile-name
Answer: BDF
9. When you configure Cisco IOS WebVPN, you can use the port-forward command to enable which function?
A. web-enabled applications
B. Cisco Secure Desktop
C. full-tunnel client
D. thin client
E. CIFS F. OWA
Answer: D
10. Match the Network Foundation Protection (NFP) feature on the left to where it is applied on the right.
Free download?pass4sure 642-503
Free download?testking 642-503
| Cisco Braindumps Free Downloads |
|
Type |
Exam Bible | New Questions & Answers |
Latest Updated |
Download link |
 |
All Cisco 's Exam Pack |
589 |
1 days ago | Download |
[...] Cisco Secure PIX Firewall Advanced Testinside Cisco 642-552 Securing Cisco Networking Devices (SND) Testinside Cisco 642-503 Securing Networks with Cisco Routers and Switches Testinside Cisco 642-523 Securing Networks with [...]
[...] Cisco Secure PIX Firewall Advanced Testinside Cisco 642-552 Securing Cisco Networking Devices (SND) Testinside Cisco 642-503 Securing Networks with Cisco Routers and Switches Testinside Cisco 642-523 Securing Networks with [...]
[...] Cisco Secure PIX Firewall Advanced Testinside Cisco 642-552 Securing Cisco Networking Devices (SND) Testinside Cisco 642-503 Securing Networks with Cisco Routers and Switches Testinside Cisco 642-523 Securing Networks with [...]