Cisco 642-502 Certification Braindumps, Best Cisco 642-502 Study Guide Book For Download

Where To Download New Free Cisco 642-502 VCE Exam Dumps? As we all know that new Cisco 642-502 exam are difficult to pass, but if you get the valid Cisco 642-502 exam questions, you will pass the Cisco 642-502 exam easily. Nowdays, Flydumps has published the newest Cisco 642-502 exam dumps with free vce test software and pdf dumps, by training the Flydumps Cisco 642-502 questions, you will pass the exam easily!

QUESTION 45
Which ESP mode is used to provide end-to-end protection of message payloads between two hosts?
A. transport mode
B. encrypted mode
C. ESP mode
D. tunnel mode

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which three statements about Cisco Secure ACS are true? (Choose three.)
A. NAS can access multiple Cisco Secure ACS for Windows servers.
B. Cisco Secure ACS for Windows servers can only log onto external servers.
C. The Cisco Secure ACS for Windows server supports only TACACS+.
D. Database replication is supported by the Cisco Secure ACS for Windows servers.
E. The service used for authentication and authorization on a Cisco Secure ACS for Windows server is called CSAdmin.
F. The Cisco Secure ACS for Windows servers uses the CSDBsynch service to manage the user and group accounts.

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 47
After configuring multiple transform sets, where do you specify the transform sets?
A. ACL
B. ISAKMP policy
C. router interface
D. crypto map entry

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Simulate question
This is the correct configuration:

Switch(config)#interface fastEthernet 0/12

Switch(config-if)#switchport port-security maximum 1 Switch(config)#copy run start

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 49
What is the purpose of the ip ips sdf builtin command?
A. to load IPS on a router using the built-in signatures
B. to load IP on a router using the attack-drop signatures
C. to unload IPS built-in signatures
D. to delete the IPS built-in signatures
E. to load IPS on a router using the built-in micro-engine
F. to disable IPS on a router using the built-in micro-engine

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 50
In a Cisco Identity-Based Networking Services (IBNS) implementation, the endpoint that is seeking network access is known as what?
A. host
B. authenticator
C. PC
D. authentication server
E. client
F. supplicant

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 51
Select the two issues to consider when implementing IOS Firewall IDS. (Choose two.)
A. memory usage
B. number of DMZs
C. signature coverage
D. number of router interfaces
E. signature length

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which three are typical Layer 2 attack mitigation techniques? (Choose three.)
A. switch security
B. port security
C. ARP snooping
D. DHCP snooping
E. port snooping
F. 802.1x authentication

Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Choose the correct command to enable local authentication for the HTTP interface.
A. router# ip http authentication enable
B. router# http authentication local
C. router(config)# ip http authentication enable
D. router(config)# ip http authentication local
E. router(config)# ip http authentication enable local
F. router(config)# ip http authentication local enable

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
CBAC intelligently filters TCP and UDP packets based on which protocol-session information?
A. network layer
B. transport layer
C. data-link
D. application layer
E. presentation layer
F. session layer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 55
In an 802.1x implementation, the supplicant directly connects to, and obtains network access permission through, which device?
A. host
B. authenticator
C. PC
D. authentication server
E. client
F. supplicant

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Refer to the exhibit. Given the output of the show ip ips configuration command, how many signatures are active?
A. 0
B. 50
C. 83
D. 100
E. 183
F. 1107
Correct Answer: E Section: (none) Explanation

Explanation/Reference:
QUESTION 57
Refer to the exhibit. Given the output of the show crypto ipsec client ezvpn command, what do you determine?

A. The default domain is cisco.
B. The socket is up and ready for data.
C. The remote router address is 10.0.2.39.
D. The tunnel is up and SAs have been established.
E. The tunnel is terminated at a remote router called VPNGATE1.
F. All hosts connecting through this router will have the address of 10.0.2.39.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 58
Refer to the output of a sh ip auth-proxy cache command below. Which port is being used by the client?
R2#sh ip auth-proxy cache Authentication Proxy Cache Client Name aaauser, Client IP 10.0.2.12, Port 2636, timeout 5, Time Remaining 3, state ESTAB
A. 1645
B. 1646
C. 1812
D. 2636
E. 2640
F. 8080

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Choose the two commands that are used to enable the router’s HTTP server for AAA. (Choose two.)
A. http server
B. ip http server
C. enable ip http server
D. http authentication aaa
E. http server authentication aaa
F. ip http authentication aaa

Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which Easy VPN feature enables two IPSec peers to determine if the other is still “alive”?
A. Dead Peer Timeout
B. No Pulse Timer
C. Peer Death Monitor
D. Dead Peer Detection
E. Peer Heartbeat

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Drag Drop question

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 62
What is the default idle time of an enabled IOS Firewall authentication proxy?
A. 5 seconds
B. 60 seconds
C. 5 minutes
D. 60 minutes

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 63
In an 802.1x implementation, the authenticator acts as a gateway to which device?
A. host
B. authenticator
C. PC
D. authentication server
E. client
F. supplicant

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

The Cisco 642-502 certification can make you a competent person.It may enable a technician to know about the Cisco 642-502 configurations,get information about the Cisco 642-502 data center products and hardware and knowledge about Cisco 642-502 united computing systems.