Free Pass4sure Download: Leading the way in studying IT certifications

Securing Networks with Cisco Routers and Switches : 642-503 Exam

Exam Number/Code: 642-503
Exam Name: Securing Networks with Cisco Routers and Switches

“Securing Networks with Cisco Routers and Switches”, also known as 642-503 exam, is a Cisco certification.
Preparing for the 642-503 exam Searching 642-503 Test Questions, 642-503 Exam, 642-503 Dumps

With the complete collection of questions and answers Q&as with Expert Explanations, Pass4sure has assembled to take you through 53 Q&As to your 642-503 Exam preparation. In the 642-503 exam resources, you will cover every field and category in CCSP helping to ready you for your successful Cisco Certification

QUESTION 21:
Please study the exhibit carefully.
Given that the fa0/1 interface is the trusted interface, what could be a reason for users on
the trusted inside networks not to be able to successfully establish outbound HTTP
connections?
642-503
www.actualtest.org – The Power of Knowing
A. The FWRULE inspection policy is not configured correctly.
B. ACL 104 is denying the outbound HTTP traffic.
C. ACL 104 is denying the return HTTP traffic.
D. The FWRULE inspection policy is not inspecting HTTP traffic.
E. The outgoing ACL on the fa0/1 interface is not set.
F. The outgoing inspection rule on the fa0/1 interface is not set.
Answer: B
QUESTION 22:
When you add NADs as AAA clients in the ACS, which three parameters are configured
for each AAA client? (Choose three.)
A. the EAP type
B. the AAA server IP address
C. the UDP ports to use for communications with the NADs
D. the AAA protocol to use for communications with the NADs
E. the shared secret key
F. the NAD IP address
Answer: D,E,F
Explanation:
The Add AAA Client and AAA Client Setup pages include:
1. AAA Client Hostname-The name that you assign to the AAA client configuration.
2. AAA Client IP Address-At a minimum, a single IP address of the AAA client or the keyword dynamic
.
642-503
www.actualtest.org – The Power of Knowing
3. Key-The shared secret of the AAA client.
4. Network Device Group-The name of the NDG to which this AAA client should belong.
5. Authenticate Using-The AAA protocol to use for communications with the AAA client.
6. Single Connect TACACS+ AAA Client (Record stop in accounting on failure)-If you select
TACACS+ (Cisco IOS) from the Authenticate Using list, you can use this option to specify that ACS use a
single TCP connection for all TACACS+ communication with the AAA client, rather than a new one for
every TACACS+ request. In single connection mode, multiple requests from a network device are
multiplexed over a single TCP session. By default, this check box is not checked.
7. Log Update/Watchdog Packets from this AAA Client-Enables logging of update or
watchdog packets. Watchdog packets are interim packets that are sent periodically during
a session. They provide you with an approximate session length if the AAA client fails
and, therefore, no stop packet is received to mark the end of the session. By default, this
check box is not selected.
8. Log RADIUS Tunneling Packets from this AAA Client-Enables logging of RADIUS tunneling
accounting packets. Packets are recorded in the RADIUS Accounting reports of Reports and Activity. By
default, this check box is not selected.
9. Replace RADIUS Port info with Username from this AAA Client-Enables use of username,
rather than port number, for session-state tracking. This option is useful when the AAA
client cannot provide unique port values, such as a gateway GPRS support node (GGSN).
For example, if you use the ACS IP pools server and the AAA client does not provide a
unique port for each user, ACS assumes that a reused port number indicates that the
previous user session has ended and ACS may reassign the IP address that was
previously assigned to the session with the nonunique port number. By default, this check
box is not checked.
Reference: User Guide for Cisco Secure ACS for Windows Version 4.0
QUESTION 23:
When you configure Cisco IOS WebVPN, you can use the port-forward command to
enable which function?
A. thin client
B. CIFS
C. Cisco Secure Desktop
D. OWA
E. full-tunnel client
F. web-enabled applications
Answer: A
Explanation:
WebVPN offers the following modes of SSL VPN:
Clientless: This mode is useful for accessing most of the content that you would access in
a web browser, such as websites, databases, and online tools that use web interfaces.
Access into the network is achieved via a web browser.
Thin client (port-forwarding Java applet): Thin-client mode uses a Java applet to enable
642-503
www.actualtest.org – The Power of Knowing
port forwarding, which
lets you access TCP-based applications such as Post Office Protocol Version 3 (POP3),
Simple Mail Transfer
Protocol (SMTP), Internet Message Access Protocol (IMAP), Telnet, and Secure Shell
(SSH).
Tunnel mode: Full tunnel client mode uses a dynamically downloaded Cisco switched
virtual circuit (SVC) for WebVPN. This client is a lightweight, centrally configured, and
easy-to-support SSL VPN tunneling client that provides network layer access to almost
any application.
Reference: CCSP SNRS Quick Reference Sheets
QUESTION 24:
Which Cisco IOS command will trigger the router to request certificates from the CA for
the router RSA key pair?
A. crypto pki trustpoint CA-Name
B. enrollment url http://CA-Name:80
C. crypto pki enroll CA-Name
D. crypto pki authenticate CA-Name
E. crypto key zeroize rsa
F. crypto key generate rsa
Answer: C
Explanation:
Configuring IPsec VPN Using Digital Certificates
There is only a slight difference in the configuration of IKE Phase 1 for use of digital
certificates. To do so, just change the command authentication pre-share to authenticate
rsa-sig. The following example changes the authentication method and configured CA
support:
router(config)#clock timezone cst -6
Set the time so that the certificates will be valid (time is important):
router#clock set 23:21:00 08 September 2007
Set the hostname that’s used in generating RSA keys:
router(config)#hostname SNRS_ROUTER
Set the domain that’s used in generating RSA keys:
SNRS_ROUTER(config)#ip domain-name ciscopress.com
Create a host entry for the CA server that will allow you to use the name rather than the
IP address later on:
SNRS_ROUTER(config)#ip host vpnca 172.26.26.51
Generate the RSA key pairs:
SNRS_ROUTER(config)#crypto key generate rsa
Define the CA server:
SNRS_ROUTER(config)#crypto pki trustpoint vpnca
Define the enrollment URL that SCEP will use in contacting the CA server:
642-503
www.actualtest.org – The Power of Knowing
SNRS_ROUTER(ca-trustpoint)#enrollment url http://vpnca:80
Authenticate the CA server by calling the administrator of the CA and verifying the
fingerprint:
SNRS_ROUTER(config)#crypto pki authenticate VPNCA
Tell the router to enroll with the CA server:
SNRS_ROUTER(config)#crypto pki enroll VPNCA
Save the certificates that have been received:
SNRS_ROUTER#copy system:running-config nvram:startup-config
SNRS_ROUTER#config t
SNRS_ROUTER(config)#crypto isakmp policy 150
Use the certificates in authenticating the peer by changing this to rsa-sig.
SNRS_ROUTER(config-isakmp)#authentication rsa-sig
SNRS_ROUTER(config-isakmp)#end
Reference : CCSP SNRS Quick Reference Sheets
QUESTION 25:
When configuring FPM, what should be the next step after the PHDFs have been loaded?
A. Define a stack of protocol headers.
B. Define a traffic policy.
C. Define a class map of type “access-control” for classifying packets.
D. Save the PHDFs to startup-config.
E. Reload the router.
F. Define a service policy.
Answer: B

pass4sure 642-503 Questions and Answers : 104 Q&As
Updated: October 2nd , 2008
Price: $125.99 $99.99

Free download:pass4sure 642-503
Free download:PassGuide 642-503

password:www.ciscoexams.org

Download Latest Passforsure P4S Rapidshare links

1. Free Pass4sure ccna 640-802 v2.93 Download
2. Free pass4sure ccsp 642-591 v2.93 Download
3. Free pass4sure ccsp 642-532 v2.93 Download
4. Free P4S Cisco CCSP Exam 642-552 v2.93 Download
5. Free P4S Cisco CCSP Exam 642-522 v2.93 Download
6. Free 5 CCNA Certification Exam Dumps Download
7. Free CCNA Lab 3 CDP Command Operations Download
8. Free pass4sure CCSP 642-524 v2.83 Download
9. Free Pass4sure Cisco CCSP Exam 642-542 v2.83 Download
10. Free pass4sure ccsp 642-522 v2.95 Download
11. Free pass4sure ccsp 642-502 v2.93 Download
12. Free CCNA Lab 1 Change Router Name and Password Download
13. Free pass4sure ccsp 642-522 v2.83 Download
14. Free CCNA Lab 4 Decrypt Router Password Download
15. Free CCNA Lab 2 Set Router Port Address/Label and Save Settings Download