CCSP 642-504 SNRS Real Exam Questions

The Securing Networks with Cisco Routers and Switches exam (SNRS 642-504) is one of the exams associated with the CCSP and CCNP Security certifications. Candidates can prepare for this exam by taking the SNRS course. This exam includes simulations and tests a candidate’s knowledge and ability to secure networks using Cisco routers and switches.

1: Which two are technologies that secure the control plane of the Cisco router? (Choose two.)
A.Cisco IOS Flexible Packet Matching
C.routing protocol authentication
E.BPDU protection
F.role-based access control
Correct Answers: C D

2: Which is an advantage of implementing the Cisco IOS Firewall feature?
A.provides self-contained end-user authentication capabilities
B.integrates multiprotocol routing with security policy enforcement
C.acts primarily as a dedicated firewall device easily deployed and managed by the Cisco Adaptive Security Device Manager
E.provides data leakage protection capabilities
Correct Answers: B

3: Which three statements correctly describe the GET VPN policy management? (Choose three.)
A.A central policy is defined at the ACS (AAA) server.
B.A local policy is defined on each group member.
C.A global policy is defined on the key server, and it is distributed to the group members.
D.The key server and group member policy must match.
E.The group member appends the global policy to its local policy.
Correct Answers: B C E

4: The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protects which router plane?
A.control plane plane plane plane
Correct Answers: B

5: In DMVPN, the NHRP process allows which requirement to be met?
A.dynamic physical interface IP address at the spoke routers
B.high-availability DMVPN designs
C.dynamic spoke-to-spoke on-demand tunnels
D.dynamic routing over the DMVPN
E.dual DMVPN hub designs
Correct Answers: A

6: Which is correct regarding the Management Plane Protection feature?
A.By default, Management Plane Protection is enabled on all interfaces.
B.Management Plane Protection provides for a default management interface.
C.Only SSH and SNMP management will be allowed on nondesignated management interfaces.
D.All incoming packets through the management interface are dropped except for those from the allowed management protocols.
Correct Answers: D

7: What are the two enrollment options when using the SDM Certificate Enrollment wizard? (Choose two.)
D.Cut-and-Paste/Import from PC
Correct Answers: A D

8: Cisco IOS Firewall supports which three of the following features? (Choose three.)
B.audit trails
C.multicontext firewalling stateful failover
E.DoS attacks protection
Correct Answers: A B E

9: When enabling Cisco IOS IPS using 5.x signatures, which required item can be downloaded from
A.SDF files (128MB.sdf, 256MB.sdf, attack.drop.sdf)
B.public key
C.built-in signatures
D.Signature Micro-Engines
Correct Answers: B

10: Which information will be shown by entering the command show zone-pair security? descriptions and assigned interfaces
B.all service policy maps
C.source and destination zones, and attached policy
D.physical interface members of the zone pair
Correct Answers: C

