Pass Your Cisco 642-637 Exam Easy!

Get 100% Real Exam Questions, Accurate & Verified Answers By IT Experts

Fast Updates & Instant Download!

Certification Exam: 642-637 (Securing Networks with Cisco Routers and Switches (SECURE))

Download Free 642-637 Exam Questions

Exam 642-637 - Securing Networks with Cisco Routers and Switches (SECURE)
Size: 5.01 MB
Posted Date: Thursday, May 17, 2012
# of downloads: 2
Free Download: This file is outdated. Browse other 642-637 VCE Files
Exam
642-637 - Securing Networks with Cisco Routers and Switches (SECURE)
Size
5.01 MB
Posted Date
Thursday, May 17, 2012
# of downloads
2
Free Download
This file is outdated. Browse other 642-637 VCE Files
Comments
* The most recent comment are at the top
  • kaab00m
  • Vietnam
  • Aug 23, 2012

PASS my exam. 1 New Question from Cisco.ActualTests.642-637.v2012-08-03.by.Neil.133q.vce
All the simlet and lab, question are the same, but the answer may be not like exactly from the vce.
My score 878 after 30 mintues.

Thanks all, special thanks to Neil.

  • Aug 23, 2012
  • tunde odubanjo
  • Nigeria
  • Aug 22, 2012

passed the exam on friday 17th August.......thanks a lot

  • Aug 22, 2012
  • cro@
  • Croatia
  • Aug 14, 2012

@ahmed - what was your score on the exam?

@sashans - jesi izlazio na ispit? Vrijedi li ovaj vce?

  • Aug 14, 2012
  • sashans
  • Aug 12, 2012

@muhha
the class-default drop command is not necessery in the ZBFW sim,i think.
look at this

Configuring Zone-Based Policy Firewall Policy-Maps

The policy-map applies firewall policy actions to one or more class-maps to define the service-policy that will be applied to a security zone-pair. When an inspect-type policy-map is created, a default class named class class-default is applied at the end of the class. The class class-default's default policy action is drop, but can be changed to pass. The log option can be added with the drop action. Inspect cannot be applied on class class-default.
sorurce: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
pozz iz srbije :)

  • Aug 12, 2012
  • ahmed
  • Saudi Arabia
  • Aug 10, 2012

Hi Neil, thanks for your great job, could you please send me the latest version at a.samir.1010@gmail.com, i'm going to take my exam 14 Aug
thanks,

  • Aug 10, 2012
  • ksiva55
  • India
  • Aug 10, 2012

Hi Friends,

Passed today with 860 dump still valid..

  • Aug 10, 2012
  • CiscoKid
  • South Africa
  • Aug 10, 2012

Thanks Neil. I am writing this on the 14th So i am really looking forward to getting my hands on your "Cisco.ActualTests.642-637.v2012-08-09.by.dd.129q.vce" as i can not see it up here yet. Please mail me a copy at danie.swart@gmail.com.

Thanks for your great work man.

  • Aug 10, 2012
  • neil
  • United Kingdom
  • Aug 09, 2012

Hi Guys, I uploded letase release of actual tests. wish you all sucess.!!

  • Aug 09, 2012
  • nubie
  • Indonesia
  • Aug 08, 2012

pass today, thx to all in this forum

  • Aug 08, 2012
  • muhha
  • Bosnia and Herzegovina
  • Aug 07, 2012

Hi All,

I passed yesterday the exam. It was about 10 new Drag & Drop but those questions are similar to those in neils dump. Thanks to all of you for your contribution!

@nubie this is how I answered yesterday this Drag & Drop question, I hope this is helpful I would suggest to go thru Cisco Press Book you have all explanations there.


- MAB
-this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

- Restricted VLAN
-this solution is used when users fail authentication and have an 802.1x - compliant device

- Guest VLAN
-this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN


- WEB auth
-Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

  • Aug 07, 2012
  • serji
  • Russian Federation
  • Aug 07, 2012

Hi, nubie, i believe the answers are as follows:

MAB -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

Restricted VLAN -this solution is used when users fail authentication and have an 802.1x - compliant device

Guest VLAN - -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

WEB auth Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

  • Aug 07, 2012
  • nubie
  • Indonesia
  • Aug 06, 2012

anyone can help me to answer this drag and drop question??i really appreciate your help guys,thx

-Guest VLAN
-Restricted VLAN
-MAB
-WEB auth

——————————

-this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

-this solution is used when users fail authentication and have an 802.1x - compliant device

-this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

-Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

  • Aug 06, 2012
  • Mohammed
  • Yemen
  • Aug 02, 2012

passed today 898, still valid. thanks

  • Aug 02, 2012
  • Emma
  • United States
  • Aug 01, 2012

I managed to pass today. My score Scored was 827. Guys nt sure why the command #inspect is not accepted after issuing # class type inspect HTTP_POLICY
Pls can any one tell me why

I also tried
Class Class-default as Muhha suggested not accepted too. I think i got 78% on the Lab though.
Thanks to you guys..all the way to CCIE

  • Aug 01, 2012
  • Luigi Gagarin
  • Brazil
  • Jul 30, 2012

PASSED!!!!!!!

Score 837 points. This exam is very stressed. A lot of new D&D and few new questions. The questions have a inverse order but with Neil contend you will pass!! Make shure that you will answer all 122 Neil questions because you will fail.

The lab is the same and the Simlet is the same.

A special thanks for Neil for your correction and a kick on ass to Actualtests that offer a dump with a lot of wrong questions

  • Jul 30, 2012
  • gerard
  • United Kingdom
  • Jul 28, 2012

This dump still valid thks to neil. The most stressing exam i wrote 3 news questions and 10 news drag n drop in the exam take in consideration everybody comments below it will helps. Thks to all

  • Jul 28, 2012
  • Loopback
  • Germany
  • Jul 26, 2012

I have done the exam and the Neil´s dump is still valid.
I received 890 points and it was 9 additional questions in my test.
some of questions have the sequence or wording of answer changed, but the sense is thesame.
I have received 70 questions as well.
If you do your preparation well those 9 questions will not be an issue.
almost all of them are mentioned by colleagues before, like the reason to err-disable or EAP types and how they work.
Pay attention to this information here, below,
do preparation well and every thing will be ok.
thank to every body again for your help and particularly to Neil.

  • Jul 26, 2012
  • Major Tom
  • United Kingdom
  • Jul 25, 2012

In the real exam's lab it's being requested for dropping all the traffic that left and doesn't match HTTP. Perhaps Neil's figures are still accurate, but muhha's comments make sense for me. Anyhow I am over to VPN now :)

  • Jul 25, 2012
  • Mr.Security
  • United States
  • Jul 25, 2012

I would configure the SIM exactly what they ask for. There's nothing in the objects about configure "default class". It's your test so do whatever you like.

The SIM is always the same and if you look back to Neil's dump there is an 989 score using the same configuration for the SIM. Just my two cents. Good luck!

  • Jul 25, 2012
  • Major Tom
  • United States
  • Jul 25, 2012

Guys, the sim was the same as in dump: creation of the zone-based firewall. Not sure if I made it correctly. Watch out the policy-map creation, don't confuse "match-any" and "match-all". I guess I screwed it up there. Also please notice the muhha's post for the default class - it sounds he is right.

For about "?" mark - I believe it worked for me.

Anyhow, even though I ruined the lab (assumption) and possible a few new drag-n-drop questions, I still passed with 847. The passing score was 774 which is pretty relaxing and number of questions was 70. Just make sure you've done everything else correctly besides sim.

  • Jul 25, 2012
  • gerard
  • Benin
  • Jul 25, 2012

Major Tom can you tell us about the sim you done on your exam i'll be writing this friday need your feedback pls

  • Jul 25, 2012
  • NUK
  • United Kingdom
  • Jul 24, 2012

Major Tom, what sim did you get in the exam? Is it possible to use the ? after typing part of a relevant command?

  • Jul 24, 2012
  • Major Tom
  • United Kingdom
  • Jul 24, 2012

The dump is valid. Passed today with 847 score. It was stressing. Loads of drag-n-drops plus some new questions as suggested below. Most of the answers in the questions are shuffled! Watch what you click!

  • Jul 24, 2012
  • muhha
  • Bosnia and Herzegovina
  • Jul 23, 2012

Hi All,

I need help with one of LABs from Neils Dump and I am thinking that Neil missed class class-default command in his configuration.In LAB was requested to match HTTP and drop all other traffic ..Can you please review my configuration its down below, Thanks a lot!!!
LAB:
Note that when performing the configuration, you should use the exact names highlighted in bold below:
- Globally create zones and label them with the following names:
- OUTSIDE
- INSIDE
- Assign interfaces to zones as indicated in the exhibit
- Create a zone pair for traffic flowing from the inside to outside zones named IN-TO-OUT
- Define a zone-based firewall policy named IN-TO-OUT-POLICY
- Use the "match protocol" classification option to statefully inspect HTTP traffic and drop all other traffic
- Use a class-map named HTTP_POLICY
- Apply zone-based firewall policy IN-TO-OUT-POLICY to the zone pair

*** Globally created zones ***
zone security OUTSIDE
exit
zone security INSIDE
exit
*** Assigning zones to the interfaces ***
int fa0/0/0
no shut
zone-member security OUTSIDE
exit
int fa0/0/1
no shut
zone-member security INSIDE
exit
*** Created policy ***
class-map type inspect match-any HTTP_POLICY
match protocol http
exit
policy-map type inspect IN-TO-OUT-POLICY
class type inspect HTTP_POLICY
inspect
class class-default *** This is what I added ***
drop
exit
*** Created zone pair, applied policy. ***
zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
service-policy type inspect IN-TO-OUT-POLICY
end
copy run start

  • Jul 23, 2012
  • vhv
  • Vietnam
  • Jul 23, 2012

This dump is valid. I had passed with 857/1000 point. This exam have 8-9 new questions. Some new questions are same Alexis's post.

  • Jul 23, 2012
  • Major Tom
  • United Kingdom
  • Jul 21, 2012

Derly_Ali, I believe everyone here would appreciate if you could mention those 4 questions with different values.. Cheers mate.

  • Jul 21, 2012
  • NetworkSupaStar
  • United States
  • Jul 21, 2012

Are there any sites similar to networktut for ccnp tshoot for Security ? Any help sites or downloadable labs for CCNP Security track ?

  • Jul 21, 2012
  • Security
  • India
  • Jul 21, 2012

@derly_ali : Congrats... so do u remember those 4 questons ?
n abt d 8 questions, hav u chckd wid the othr dump [muhha], was der ny question frm tat...
n were those 8 question D&D or MCQ
Plzzz reply, I'll be writing xam within few days....
n abt d labs, was it same as in this dump...
nywy congrats once again 4 passing d xam n thnx in advance....

  • Jul 21, 2012
  • derly_ali
  • Mexico
  • Jul 20, 2012

Very stressed but i pass with a 878 score; 8 different questions and 4 of the dump with another values.

Need a beer..

  • Jul 20, 2012
  • BananaRepublic
  • United States
  • Jul 20, 2012

Certainly the longest certification exam ever taken.Dump is valid for the most part

  • Jul 20, 2012
  • Alexis
  • United Kingdom
  • Jul 19, 2012

I don't think neither autocomplete nor the question mark were supported (usually they are not), however thanks to Neil I didn't feel this time the need to use them ;-)

  • Jul 19, 2012
  • Loopback
  • Germany
  • Jul 19, 2012

@Alexis:
Thank you for your feedback.
just one other question regarding the exam.
does the autocompete works on the CLI on the simlet in the exam or not?
if the question mark is supported on the CLI of the simlet during the exam?
Thank you!

  • Jul 19, 2012
  • Alexis
  • United Kingdom
  • Jul 19, 2012

Hi @Loopback, you are right. According to Cisco all these are possible causes for a port to go err-dissabled

Duplex mismatch
Port channel misconfiguration
BPDU guard violation
UniDirectional Link Detection (UDLD) condition
Late-collision detection
Link-flap detection
Security violation
Port Aggregation Protocol (PAgP) flap
Layer 2 Tunneling Protocol (L2TP) guard
DHCP snooping rate-limit
Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
Address Resolution Protocol (ARP) inspection
Inline power

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

So it may be the specific wording, maybe of the "inline" thing.

BTW, there was one more question I just remembered, it was to match most of these EAP types to its definitions and/or some particular feature of each
■ EAP-MD5
■ PEAPv0-MSCHAPv2
■ LEAP
■ EAP-TLS
■ EAP-TTLS
■ EAP-FAST

Sorry gents. My memory just goes this far :-)

  • Jul 19, 2012
  • Loopback
  • Germany
  • Jul 19, 2012

@Alexis:
regarding this question posted:

Which of the folling causes a port to go into error disabled status?

BPDU guard violation
inline power disabled, devide req pow
speed mismatch
dhcp snooping rate limit
port channel misconf

as far as I see, all of them are the possible reasons for err-disable state, or?

  • Jul 19, 2012
  • Alexis
  • United Kingdom
  • Jul 19, 2012

Hi Mr Security, I'd say most of them are in Neil's dump, as for the new ones I have transcribed below some of them as far as I can recall them. There were a couple more about policy based NAT and dhcp snooping.

God bless you all && thanks very much again, Neil

____

Which of the folling causes a port to go into error disabled status?

BPDU guard violation
inline power disabled, devide req pow
speed mismatch
dhcp snooping rate limit
port channel misconf

_____

Which of the following belong to the data plane?

traffic filtering
transport protection
traffic conditioning
protection against attacks
RBAC
routing protocol authentication

_____


Match (not all needed)

1.- when this expires, the net id is no longer valid
2.- this needs to be the same for all mgre tunnels in the network
3.- this is used for NMBA networks
4.- this is used by DMVPN tunnel hubs and spokes to authenticate themselves

A.- tunnel key
B.- nhrp hold time
C.- nhrp nhs
D.- nhrp registration
E.- nhrp net id
F.- nhrp autthentication string
______

who uses PHDF?
Multiple options, one was FPM, which I think was the right one

______

Match 802.1x port states definitions

1.- Forced-Authorized
2.- Forced-Unauthorized
3.- Auto


A.- In this state, 802.1x is disabled on the port. All traffic is allowed as normal without restriction. This is the default port state when 802.1x is not globally enabled.

B.- In this mode, the port begins in the unauthorized state and allows only EAPOL, CDP, and STP traffic. After the supplicant is authenticated, the port transitions to the authorized state and normal traffic is allowed.

C.- In this state, the port ignores all traffic, including any attempts to authenticate.

  • Jul 19, 2012
  • Mr Security
  • India
  • Jul 18, 2012

@Alexis : thnx 4 d information.
n abt the D&D questions, were all of them new or also frm the dumps ?

  • Jul 18, 2012
  • Alexis
  • Spain
  • Jul 17, 2012

Hi Mr Security, both sim and lab were the same, however the output of the "shows" in the GDOI thing is rather different than that of Neil's (I think he mentions this anyway). In any case I went with Neil's and I passed. So, like the other Mr. Security wrote "Just study this guide well and practice the sim and lab many many times"

Again, thanks Neil && Good Luck to everybody.

  • Jul 17, 2012
  • dragito
  • United States
  • Jul 17, 2012

Part 3:

5. When configuring URL filtering with the Trend Micro filtering service. Which of these steps must you take to prepare for configuration?

a. Define blacklists and whitelists
b. Categorize traffic types
c. Synchronize clocks via NTP to ensure accuracy of URL filter updates from the service
d. Install the appropriate root CA certificate on the router

Answer on Chips = D
Answer on Neil = B

6. Which of these correct regarding the functionally of DVTI tunnels?

a. DVTI tunnels are created dynamically from a preconfigured template as tunnels are established to the hub
b. DVTI tunnels appear on the hub as tunnel interfaces
c. The hub router needs a static DVTI tunnel to each spoke router in order to establish remote communications from spoke to spoke
d. Spoke router require a virtual template to clone the configuration on which the DVTI tunnel is established

Answer on Chips = D
Answer on Neil = A

7. When implementing GET VPN, which of these is a characteristic of GDOI IKE?

a. GDOI IKE sessions are established between all peers in the network
b. GDOI IKE uses UDP port 500
c. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy
d. Each pair of peers has a private set of IPsec security associations that is only shared between the two peers

Answer on Chips = D
Answer on Neil = C

  • Jul 17, 2012
  • dragito
  • United States
  • Jul 17, 2012

Part 2:

3. Refer to the exhibit. Given the output shown, what can be determined?
%SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa1/1, vlan 200. ([0001.ba21.321c/192.168.1.10/0000.0000.0000/192.168.1.20/12:32:18 UTC Mon Sep 20 2010])

a. An attacker has sent a spoofed DHCP address.
b. An attacker has sent a spoofed ARP response that violates a static mapping.
c. The MAC address has matched a deny rule within the ACL.
d. This is an invalid proxy ARP packet, as indicated by the 0000.0000.0000 MAC address on the destination

Answer on Chips = C. The MAC address has matched a deny rule within the ACL.
Answer on Neil = B. An attacker has sent a spoofed ARP response that violates a static mapping.

4. You have configured Management Plane Protection on an interface on a Cisco router. What is the resulting action on implementing MPP?

a. Inspection of protected management interfaces is automatically configured to ensure that management protocols comply with standards.
b. The router gives preference to the configured management interface. If that interface becomes unavailable, management protocols will be allowed on alternate interfaces.
c. Along with normal user data traffic, management traffic is also allowed only on the protected interface.
d. Only management protocols are allowed on the protected interface.

Answer on Chips = C. Along with normal user data traffic, management traffic is also allowed only on the protected interface.
Answer on Neil = D. Only management protocols are allowed on the protected interface.

  • Jul 17, 2012
  • dragito
  • United States
  • Jul 17, 2012

Need your feedback on these questions on Neil and Chips Dump:

1. Refer to the exhibit. The INSIDE zone has been configured and assigned to two separate router interfaces. All other zones and interfaces have been properly configured. Given the configuration example shown, what can be determined.

a. Hosts in the INSIDE zone, with addresses in the 10.10.10.0/24 network, can access any host in the 10.10.10.0/24 network using the SSH protocol.
b. If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.
c. This is an illegal configuration. You cannot have the same source and destination zones.
d. This policy configuration is not needed, traffic within the same zone is allowed to pass by default.

Answer on Chips = C. This is an illegal configuration. You cannot have the same source and destination zones.
Answer on Neil = B. If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.

2. When using Cisco Easy VPN, what are the three options for entering an XAUTH username and password for establishing a VPN connection from the Cisco Easy VPN remote router? (Choose three.)

a. using an external AAA server
b. entering the information via the router crypto ipsec client ezvpn connect CLI command in privileged EXEC mode
c. using the router local user database
d. entering the information from the PC via a browser
e. storing the XAUTH credentials in the router configuration file

Answer on Chips = B,C,E
Answer on Neil = B,D,E

  • Jul 17, 2012
  • Mr Security
  • India
  • Jul 17, 2012

@Alexis : Was the lab and simlet same as in the dump ?
Plz tell me bcoz i'll be taking xam nxt week.
Is this dump still valid ?

  • Jul 17, 2012
  • Alexis
  • United Kingdom
  • Jul 16, 2012

Hi all, just passed with 840, thanks Neil and eveybody here for your great input.

BTW, bought Pass4Sure and flunked first attempt with 750, as of today Pass4sure and Actualtest have the same 122qs, plus quite a few wrong answers and none of the new questions mentioned here.. Rely on Neil's.

  • Jul 16, 2012
  • Gibran
  • United States
  • Jul 13, 2012

Just passed teh 642-637 with score 847.Dump is still valid, a few new D&D questions.Study 802.1x, DHCP snooping, Control Plane.I missed probably 4 D&D questions.Also on the simlet, do not memorize the question order from the dump, they're switched around on the exam.Study the dump and guide, and passing will be a breeze

  • Jul 13, 2012
  • Neo4c
  • South Africa
  • Jul 12, 2012

Passed, now for the last one. neil's dumps is still valid. Had a few new questions. Good luck to all. Definitely the most difficult one of all ! Study hard.

  • Jul 12, 2012
  • Neo4c
  • South Africa
  • Jul 12, 2012

I am going to write 642-637 today !

  • Jul 12, 2012
  • Randeep
  • India
  • Jul 09, 2012

Thanks to all.

Passed the exam today with 880, neil's 122qs dump is still valid with 7-8 new questions.As discussed all the new questions is from

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.How will interface changes to error-disable

If you cover these 6 topics along with 122qs dump you can surely get more than 950 in this exam.

  • Jul 09, 2012
  • Randeep
  • India
  • Jul 09, 2012

Thanks Mr.Security :-)

  • Jul 09, 2012
  • Mr.Security
  • United States
  • Jul 07, 2012

Just study this guide well and practice the sim and lab many many times. You'll still passed if you miss all new drag/drops questions. Honestly I believes I missed all of them. HAHAHAHA.

  • Jul 07, 2012
  • Randeep
  • India
  • Jul 07, 2012

@Mr Security,

Any suggestions for the exam,i am going to attend the exam on Monday (9th July).

  • Jul 07, 2012
  • Mr.Security
  • United States
  • Jul 06, 2012

I passed last week with a 8XX. Don't think I got any of the new drag/drop questions right but still passed with 8XX. This guide is still valid.

  • Jul 06, 2012
  • kidwitgame
  • Kenya
  • Jul 05, 2012

There is a question somewhere in the dump that asks what transport GET VPN peers use to exchange keys.The answer given in the dump is:
a)Unicast UDP transmission
b)Multicast UDP transmission

However, when reading through the e-book, i came across the following:

Unicast Versus Multicast Rekeying Methods

Unicast
-Might require adjustment of router buffers and queues
if there are a large number of peers
-Use if infrastructure is only unicast capable
*Requires rekey acknowledgment

Multicast
-Must have multicast-capable infrastructure
-Requires rekey acknowledgment Retransmits the key several times
without acknowledgments
-Fastest and most scalable method

The fact that Unicast key transmission requires acknowledgement means that TCP must be the preferred protocol used for Unicast transmission of keys.Somebody correct me if i am wrong

  • Jul 05, 2012
  • Randeep
  • India
  • Jul 05, 2012

Please help me to answer the question.

1.You are troubleshooting an IPsec VPN problem. During debugging of IPsec operations, you see the message "attributes not acceptable" on the IKE responder after issuing the debug crypto isakmp command. Which step should you take next?
A. verify matching ISAKMP policies on each peer
B. verify that an IKE security association has been established between peers
C. verify that IPsec transform sets match on each peer
D. verify if default IPsec attributes are in place on each peer

2. virtual-access1 unassigned yes unset down down
virtual-access2 192.168.1.1 yes unset up up

When you are using dynamic IPsec VTI tunnels, what can you determine about virtual-access interfaces from the output shown?
A.The Virtual-Access1 interface currently does not have an IPsec peer connection established.
B.The Virtual-Access2 interface does not yet have an IPsec peer defined.
C.The Virtual-Access1 interface is in the down/down state, because the virtual tunnel source physical interface is down.
D.The Virtual-Access1 interface, which is used internally by the Cisco IOS software, is always down.

  • Jul 05, 2012
  • Randeep
  • India
  • Jul 05, 2012

Thanks shahrian.

I'm planning to take the exam by 7th July, If you guys have any updated dumps,Please share it or mail me @ Zeusrandeep@gmail.com

  • Jul 05, 2012
  • naksi
  • United States
  • Jul 04, 2012

@Ahmed
there is no way around studying, if you study hard you should have a change..

1. skim the book (only read pages you dont understand by skimming)

2. watch the CBT nuggets and replicate the labs to get the commands in your head

3. take some practise tests like this one, and mere than once

  • Jul 04, 2012
  • Ahmed
  • Saudi Arabia
  • Jul 03, 2012

HI all,

I have to take the exam at the end of this month but i didn't start studying yet, i have the Cisco press but it is very big and my time is limited because of work.
can any one advice what to do?
thanks

  • Jul 03, 2012
  • shahrian
  • Denmark
  • Jul 03, 2012

@ Randeep
checking the correct timing is being used is the most accurate, when dealing with CA on cisco routers you should use NTP or hardware clock
if the IOS can't find any NTP the server will not start then you should use hardware clock instead ie: Router# clock set hh:mm:ss day month year
& if you already correctly configured Ca server it should be enabled automatically.

  • Jul 03, 2012
  • ahmed elfeki
  • Egypt
  • Jul 02, 2012

I have passed the exam 4 days ago but there about 15 new quetions and they are all in the drag and drop

  • Jul 02, 2012
  • Randeep
  • India
  • Jul 02, 2012

Please help me to answer the question

You have configured a Cisco router to act a PKI certificate server. However,you are experiencing problems starting the server. You have verified that al CA parameters have been correctly configured. What is the next step you should take in troubleshooting this problem?
A. Disable and restart the router's HTTP server function
B. Verify the RSA key pair and generate new keys
C. Verify that correct time is being used and source are reachable
D. Enable the SCEP interface

  • Jul 02, 2012
  • Ran_Rising
  • India
  • Jun 29, 2012

Please let me know the correct answer of this question.

1.Refer to the exhibit. The INSIDE zone has been configured and assigned to two separate router interfaces. All other zones and interfaces have been properly configured. Given the configuration example shown, what can be determined.

A.
Hosts in the INSIDE zone, with addresses in the 10.10.10.0/24 network, can access any host in the 10.10.10.0/24 network using the SSH protocol.

B.
If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.

C.
This is an illegal configuration. You cannot have the same source and destination zones.

D.
This policy configuration is notneeded, traffic within the same zone is allowed to pass by default.

  • Jun 29, 2012
  • sandrine from Indian
  • India
  • Jun 28, 2012

This is vaild. I pass my exam yesterday and 13 or 15 new question .......... thx

  • Jun 28, 2012
  • donkey
  • United Kingdom
  • Jun 26, 2012

Hi Guys, Can any one remember new questions?? Planing to take exam.

  • Jun 26, 2012
  • Crazy
  • Singapore
  • Jun 25, 2012

Can anyone elaborate what is DHCP snooping design plan ?

  • Jun 25, 2012
  • bfreeze
  • Germany
  • Jun 24, 2012

Just passed , I got totally about 10/12 new questions and drag and drop , some questions were changed a bit , I remember that D&D about dmvpn and nhrp was ..confused , anyway I scored over 950 .
Thanks to all
cheers
bfreeze

  • Jun 24, 2012
  • Nageeb Elsousy
  • United Arab Emirates
  • Jun 24, 2012

I Passed with 898 , i got around 10 new questions as everybody said.
and they are the same
1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable
thanks for your contributions

  • Jun 24, 2012
  • Nageeb Elsousy
  • United Arab Emirates
  • Jun 24, 2012

i'm going for the exam in an hour and i'll tell you once i finish :S

  • Jun 24, 2012
  • Gibran
  • United States
  • Jun 21, 2012

Can someone tell me how many sims are on the exam?? I'm scheduled to take it next month.Thanks

  • Jun 21, 2012
  • shoneo
  • Jun 21, 2012

To Mr.Security

I think that most important chapters (for new questions) which you need to read from book are:
- Control plane and data plane functionality for switch and router
- Eap types and their working
- 802.1X port status and design strategy
- DHCP snooping design plan

I've got 857 points and I wasn't sure that I've got correct answers for 5 new questions (mostly drag&drop). Minimum for passing is 776.

I hope It will help you.

  • Jun 21, 2012
  • Mr.Security
  • United States
  • Jun 21, 2012

To Shoneo,

What did you scored and what chapters did you focus reading on? I thinking about taking this in a few weeks. Thanks!

  • Jun 21, 2012
  • shoneo
  • Jun 19, 2012

Yesterday I have passed the exam. This dump is still valid with 7-8 new questions.
##################
@Badorka directed at right target about new questions:

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable

Drag and drop with 802.1x, nhrp and dhcp snooping and how working types of eap. We must attention and read exactly a question.
##################

Tnx to @Mr.Security for answer.

  • Jun 19, 2012
  • Mario
  • Germany
  • Jun 19, 2012

There are about 10 new questions(most of them d&d), dhcp starvation, dhcp snooping, a few about eap and dot1x but with this dump you will pass anyway. Passed today 06.19.2012

  • Jun 19, 2012
  • Mr.Security
  • United States
  • Jun 19, 2012

To shoneo:

The answer to this question is easy. If you read the question carefully, it stated "You have verified that all CA parameters have been correctly configured".

For CA to work you have to enable SCEP interface and since the configurations have been confirmed correct, you don't need to enable SCEP interface again. Make sense?

Second the question asked for troubleshooting steps so the best answer is:

Verify that correct time is being used and source are reachable.

Daemain guide is correct for this question. I hope this helps.

  • Jun 19, 2012
  • Mariam
  • United Kingdom
  • Jun 13, 2012

Thanks Guys,
today i have passed the exam. this dump is valid

  • Jun 13, 2012
  • mnone
  • United Arab Emirates
  • Jun 11, 2012

can you please know. if it possible to write exam with out lab

  • Jun 11, 2012
  • badorka
  • Poland
  • Jun 11, 2012

I passed my exam today (11.06.2012). We must studying below topic:

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable

I have a question drag and drop with 802.1x, nhrp and dhcp snooping and how working types of eap. We must attention and read exactly a question.

  • Jun 11, 2012
  • shoneo
  • Jun 11, 2012

What is correct answer for this question?

You have configured a Cisco router to act a PKI certificate server. However, you are experiencing problems starting the server. You have verified that all CA parameters have been correctly configured. What is the next step you should take in troubleshooting this problem?

Enable the SCEP interface or Verify that correct time is being used and source are reachable?

Troubleshooting Flow

In the event of problems with the Cisco IOS Software PKI Client not enrolling, follow these steps to troubleshoot the issue:
Step 1. Verify the reachability between the PKI client and the CA server using standard connectivity testing methods. Also, ensure that the SCEP server is functioning by running the debug crypto pki transactions command.
Step 2. Verify that the time on the PKI client is set properly. Incorrect time can cause devices to reject certificates.

  • Jun 11, 2012
  • Willy
  • United States
  • Jun 10, 2012

Just passed with nearly a 900, still valid. There were about 5 new questions on my exam (some dotx and eap questions).

  • Jun 10, 2012
  • gerard
  • Germany
  • Jun 10, 2012

helloo guys there is any can helps for exam 642-637 lab i'm getting ready to write it at the end of this month. my addresss ageruid@gmail.com

  • Jun 10, 2012
  • nico
  • United States
  • Jun 09, 2012

@bfreeze thank you very much for your little advice. I want to encourage you guys to read everything in this dump expecially your lab word for word and configure your lab to work, you will definately pass with a range of 850-870. if your configuration works with the lab.Thanks neil for your dump.

  • Jun 09, 2012
  • Ayman
  • Egypt
  • Jun 06, 2012

Dears, i got 827 score . and as i told you before the new drag and drop questions was related to Dot1X authentications and transmitting protocols PEAP and EAP.

  • Jun 06, 2012
  • Muhammad Iqbal Afridi
  • United Kingdom
  • Jun 06, 2012

can anybody upload that 8 to 10 new question please i am going to set in exam end of this month

  • Jun 06, 2012
  • unknown
  • United States
  • Jun 05, 2012

All questions the same as in the dump but 8-10 new drag and drop questions. I passed today, so the dump is still valid.

  • Jun 05, 2012
  • mann
  • India
  • Jun 05, 2012

@Ayman
Can you pls give some details about the new Drag and Drop questions

  • Jun 05, 2012
  • mmm
  • Macedonia
  • Jun 05, 2012

Hi Guys,
is there any update on this document since many of you mentioned that there are new questions. I planned to take exam this week but probably will cancel it for now.
10 new questions are too many, I think. Please update it if possible.
Thank's in advance,

  • Jun 05, 2012
  • cisco
  • Egypt
  • Jun 04, 2012

Hi Ayman , could u please tell me what is the score that u get .

  • Jun 04, 2012
  • Ayman
  • Egypt
  • Jun 04, 2012

Dears, i passed today, the dump is mostly valid but there is about 8 new drag and drop questions related to DOT1X authentication and DTVPN.

  • Jun 04, 2012
  • John
  • United States
  • Jun 04, 2012

Hi zoro, thank you very much for the CTB Nugget works great! Awesome! :-)

  • Jun 04, 2012
  • bfreeze
  • Italy
  • Jun 02, 2012

sorry , I misunderstood :( (:
but if you typed
R1>en
R1#conf t
R1(config)#zone security inside
seems you did alright ...

  • Jun 02, 2012
  • nico
  • United States
  • Jun 02, 2012

@bfreeze that is what i got from the examination center. I have failed twice because the console is not working for me

  • Jun 02, 2012
  • bfreeze
  • Italy
  • Jun 02, 2012

@nico
seems ur IOS doesn't support ZBPF..what are u using ?

  • Jun 02, 2012
  • nico
  • United States
  • Jun 02, 2012

Can somebody explain to me how to configure the lab. I open the console and it gave R1> then i try to write R1>Router(config)# zone security INSIDE, but it is saying unknown command. Can somebody who have passed it explain it to me so that when i go back to write, i will be able to pass

  • Jun 02, 2012
  • Emma
  • United States
  • Jun 02, 2012

Zoro can you help me too with cbt nuggets? dis is my last paper for ccnp sec. mknmkn08@gmail.com..thanks man

  • Jun 02, 2012
  • zoro
  • Netherlands
  • Jun 02, 2012

copy & past the link. The like willl expire on 16 june. Hope it help

  • Jun 02, 2012
  • zoro
  • Netherlands
  • Jun 02, 2012

got it from torrent but the link is not working any more. I use https://www.wetransfer.com/ to transfer large files. Try this
https://www.wetransfer.com/dl/o1I0yDon/95930dbab10d2b908a0df9b1b91ae7bbe5a82946e3dd49f506f16fa87ec66849f3c8fe8d3b35ca0

  • Jun 02, 2012
  • jose carlos
  • Peru
  • Jun 01, 2012

@zoro can you share links to CBT nuggets that we can use for CCNP Security? (SECURE, FIREWALL, etc), or since firewall and vpn have changed there are no cbt available??..thanks!

  • Jun 01, 2012
  • zoro
  • Netherlands
  • May 31, 2012

ur mail please, I will send you the SECURE nugget

  • May 31, 2012
  • boloc
  • United Kingdom
  • May 29, 2012

Hi, was just looking for a CBT nuggets for SECURE - anyone has a link?

Cheers,

  • May 29, 2012
  • nubie
  • Indonesia
  • May 29, 2012

dear all, is there anyone can update and share the new D&D questions??thx

  • May 29, 2012
  • Sam
  • Germany
  • May 29, 2012

Hi,
I passed my exam yesterday , a few new questions but the dump from neil is still valid. questions I can remember are DHCP snooping implementation, there was a drag and drop on EAP types, another one for reasons for error disable.

  • May 29, 2012
  • Dragan
  • Macedonia
  • May 28, 2012

Pass today with 817. A lot of new drag & drop from 802.1X and all answers order are mixed up. so you need to learn correct answers very well.

  • May 28, 2012
  • Mariam
  • United Kingdom
  • May 28, 2012

i have just attempted and failed 685, most of the questions from there. but i didn't prepare my self enough.. i think it is all my mistake..

  • May 28, 2012
  • cisco
  • Egypt
  • May 27, 2012

is this dump still valid or not plz?

  • May 27, 2012
  • Odie
  • Malaysia
  • May 25, 2012

Luckily I passed in KL this afternoon, with a minimum points ~800 (776 is passing score).
No new single choise/multi choice questions. But the position is change. Some questions they change the answer to another way.
Lab and Sim: same.
Beside about 6 new drag drop question about dot1x.
ExamB question 1, 3, 5, 6, 9, 10 appear in my exam.
You have to understand which traffic is belongs to "Data plan" or "Control Plan". 2 new question about this. Of course the scenario changed.
You have to know what is true positives, true negative, .. 1 new question about this. Offcourse the scenario changed.
Totally I got about 15 drag-drop questions.
Read about the dot1x carefully.
Hope this help.

  • May 25, 2012
  • Odie
  • Malaysia
  • May 24, 2012

Not finish reading book but must give the exam today. Poor me !!! So stress.. I will report later for you, guy.

  • May 24, 2012
  • Borghezio
  • Italy
  • May 24, 2012

Exam passed.
5 new drag & drop on 802.1x.
!!!

  • May 24, 2012
  • KidWitGame
  • Kenya
  • May 24, 2012

Guys, thanks for all your input with the questions.I am wondering, does anyone have the simulations/testlets that are contained in the exam.I am yet to see any of these

  • May 24, 2012
  • robin
  • South Korea
  • May 23, 2012

hey bob, your score proves this is not vaild. since I remember all question and anwser before testing, I always got score over 950 on other exam. but, I can find a lot of new question when I got this. I'm still find new dump.

  • May 23, 2012
  • bob
  • United Kingdom
  • May 22, 2012

Hi Guys, passed with 856, Dump still valid, most of the questions came from this. around 8 to 10 new questions. robin u might need bit of study.

  • May 22, 2012
  • robin
  • South Korea
  • May 22, 2012

This is not vaild. I got 726 and failed . most of anser changed. and new question about DHCP snooping

how can I get newest DUMP?!

  • May 22, 2012
  • tunde
  • Nigeria
  • May 21, 2012

There are 122 questions all together.
On-click the radio-button for Take122 question from the entire file

  • May 21, 2012
  • derek
  • United Kingdom
  • May 20, 2012

You are the man neil

  • May 20, 2012
  • Susanto
  • Malaysia
  • May 19, 2012

Hi Juice3,
Wish you pass the exam.
How about it? Any changes, please let me know. I also schdule to take this exam next week.

  • May 19, 2012
  • bob
  • United Kingdom
  • May 18, 2012

thanks neil

  • May 18, 2012
  • juice3
  • United States
  • May 18, 2012

About to go take it right now. I'll report back.

  • May 18, 2012
  • aym
  • Libya
  • May 18, 2012

thanks :)
i loveeee u neil

  • May 18, 2012

Add Comments

Only Registered Members Can Download VCE Files or View Training Courses

Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.

  • Trusted By 1.2M IT Certification Candidates Every Month
  • VCE Files Simulate Real Exam Environment
  • Instant Download After Registration.
Please provide a correct e-mail address
A confirmation link will be sent to this email address to verify your login.
Already Member? Click Here to Login

Log into your ExamCollection Account

Please Log In to download VCE file or view Training Course

Please provide a correct E-mail address

Please provide your Password (min. 6 characters)

Only registered Examcollection.com members can download vce files or view training courses.

Registration is free and easy - just provide your E-mail address. Click Here to Register

SPECIAL OFFER: GET 10% OFF

ExamCollection Premium

ExamCollection Premium Files

Pass your Exam with ExamCollection's PREMIUM files!

  • ExamCollection Certified Safe Files
  • Guaranteed to have ACTUAL Exam Questions
  • Up-to-Date Exam Study Material - Verified by Experts
  • Instant Downloads
Enter Your Email Address to Receive Your 10% Off Discount Code
A Confirmation Link will be sent to this email address to verify your login
We value your privacy. We will not rent or sell your email address

SPECIAL OFFER: GET 10% OFF

Use Discount Code:

MIN10OFF

A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.

Next

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.