Home Page > Cisco > 646-057

Download Cisco.TopCerts.646-057.v2.12.vce

Exam: Routing and Switching AM Exam
Size: 71.23 KB
Posted: 2013-06-30
Votes: 0
Download: Cisco.TopCerts.646-057.v2.12.vce

Vote For This File

Verification:*
Type the characters from the picture.

Comments

* The most recent comments are at the top.

    • kaab00m from Vietnam 08 23 2012, 8:11 AM Report Spam
      PASS my exam. 1 New Question from Cisco.ActualTests.642-637.v2012-08-03.by.Neil.133q.vce
      All the simlet and lab, question are the same, but the answer may be not like exactly from the vce.
      My score 878 after 30 mintues.

      Thanks all, special thanks to Neil.

    • tunde odubanjo from Nigeria 08 22 2012, 7:48 AM Report Spam
      passed the exam on friday 17th 08ust…………..thanks a lot
    • cro@ from Croatia 08 14 2012, 6:24 PM Report Spam
      @ahmed – what was your score on the exam?

      @sashans – jesi izlazio na ispit? Vrijedi li ovaj vce?

    • sashans from Serbia 08 12 2012, 12:40 PM Report Spam
      @muhha
      the class-default drop command is not necessery in the ZBFW sim,i think.
      look at this

      Configuring Zone-Based Policy Firewall Policy-Maps

      The policy-map applies firewall policy actions to one or more class-maps to define the service-policy that will be applied to a security zone-pair. When an inspect-type policy-map is created, a default class named class class-default is applied at the end of the class. The class class-default’s default policy action is drop, but can be changed to pass. The log option can be added with the drop action. Inspect cannot be applied on class class-default.
      sorurce: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
      pozz iz srbije :)

    • ahmed from Saudi Arabia 08 10 2012, 2:52 PM Report Spam
      Hi Neil, thanks for your great job, could you please send me the latest version at a.samir.1010@gmail.com, i'm going to take my exam 14 08
      thanks,
    • ksiva55 from Unknown 08 10 2012, 2:19 PM Report Spam
      Hi Friends,

      Passed today with 860 dump still valid…

    • CiscoKid from South Africa 08 10 2012, 9:16 AM Report Spam
      Thanks Neil. I am writing this on the 14th So i am really looking forward to getting my hands on your "Cisco.ActualTests.642-637.v2012-08-09.by.dd.129q.vce" as i can not see it up here yet. Please mail me a copy at danie.swart@gmail.com.

      Thanks for your great work man.

    • neil from United Kingdom 08 09 2012, 10:40 PM Report Spam
      Hi Guys, I uploded letase release of actual tests. wish you all sucess..!!
    • nubie from Indonesia 08 08 2012, 7:01 AM Report Spam
      pass today, thx to all in this forum
    • muhha from Bosnia and Herzegovina 08 07 2012, 2:11 PM Report Spam
      Hi All,

      I passed yesterday the exam. It was about 10 new Drag & Drop but those questions are similar to those in neils dump. Thanks to all of you for your contribution!

      @nubie this is how I answered yesterday this Drag & Drop question, I hope this is helpful I would suggest to go thru Cisco Press Book you have all explanations there.

      - MAB
      -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

      - Restricted VLAN
      -this solution is used when users fail authentication and have an 802.1x – compliant device

      - Guest VLAN
      -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

      - WEB auth
      -Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

    • serji from Unknown 08 07 2012, 2:11 PM Report Spam
      Hi, nubie, i believe the answers are as follows:

      MAB -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

      Restricted VLAN -this solution is used when users fail authentication and have an 802.1x – compliant device

      Guest VLAN – -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

      WEB auth Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

    • nubie from Indonesia 08 06 2012, 8:44 AM Report Spam
      anyone can help me to answer this drag and drop question??i really appreciate your help guys,thx

      -Guest VLAN
      -Restricted VLAN
      -MAB
      -WEB auth

      ——————————

      -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

      -this solution is used when users fail authentication and have an 802.1x – compliant device

      -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

      -Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

    • Mohammed from Yemen 08 02 2012, 1:30 PM Report Spam
      passed today 898, still valid. thanks
    • Emma from United States 08 01 2012, 12:03 AM Report Spam
      I managed to pass today. My score Scored was 827. Guys nt sure why the command #inspect is not accepted after issuing # class type inspect HTTP_POLICY
      Pls can any one tell me why

      I also tried
      Class Class-default as Muhha suggested not accepted too. I think i got 78% on the Lab though.
      Thanks to you guys….all the way to CCIE

    • Luigi Gagarin from Brazil 07 30 2012, 4:23 PM Report Spam
      PASSED!!!!!!!

      Score 837 points. This exam is very stressed. A lot of new D&D and few new questions. The questions have a inverse order but with Neil contend you will pass!! Make shure that you will answer all 122 Neil questions because you will fail.

      The lab is the same and the Simlet is the same.

      A special thanks for Neil for your correction and a kick on ass to Actualtests that offer a dump with a lot of wrong questions

    • gerard from Unknown 07 28 2012, 12:49 PM Report Spam
      This dump still valid thks to neil. The most stressing exam i wrote 3 news questions and 10 news drag n drop in the exam take in consideration everybody comments below it will helps. Thks to all
    • Loopback from Germany 07 26 2012, 2:16 PM Report Spam
      I have done the exam and the Neil´s dump is still valid.
      I received 890 points and it was 9 additional questions in my test.
      some of questions have the sequence or wording of answer changed, but the sense is thesame.
      I have received 70 questions as well.
      If you do your preparation well those 9 questions will not be an issue…
      almost all of them are mentioned by colleagues before, like the reason to err-disable or EAP types and how they work..
      Pay attention to this information here, below,
      do preparation well and every thing will be ok.
      thank to every body again for your help and particularly to Neil.
    • Major Tom from United Kingdom 07 25 2012, 8:39 PM Report Spam
      In the real exam's lab it's being requested for dropping all the traffic that left and doesn't match HTTP. Perhaps Neil's figures are still accurate, but muhha's comments make sense for me. Anyhow I am over to VPN now :)
    • Mr.Security from United States 07 25 2012, 3:16 PM Report Spam
      I would configure the SIM exactly what they ask for. There's nothing in the objects about configure "default class". It's your test so do whatever you like.

      The SIM is always the same and if you look back to Neil's dump there is an 989 score using the same configuration for the SIM. Just my two cents. Good luck!

    • Major Tom from United States 07 25 2012, 10:38 AM Report Spam
      Guys, the sim was the same as in dump: creation of the zone-based firewall. Not sure if I made it correctly. Watch out the policy-map creation, don't confuse "match-any" and "match-all". I guess I screwed it up there. Also please notice the muhha's post for the default class – it sounds he is right.

      For about "?" mark – I believe it worked for me.

      Anyhow, even though I ruined the lab (assumption) and possible a few new drag-n-drop questions, I still passed with 847. The passing score was 774 which is pretty relaxing and number of questions was 70. Just make sure you've done everything else correctly besides sim.

    • gerard from Benin 07 25 2012, 8:19 AM Report Spam
      Major Tom can you tell us about the sim you done on your exam i'll be writing this friday need your feedback pls
    • NUK from United Kingdom 07 24 2012, 9:41 PM Report Spam
      Major Tom, what sim did you get in the exam? Is it possible to use the ? after typing part of a relevant command?
    • Major Tom from United Kingdom 07 24 2012, 6:50 PM Report Spam
      The dump is valid. Passed today with 847 score. It was stressing. Loads of drag-n-drops plus some new questions as suggested below. Most of the answers in the questions are shuffled! Watch what you click!
    • muhha from Bosnia and Herzegovina 07 23 2012, 5:48 PM Report Spam
      Hi All,

      I need help with one of LABs from Neils Dump and I am thinking that Neil missed class class-default command in his configuration.In LAB was requested to match HTTP and drop all other traffic …..Can you please review my configuration its down below, Thanks a lot!!!
      LAB:
      Note that when performing the configuration, you should use the exact names highlighted in bold below:
      - Globally create zones and label them with the following names:
      – OUTSIDE
      – INSIDE
      - Assign interfaces to zones as indicated in the exhibit
      - Create a zone pair for traffic flowing from the inside to outside zones named IN-TO-OUT
      - Define a zone-based firewall policy named IN-TO-OUT-POLICY
      – Use the “match protocol” classification option to statefully inspect HTTP traffic and drop all other traffic
      – Use a class-map named HTTP_POLICY
      - Apply zone-based firewall policy IN-TO-OUT-POLICY to the zone pair

      *** Globally created zones ***
      zone security OUTSIDE
      exit
      zone security INSIDE
      exit
      *** Assigning zones to the interfaces ***
      int fa0/0/0
      no shut
      zone-member security OUTSIDE
      exit
      int fa0/0/1
      no shut
      zone-member security INSIDE
      exit
      *** Created policy ***
      class-map type inspect match-any HTTP_POLICY
      match protocol http
      exit
      policy-map type inspect IN-TO-OUT-POLICY
      class type inspect HTTP_POLICY
      inspect
      class class-default *** This is what I added ***
      drop
      exit
      *** Created zone pair, applied policy. ***
      zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
      service-policy type inspect IN-TO-OUT-POLICY
      end
      copy run start

    • vhv from Vietnam 07 23 2012, 9:24 AM Report Spam
      This dump is valid. I had passed with 857/1000 point. This exam have 8-9 new questions. Some new questions are same Alexis's post.
    • Major Tom from United Kingdom 07 21 2012, 3:39 PM Report Spam
      Derly_Ali, I believe everyone here would appreciate if you could mention those 4 questions with different values… Cheers mate.
    • NetworkSupaStar from United States 07 21 2012, 12:24 PM Report Spam
      Are there any sites similar to networktut for ccnp tshoot for Security ? Any help sites or downloadable labs for CCNP Security track ?
    • Security from India 07 21 2012, 2:57 AM Report Spam
      @derly_ali : Congrats….. so do u remember those 4 questons ?
      n abt d 8 questions, hav u chckd wid the othr dump [muhha], was der ny question frm tat……
      n were those 8 question D&D or MCQ
      Plzzz reply, I'll be writing xam within few days……..
      n abt d labs, was it same as in this dump…..
      nywy congrats once again 4 passing d xam n thnx in advance…….
    • derly_ali from Mexico 07 20 2012, 8:14 PM Report Spam
      Very stressed but i pass with a 878 score; 8 different questions and 4 of the dump with another values.

      Need a beer…

    • BananaRepublic from United States 07 20 2012, 1:25 PM Report Spam
      Certainly the longest certification exam ever taken.Dump is valid for the most part
    • Alexis from Europe 07 19 2012, 1:18 PM Report Spam
      I don't think neither autocomplete nor the question mark were supported (usually they are not), however thanks to Neil I didn't feel this time the need to use them ;-)
    • Loopback from Germany 07 19 2012, 11:27 AM Report Spam
      @Alexis:
      Thank you for your feedback.
      just one other question regarding the exam.
      does the autocompete works on the CLI on the simlet in the exam or not?
      if the question mark is supported on the CLI of the simlet during the exam?
      Thank you!
    • Alexis from Europe 07 19 2012, 11:00 AM Report Spam
      Hi @Loopback, you are right. According to Cisco all these are possible causes for a port to go err-dissabled

      Duplex mismatch
      Port channel misconfiguration
      BPDU guard violation
      UniDirectional Link Detection (UDLD) condition
      Late-collision detection
      Link-flap detection
      Security violation
      Port Aggregation Protocol (PAgP) flap
      Layer 2 Tunneling Protocol (L2TP) guard
      DHCP snooping rate-limit
      Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
      Address Resolution Protocol (ARP) inspection
      Inline power

      http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

      So it may be the specific wording, maybe of the "inline" thing.

      BTW, there was one more question I just remembered, it was to match most of these EAP types to its definitions and/or some particular feature of each
      ¡ö EAP-MD5
      ¡ö PEAPv0-MSCHAPv2
      ¡ö LEAP
      ¡ö EAP-TLS
      ¡ö EAP-TTLS
      ¡ö EAP-FAST

      Sorry gents. My memory just goes this far :-)

    • Loopback from Germany 07 19 2012, 10:24 AM Report Spam
      @Alexis:
      regarding this question posted:

      Which of the folling causes a port to go into error disabled status?

      BPDU guard violation
      inline power disabled, devide req pow
      speed mismatch
      dhcp snooping rate limit
      port channel misconf

      as far as I see, all of them are the possible reasons for err-disable state, or?

    • Alexis from Europe 07 19 2012, 7:17 AM Report Spam
      Hi Mr Security, I'd say most of them are in Neil's dump, as for the new ones I have transcribed below some of them as far as I can recall them. There were a couple more about policy based NAT and dhcp snooping.

      God bless you all && thanks very much again, Neil

      ____

      Which of the folling causes a port to go into error disabled status?

      BPDU guard violation
      inline power disabled, devide req pow
      speed mismatch
      dhcp snooping rate limit
      port channel misconf

      _____

      Which of the following belong to the data plane?

      traffic filtering
      transport protection
      traffic conditioning
      protection against attacks
      RBAC
      routing protocol authentication

      _____

      Match (not all needed)

      1.- when this expires, the net id is no longer valid
      2.- this needs to be the same for all mgre tunnels in the network
      3.- this is used for NMBA networks
      4.- this is used by DMVPN tunnel hubs and spokes to authenticate themselves

      A.- tunnel key
      B.- nhrp hold time
      C.- nhrp nhs
      D.- nhrp registration
      E.- nhrp net id
      F.- nhrp autthentication string
      ______

      who uses PHDF?
      Multiple options, one was FPM, which I think was the right one

      ______

      Match 802.1x port states definitions

      1.- Forced-Authorized
      2.- Forced-Unauthorized
      3.- Auto

      A.- In this state, 802.1x is disabled on the port. All traffic is allowed as normal without restriction. This is the default port state when 802.1x is not globally enabled.

      B.- In this mode, the port begins in the unauthorized state and allows only EAPOL, CDP, and STP traffic. After the supplicant is authenticated, the port transitions to the authorized state and normal traffic is allowed.

      C.- In this state, the port ignores all traffic, including any attempts to authenticate.

Close

Site Search:

Site Search:

Terms of Service

Proudly powered by www.iexamcollection.com