kaab00m from Vietnam – 08 23 2012, 8:11 AM Report Spam PASS my exam. 1 New Question from Cisco.ActualTests.642-637.v2012-08-03.by.Neil.133q.vceAll the simlet and lab, question are the same, but the answer may be not like exactly from the vce.My score 878 after 30 mintues. Thanks all, special thanks to Neil. tunde odubanjo from Nigeria – 08 22 2012, 7:48 AM Report Spam passed the exam on friday 17th 08ust…………..thanks a lot cro@ from Croatia – 08 14 2012, 6:24 PM Report Spam @ahmed – what was your score on the exam? @sashans – jesi izlazio na ispit? Vrijedi li ovaj vce? sashans from Serbia – 08 12 2012, 12:40 PM Report Spam @muhhathe class-default drop command is not necessery in the ZBFW sim,i think.look at this Configuring Zone-Based Policy Firewall Policy-Maps The policy-map applies firewall policy actions to one or more class-maps to define the service-policy that will be applied to a security zone-pair. When an inspect-type policy-map is created, a default class named class class-default is applied at the end of the class. The class class-default’s default policy action is drop, but can be changed to pass. The log option can be added with the drop action. Inspect cannot be applied on class class-default. sorurce: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtmlpozz iz srbije ahmed from Saudi Arabia – 08 10 2012, 2:52 PM Report Spam Hi Neil, thanks for your great job, could you please send me the latest version at email@example.com, i'm going to take my exam 14 08thanks, ksiva55 from Unknown – 08 10 2012, 2:19 PM Report Spam Hi Friends, Passed today with 860 dump still valid… CiscoKid from South Africa – 08 10 2012, 9:16 AM Report Spam Thanks Neil. I am writing this on the 14th So i am really looking forward to getting my hands on your "Cisco.ActualTests.642-637.v2012-08-09.by.dd.129q.vce" as i can not see it up here yet. Please mail me a copy at firstname.lastname@example.org. Thanks for your great work man. neil from United Kingdom – 08 09 2012, 10:40 PM Report Spam Hi Guys, I uploded letase release of actual tests. wish you all sucess..!! nubie from Indonesia – 08 08 2012, 7:01 AM Report Spam pass today, thx to all in this forum muhha from Bosnia and Herzegovina – 08 07 2012, 2:11 PM Report Spam Hi All, I passed yesterday the exam. It was about 10 new Drag & Drop but those questions are similar to those in neils dump. Thanks to all of you for your contribution! @nubie this is how I answered yesterday this Drag & Drop question, I hope this is helpful I would suggest to go thru Cisco Press Book you have all explanations there. - MAB-this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network - Restricted VLAN-this solution is used when users fail authentication and have an 802.1x – compliant device - Guest VLAN-this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN - WEB auth-Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured serji from Unknown – 08 07 2012, 2:11 PM Report Spam Hi, nubie, i believe the answers are as follows: MAB -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network Restricted VLAN -this solution is used when users fail authentication and have an 802.1x – compliant device Guest VLAN – -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN WEB auth Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured nubie from Indonesia – 08 06 2012, 8:44 AM Report Spam anyone can help me to answer this drag and drop question??i really appreciate your help guys,thx -Guest VLAN-Restricted VLAN-MAB-WEB auth —————————— -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network -this solution is used when users fail authentication and have an 802.1x – compliant device -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN -Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured Mohammed from Yemen – 08 02 2012, 1:30 PM Report Spam passed today 898, still valid. thanks Emma from United States – 08 01 2012, 12:03 AM Report Spam I managed to pass today. My score Scored was 827. Guys nt sure why the command #inspect is not accepted after issuing # class type inspect HTTP_POLICY Pls can any one tell me why I also tried Class Class-default as Muhha suggested not accepted too. I think i got 78% on the Lab though.Thanks to you guys….all the way to CCIE Luigi Gagarin from Brazil – 07 30 2012, 4:23 PM Report Spam PASSED!!!!!!! Score 837 points. This exam is very stressed. A lot of new D&D and few new questions. The questions have a inverse order but with Neil contend you will pass!! Make shure that you will answer all 122 Neil questions because you will fail. The lab is the same and the Simlet is the same. A special thanks for Neil for your correction and a kick on ass to Actualtests that offer a dump with a lot of wrong questions gerard from Unknown – 07 28 2012, 12:49 PM Report Spam This dump still valid thks to neil. The most stressing exam i wrote 3 news questions and 10 news drag n drop in the exam take in consideration everybody comments below it will helps. Thks to all Loopback from Germany – 07 26 2012, 2:16 PM Report Spam I have done the exam and the Neil´s dump is still valid.I received 890 points and it was 9 additional questions in my test.some of questions have the sequence or wording of answer changed, but the sense is thesame.I have received 70 questions as well.If you do your preparation well those 9 questions will not be an issue…almost all of them are mentioned by colleagues before, like the reason to err-disable or EAP types and how they work..Pay attention to this information here, below,do preparation well and every thing will be ok.thank to every body again for your help and particularly to Neil. Major Tom from United Kingdom – 07 25 2012, 8:39 PM Report Spam In the real exam's lab it's being requested for dropping all the traffic that left and doesn't match HTTP. Perhaps Neil's figures are still accurate, but muhha's comments make sense for me. Anyhow I am over to VPN now Mr.Security from United States – 07 25 2012, 3:16 PM Report Spam I would configure the SIM exactly what they ask for. There's nothing in the objects about configure "default class". It's your test so do whatever you like. The SIM is always the same and if you look back to Neil's dump there is an 989 score using the same configuration for the SIM. Just my two cents. Good luck! Major Tom from United States – 07 25 2012, 10:38 AM Report Spam Guys, the sim was the same as in dump: creation of the zone-based firewall. Not sure if I made it correctly. Watch out the policy-map creation, don't confuse "match-any" and "match-all". I guess I screwed it up there. Also please notice the muhha's post for the default class – it sounds he is right. For about "?" mark – I believe it worked for me. Anyhow, even though I ruined the lab (assumption) and possible a few new drag-n-drop questions, I still passed with 847. The passing score was 774 which is pretty relaxing and number of questions was 70. Just make sure you've done everything else correctly besides sim. gerard from Benin – 07 25 2012, 8:19 AM Report Spam Major Tom can you tell us about the sim you done on your exam i'll be writing this friday need your feedback pls NUK from United Kingdom – 07 24 2012, 9:41 PM Report Spam Major Tom, what sim did you get in the exam? Is it possible to use the ? after typing part of a relevant command? Major Tom from United Kingdom – 07 24 2012, 6:50 PM Report Spam The dump is valid. Passed today with 847 score. It was stressing. Loads of drag-n-drops plus some new questions as suggested below. Most of the answers in the questions are shuffled! Watch what you click! muhha from Bosnia and Herzegovina – 07 23 2012, 5:48 PM Report Spam Hi All, I need help with one of LABs from Neils Dump and I am thinking that Neil missed class class-default command in his configuration.In LAB was requested to match HTTP and drop all other traffic …..Can you please review my configuration its down below, Thanks a lot!!!LAB:Note that when performing the configuration, you should use the exact names highlighted in bold below:- Globally create zones and label them with the following names:– OUTSIDE– INSIDE- Assign interfaces to zones as indicated in the exhibit- Create a zone pair for traffic flowing from the inside to outside zones named IN-TO-OUT- Define a zone-based firewall policy named IN-TO-OUT-POLICY– Use the “match protocol” classification option to statefully inspect HTTP traffic and drop all other traffic– Use a class-map named HTTP_POLICY- Apply zone-based firewall policy IN-TO-OUT-POLICY to the zone pair *** Globally created zones ***zone security OUTSIDEexitzone security INSIDEexit*** Assigning zones to the interfaces ***int fa0/0/0no shutzone-member security OUTSIDEexitint fa0/0/1no shutzone-member security INSIDEexit*** Created policy ***class-map type inspect match-any HTTP_POLICYmatch protocol httpexitpolicy-map type inspect IN-TO-OUT-POLICYclass type inspect HTTP_POLICYinspectclass class-default *** This is what I added ***dropexit*** Created zone pair, applied policy. ***zone-pair security IN-TO-OUT source INSIDE destination OUTSIDEservice-policy type inspect IN-TO-OUT-POLICYendcopy run start vhv from Vietnam – 07 23 2012, 9:24 AM Report Spam This dump is valid. I had passed with 857/1000 point. This exam have 8-9 new questions. Some new questions are same Alexis's post. Major Tom from United Kingdom – 07 21 2012, 3:39 PM Report Spam Derly_Ali, I believe everyone here would appreciate if you could mention those 4 questions with different values… Cheers mate. NetworkSupaStar from United States – 07 21 2012, 12:24 PM Report Spam Are there any sites similar to networktut for ccnp tshoot for Security ? Any help sites or downloadable labs for CCNP Security track ? Security from India – 07 21 2012, 2:57 AM Report Spam @derly_ali : Congrats….. so do u remember those 4 questons ?n abt d 8 questions, hav u chckd wid the othr dump [muhha], was der ny question frm tat……n were those 8 question D&D or MCQPlzzz reply, I'll be writing xam within few days…….. n abt d labs, was it same as in this dump…..nywy congrats once again 4 passing d xam n thnx in advance……. derly_ali from Mexico – 07 20 2012, 8:14 PM Report Spam Very stressed but i pass with a 878 score; 8 different questions and 4 of the dump with another values. Need a beer… BananaRepublic from United States – 07 20 2012, 1:25 PM Report Spam Certainly the longest certification exam ever taken.Dump is valid for the most part Alexis from Europe – 07 19 2012, 1:18 PM Report Spam I don't think neither autocomplete nor the question mark were supported (usually they are not), however thanks to Neil I didn't feel this time the need to use them Loopback from Germany – 07 19 2012, 11:27 AM Report Spam @Alexis:Thank you for your feedback.just one other question regarding the exam.does the autocompete works on the CLI on the simlet in the exam or not?if the question mark is supported on the CLI of the simlet during the exam?Thank you! Alexis from Europe – 07 19 2012, 11:00 AM Report Spam Hi @Loopback, you are right. According to Cisco all these are possible causes for a port to go err-dissabled Duplex mismatch Port channel misconfiguration BPDU guard violation UniDirectional Link Detection (UDLD) condition Late-collision detection Link-flap detection Security violation Port Aggregation Protocol (PAgP) flap Layer 2 Tunneling Protocol (L2TP) guard DHCP snooping rate-limit Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable Address Resolution Protocol (ARP) inspection Inline power http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml So it may be the specific wording, maybe of the "inline" thing. BTW, there was one more question I just remembered, it was to match most of these EAP types to its definitions and/or some particular feature of each¡ö EAP-MD5¡ö PEAPv0-MSCHAPv2¡ö LEAP¡ö EAP-TLS¡ö EAP-TTLS¡ö EAP-FAST Sorry gents. My memory just goes this far Loopback from Germany – 07 19 2012, 10:24 AM Report Spam @Alexis:regarding this question posted: Which of the folling causes a port to go into error disabled status? BPDU guard violationinline power disabled, devide req powspeed mismatchdhcp snooping rate limitport channel misconf as far as I see, all of them are the possible reasons for err-disable state, or? Alexis from Europe – 07 19 2012, 7:17 AM Report Spam Hi Mr Security, I'd say most of them are in Neil's dump, as for the new ones I have transcribed below some of them as far as I can recall them. There were a couple more about policy based NAT and dhcp snooping. God bless you all && thanks very much again, Neil ____ Which of the folling causes a port to go into error disabled status? BPDU guard violationinline power disabled, devide req powspeed mismatchdhcp snooping rate limitport channel misconf _____ Which of the following belong to the data plane? traffic filteringtransport protectiontraffic conditioningprotection against attacksRBACrouting protocol authentication _____ Match (not all needed) 1.- when this expires, the net id is no longer valid2.- this needs to be the same for all mgre tunnels in the network3.- this is used for NMBA networks4.- this is used by DMVPN tunnel hubs and spokes to authenticate themselves A.- tunnel keyB.- nhrp hold timeC.- nhrp nhsD.- nhrp registrationE.- nhrp net idF.- nhrp autthentication string______ who uses PHDF?Multiple options, one was FPM, which I think was the right one ______ Match 802.1x port states definitions 1.- Forced-Authorized 2.- Forced-Unauthorized3.- Auto A.- In this state, 802.1x is disabled on the port. All traffic is allowed as normal without restriction. This is the default port state when 802.1x is not globally enabled. B.- In this mode, the port begins in the unauthorized state and allows only EAPOL, CDP, and STP traffic. After the supplicant is authenticated, the port transitions to the authorized state and normal traffic is allowed. C.- In this state, the port ignores all traffic, including any attempts to authenticate.