ccna security

3/19/2014 CCNA Security Share your SECURE Experience

http://www.securitytut.com/secure-642-637/share-your-secure-experience/comment-page-3#comments 1/22

Type text to search here...

Home > Share your SECURE Experience

Share your SECURE Experience

January 3rd, 2011 in SECURE 642-637 Go to comments

Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security

Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP

Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a

time-consuming work. In the mean time, we created the Share your experience for the SECURE exam. Wereally hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these

sections as your experience is invaluable for CCNP Security learners to complete their goals.

Please share with us your experience after taking the SECURE 642-637 exam, your materials, the way you

learned, your recommendations

Comments (812) Comments

Comment pages

Previous 1 2 3 4 5 ... 9 Next 584

1. Sanket

October 16th, 2011

When implementing GET VPN, which of these is a characteristic of GDOI IKE?A. GDOI IKE sessions are established between all peers in the network.

B. Security associations do not need to linger between members once a group member has

authenticated to the key server and obtained the group policy.

C. Each pair of peers has a private set of IPsec security associations that is only shared between

the two peers.

D. GDOI IKE uses UDP port 500.

Answer: C

is this correct ? I think its B !

plz sare u reviews.. !

thanks!!

2. SpiderOctober 17th, 2011

I think B too.



Look at Book 3-399

3. Steak&Chips

October 19th, 2011

Hi Guys

Checked the answer with a CCIE and answer is C.

B does not qualify as the SA must be active between the two members who are tunneling.

4. DC

October 19th, 2011

Thanks Steak&Chips,

I was thinking the same about GETVPN SAs.

Do you have any thoughts on these 2?

When configuring URL filtering with the Trend Micro filtering service, which of these steps mustyou take to prepare for configuration?

A. define blacklists and whitelistsB. categorize traffic types

C. install the appropriate root CA certificate on the routerD. synchronize clocks via NTP to ensure accuracy of URL filter updates from the service

Answer: D or C (I think C as you need to set the time to download the certificate, not need to set up NTPto ensure accuracy).

and:

When you are configuring DHCP snooping, how should you classify access ports?

A. untrustedB. trusted

C. promiscuousD. private

Because the question is vague and does not say whether this access port is under administrative control.So assuming its not under control I may go with A: untrusted.

Thanks.

dc

BTW, I plan on taking exam 10/21.

5. Steak&ChipsOctober 19th, 2011

Nice DC good luck I havent seen these questions beforeis this from any particular source?



Not 100% sure on the first question. Reading through this

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/white_paper_c89-492776.html

the answer looks like the pre-requisite is C : cisco.com certificate.

Defintely DHCP snooping answer is A : untrusted. The router is most likely on trunk mode = Trusted so

all others would be untrusted.

Good questions !

6. DCOctober 19th, 2011

They are mentioned on the previous page and I have them in my practice test.

THANKS!

7. Mike

October 21st, 2011

Its D.Take a look at this site:

https://supportforums.cisco.com/docs/DOC-8028#Clock_and_DNS

You need the to have correct time to register with Trend Micro

8. Steak&ChipsOctober 21st, 2011

Hey Mike,

checked with some guys who passed and they say C. You have to have accurate time not necessarily

by NTP (as DC stated). Secondly via NTP to ensure accuracy of URL filter updates from the service isdone after configuration and the question is about configuring the service.

9. Steak&Chips

October 21st, 2011

need to elaborate a bit more the accurate time is needed for the install and activation of the certificate

not really required for the filter updates.

10. helperOctober 21st, 2011

Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts

to exhaust critical router resources and if preventative controls have been bypassed or are notworking correctly?

A. Control Plane Protection



B. Management Plane Protection

C. CPU and memorythresholding

D. SNMPv3Answer: A

I think right si B, because C is part of B, and in B there SNMP which you can you for C.

11. DC

October 21st, 2011

Well, I passed today with a score of 898. Not sure which questionable answers were right or wrong. Justa handful of new questions. Of course there was the zone firewall lab and the GETVPN scenario.

Thanks Steak&Chips and Igor and everyone else (esp tut).

@ Helper, I think C was correct (and C is part of A), but what do I know

Good luck everyone. Study the book and review the practice tests and you should pass.

DC

12. Steak&Chips

October 21st, 2011

Congrats DC ! pass is a pass no one really cares about the final score.

Which one are you doing next?

13. DC

October 21st, 2011

I already have CCIP and CCNP (recently CCNA-S), I really just wanted to extend the IP/NP certs for

another 3 years. If I keep on going it will be for CCNP security. I am getting old

Think I will take a break for a little while

thanks,

dc

14. Michael

October 22nd, 2011

Hello DC

I am a little confused regarding the GETVPN scenario question,could you please mention the show

command you use to solve these question and I am not sure that the answers are right,could you confirm

that please.

Which router is acting as the key server and which is acting as a group member?



(Choose two.)

A. Router 1 is the key server

B. Router 2 is the key serverC. Router 1 is the group member

D. Router 2 is the group member

E. The ISP router is the key server

F. The ISP router is the group memberG. Router 1 and Router 2 are both key servers

H. Router 1 and Router 2 are both group members

Answer: B,F

What is the Identity used to distinguish the GETVPNGROUP GDOI group?

A. the IP address of the peer

B. identity number 67890C. group 14

D. GETVPNKEY

Answer: A,D

On the group member router, where is the crypto map applied and what is the ISAKMP shared

key? (Choose two.)

A. the crypto map is applied to the FastEthernet0/1 interface

B. the crypto map name is applied globally on the router and is active on all enabled a interfacesC. the shared Key Is GETVPNKEY

D. the shared Key is 67890

Answer: A,B

15. helper

October 24th, 2011

to : Steak&Chips October 19th, 2011

I think B is right. If you look at book, so B is exact copy of description in book.

to : Michael October 22nd, 2011first dont know

second I suppose something like B, C

third again suppose B, C

16. RJD

October 24th, 2011

Configure URL Filtering

Consider the following implementation guidelines:

- You can combine local URL lists with server- or service-based filtering to create exceptions.

- Before using the Trend Micro URL filtering service, you must install appropriate root CA certificates onthe router.



17. RJD

October 24th, 2011

GDOI, which is the underlying standard for GET VPN, is standardized in RFC 3547. GDOI defines a

key management protocol, based on IKE and ISAKMP. GDOI uses the same principles to generate

symmetric encryption keys, but uses two keys: KEK and TEK. The key management protocol is an

extension of IKE and ISAKMP, and uses User Datagram Protocol (UDP) port 848. One majordifference of GDOI IKE is the fact that GDOI IKE SAs do not need to linger between members after

initial establishment, but can be left to quickly expire after a group member has authenticated to the key

server and obtained the group policy. The second major difference is that GDOI IKE sessions do not getestablished between all peers in a VPN, but only between each group member and the key server (or

multiple key servers for redundancy).

18. Steak&ChipsOctober 24th, 2011

Thanks RJD I am sure the root cert is the answer sorry helper. Also Control Plane Protection is the

correct answer to that other question: MPP is only for access to the router itself. CPP backs up DataPlane protection if those controls start failing.

Has anyone seen this in the exam?

===========================================================

True positives: The IPS or IDS sensor triggered because of legitimate malicious activity.This is normal,

desired operation.

False positives: The IPS or IDS sensor triggered because of nonmalicious activity.

True negatives: The IPS or IDS sensor failed to trigger when there was no malicious activity. This is

normal, desired operation.

False negatives: The IPS or IDS sensor failed to trigger when there was malicious activity. This is usually

because of errors caused bysignatures that are configured to be too specific.

================================

19. DC

October 24th, 2011

I didnt have anything about false\true positives\negatives on my test.

I would not study the GETVPN answers as I have seen them change configurations in similar exercises in

different tests. Instead be familiar with the show commands

dc

20. Julia Adams

October 25th, 2011



what are the configuration questions in the secure 642-637 exam ?!

21. helper

October 25th, 2011

Hi,

@Steak&Chips : what sorry? which question?

about GDOI RJD confirmed what I have written (by copying text from book)

thnx

22. Steak&Chips

October 25th, 2011

I was referring to this one >>A. Control Plane Protection

B. Management Plane Protection

C. CPU and memorythresholding

D. SNMPv3

Answer: A

I think right si B, because C is part of B, and in B there SNMP which you can you for C.

Answer is still A its the only one that triggers notifications if the Data Plane is under stress B is not

involved in this feature at all.

23. helper

October 25th, 2011

Maybe Im completely stupid, but Control on router has this options :

CoPP/CPPr, routing protocol auth/filter

On the contrary MPP has SNMP and CPU/memory tresholding.

How does Control let know?

thnx, and again sorry

btw, about GDO IKE (for others) book page 505, there is exact answer.

24. Steak&Chips

October 26th, 2011

Actually after reviewing material and digging a bit deeper I am thinking that C is actually the correct

answer. If you read this

With CPU Thresholding Notification, users can configure CPU utilization thresholds, which trigger a

notification when exceeded. Cisco IOS Software supports two CPU utilization thresholds:http://www.cisco.com/en/US/products/ps6642/products_data_sheet09186a00801f98de.html



That encompasses the entire question directly SNMPv3 basically deals with SNMP authentication andno thresholding MPP is the framework not a configurable feature and COPPr is probably the

preventative controls that have been bypassed as well as Data Plane Countermeasures.

I will switch to C in my exam and see what I get.

25. Shahbaz

October 28th, 2011

Hello,

Have a good day to all. my secure paper is on 10th November. Please can anybody help me out about

the dumps of secure, that from where can be the latest dumps available freely.

Thank you.

26. AnonymousOctober 29th, 2011

anyone given 642-637 yet ???

27. Steak&Chips

October 31st, 2011

Hey Guys,

Can you check this updated .vce out

http://www.examcollection.com/cisco/Cisco.ActualTests.642-637.v2011-10-

26.by.Chips.89q.vce.file.html

Would especially appreciate anyone who has taken the test to try it.

Created D&Ds, fixed the incorrect questions (some still in doubt), fixed spellings and added some user

feedback questions.Cheers Chips

28. Mike

October 31st, 2011

Great Job Steak&Chips. I like the simulator questions with examples of the show commands. This will

really help out.

29. Zahoor

November 1st, 2011

Passed today with 939!! Thanks to God and thanks to all who have shared their experience on this

website. Ive uploaded the dumps with corrections at the following location:

http://www.4shared.com/document/kLuvtEGx/642-637_new.html

Thank you



30. Steak&Chips

November 1st, 2011

Thanks Zahoor! Well done!

Did you have any new questions? Can you check out my VCE file and see if there are any corrections that

need to be made?

http://www.examcollection.com/cisco/Cisco.ActualTests.642-637.v2011-10-26.by.Chips.89q.vce.file.html

Cheers Chips

31. Zahoor

November 1st, 2011

Hi Steak, you worked really good. I studied your file thoroughly, one day before the exam. You haveadded few new questions and all those were there in the exam. There were two new question that I will

post later after recalling. Your VCE has two or three answers that need to be revised (but Im also not

100% sure), you could reconcile them from the file that I uploaded.

Steak, can you please help me in 642-627 and 642-647 ??

Thank you for your contribution.

32. Steak&Chips

November 1st, 2011

I saw that Zahoor and I have changed the

*peer* matches no profile to the : This is a normal output is correct answer.

Also changed 2 x D&D the 802.1x preparation and the show crypto map > show crypto isakmp policy.

I am sure the others are correct still the CA / Trend Micro, the Illegal config vs this policy is not neededis still correct as the INSIDE zone has 2x interfaces.

If you could flesh out the 3 unknown questions would be fantastic

33. Zahoor

November 1st, 2011

Ok thanks Steak and what about 642-627 and 642-647 ???

34. Steak&Chips

November 1st, 2011

Still working 637 as a group we will work 627 next starting from next week.

Can you remember those details people would be grateful

35. Zahoor



November 1st, 2011

One new question that Im recalling was like:

sh crypto isakmp profile

Encryption 3DES

hash sha-1

authentication rsa-sig

Group 2

The correct answer is: The authentication parameter is Digital Certificates

36. Zahoor

November 1st, 2011

All D&D and Labs are the same

37. Steak&Chips

November 4th, 2011

Uploaded a new .vce to

http://www.examcollection.com/642-637.html

It has another couple of fixed questions and some new additions. Had two test takers over the last week

score in the mid-900s using this file. Seems you have to expect 2-4 new questions so study as much asyou can on all topics.

92 questions in total.Good luck to all!

Chips

38. Anonymous

November 4th, 2011

I dont see the new VCE steak? Whats there is the 89 q.&a.

39. Steak&Chips

November 4th, 2011

Yeah takes a few days to be seen uploaded today check back each day.

40. AnonymousNovember 4th, 2011

Please repost

41. el_zwergo

November 4th, 2011

well done, chips!



42. jt

November 5th, 2011

fyi: i took the exam today with 918/1000. there are about 3 new question that is not on

1. something about virtual interface (the exhibit is: show interface | virtual )

i will post it if it comes back to mind.

thanks all..

i used the dump posted by Zahoor & Chips.

43. Rick

November 8th, 2011

Guys/Gals,

Can someone please paste link to pdf for Secure Exam?

44. Anonymous

November 8th, 2011

good job jt

45. jtNovember 8th, 2011

thanks!.

@Rick, chips and Zahoor posted. scroll 1/2 page up.

46. Gagan

November 9th, 2011

I cleared my CCNA Security exam with 1000/1000 scorehurreyy !!

47. el_zwergo

November 10th, 2011

gratulation but this is the wrong page we discuss here exam 642-637

48. syed

November 11th, 2011

Cleared ASA & IPS and going for Secure, please confirm which dumps are valid?

49. biggo

November 11th, 2011

Pass SECURE yesterday, 9XX



Use

http://www.4shared.com/document/kLuvtEGx/642-637_new.html by Zahoor

one new D&D which about routing authen

two question that not in this paper.

Good luck

50. syed

November 11th, 2011

@biggo: Congrats!!

What about simulation and hotspot same as in dumps?

51. sandyNovember 11th, 2011

congrats biggothx for sharing the dumps, could u just tell me whether u got the same simulation or there were anychanges waiting for ur reply bye


hey syed could u just tell me which dumps shal i refer for ASA plz

53. syedNovember 11th, 2011

@Sandy: 86 questions dump availabe on same forum (642-617)I used the same

54. sandy

November 11th, 2011

any idea are they still valid?

55. sandy

November 11th, 2011

but it nowhere says 86, only 80q dumps from jay is with the highest rating are u talking about the same

dumps?


download p4s new dumps from http://hotfile.com/dl/118881880/cf77719/617.rar.html

57. syed



November 11th, 2011

@Sandy: not sure about it but this version is still available on P4S site means still valid

58. Reno

November 11th, 2011

Hello, I just got my CCNA security and I want to move to CCNP sec, I thought that the best will be start

whit SECURE, do you guys think its ok? or should I start whit FIREWALL first? also, can you provideinformation about dumps, training videos and labs?

Thanks!


l passed the exam today with 9xxx, follow the comments on this forum and the dump from:-

http://www.examcollection.com/cisco

/Cisco.ActualTests.642-637.v2011-10-26.by.Chips.89q.vce.file.html

you will be save.

WARNING:- The Pass4sure dump is not valid, so much wrong answers, becarefull !!!!!!!!!

60. RenoNovember 12th, 2011

Can anyone help me whit a link for a study guide or books for CCNP security? I was thinking on buy the

books but is to expensive for me here in chile I think I can afford 2 of them I need to get the SECUREand the FIREWALL, can anyone help me?

Also are there any CBT nuggets videos in some place?Thanks!

61. syed

November 12th, 2011

@Anonymous:Which P4S dump you are talking about?


@syed, just forget the pass4sure dump for SECURE, use the one provided by my link above.

63. IshrathNovember 13th, 2011

where i can get ccna security lab packet tracer



64. CCNP SEC

November 13th, 2011

Preparing CCNP SECURITY SECURE, dose any one has the book CCNP SECURITY SECUREQUICK REFERNECE ?

If yes please be kind and show us a link ?

Regards


@Anonymous: Thanks, what about LAB and hotspot, is it same given in dumps?

66. TIGGERNovember 15th, 2011

Hi All,

I am just about to start the track for CCSP, any recommendations for which exam to start first and alsofor practice with labs.

Thanks for any responses.

67. niljos

November 16th, 2011

hi thanks to Steak&Chips

yesterday cleared exam with 939 most of questions were from Steak&Chips file

D & D and simulations were same

In GET VPN Scenario sh crypto gdoi ks & sh crypto gdoi ks member commands not worked

but this scenario is easy you can guess the answer from options also

R1 is member router ip 192.168.1.1 & R2 is server router ip 192.168.2.2

5 to 6 questions were new

1) one question was on ipsec gre tunnel

2)one question was on ips disable signature

3) one question was on dhcp server with static mapping & with dhcp snooping problem facing user for

connectivity answer i choosed clear arp option

4)on dvti there was one new question



in case i recall i will post other questions

68. syed

November 16th, 2011

@nilhos: what about the book or nuggest, or you have just used dumps?

69. Anonymous

November 16th, 2011

nugget & book both are useful

70. niljos

November 16th, 2011

nugget & book both are useful

71. Mahesh_PNovember 16th, 2011

Thanks Steak&Chips..

Just passed SECURE exam..I used http://www.examcollection.com/cisco

/Cisco.ActualTests.642-637.v2011-10-26.by.Chips.89q.vce.file.html

Simulation is the same and also drag and drop sorts of questions..

2-3 new questions could not remember all of them..

one questionsGive the config for auto update configured and given the Cissco servers link..also some commands when

to update and how many times n week or so..

and answers options were,auto update is configured to occur each day of week

auto update is configured to occur once a week in between 12-6 on sunday.update is stored on the server at Ciscos link.

ThanksMahesh

72. Mahesh_PNovember 16th, 2011

Also smae thing happened with me..

In GET VPN Scenario sh crypto gdoi ks & sh crypto gdoi ks member commands not worked

73. mkh



November 16th, 2011

Guys, do the show crypto gdoi for GET VPN, that will give you info..thanks every 1 for the help andadviseyou might like to have this as additional resourcethis is CCNP Security Secure Lab Guidehttp://www.megaupload.com/?d=3217462I

Thanks

74. Steak&Chips

November 16th, 2011

Congrats to you guys Mahesh and Niljos.

There is a new file up at ExamCollection

http://www.examcollection.com/cisco/Cisco.ActualTests.642-637.v2011-11-02.by.Chips.92q.vce.file.html

It has some of the new questions in as well as a few corrections. Quite a few people who have passedwith a 900+ now by using that file.

75. syed

November 17th, 2011

Can anyone provide nuggets and book link?

76. RatanNovember 17th, 2011

Hi friends,

I am now planing for 642-637 exam. but i cont able understand from where i should startpleasesuggest me..

77. SaleemNovember 18th, 2011

Asalam alaikum..any one have secure labs in packet tracer or gns?????????????????

78. ShahbazNovember 19th, 2011

i cleared the secure exam yesterday. Thanks to Steak&Chips.

79. MikeNovember 19th, 2011

Thanks Chips for creating the .vce. It was right on.I passed with no problem. Well almost, I accidently skipped the simulator question. No worries at least I

passed with a 878.



There was a new question about what is a state of a signature that was compiled but not getting hits.Something like that,

It then had Acitive, Inactive, Disabled and one other answer.

80. RatanNovember 20th, 2011

Hi friends,plz share a link where we can download CBT about 642-637 exam

81. EBL

November 20th, 2011

Please provide SECURE 642-637 Student Guide Link

82. AnonymousNovember 21st, 2011

Please provide SECURE 642-637 dumps for my id : [email protected]

83. sandyNovember 22nd, 2011

guys plz can anyone send me vcemanager file full version setup file plz i need it urgent thx


heres the email [email protected]

85. paul

November 25th, 2011

is the configuration for sims are correct in p4s, please advise. thanks

86. Ratan

November 26th, 2011

Hey paul can u send me the pass4dumps for 642-637?.my E-mail id [email protected]


can anyone provide official guide?




where is the guide pdf material for secure ?


I am appearing this week, pls provide link for study guide

90. AminNovember 28th, 2011

Dear All I can download Secure CBT training . http://www.filesonic.com/file/3190762975/cns1028-single-link.rar.html wish u all have a great live ahead ..

91. syed

November 28th, 2011

@Amin, unable to download

92. SaqibNovember 28th, 2011

I passed the Exam today with 9xx . Some questions was new but you can pass the exam, if you prepared

the Dumps.

Thanks..


@Saqib, which dumps did u use?


@syed http://www.examcollection.com/642-637.html by Chips 92q.vce.


@saquib, thanks what about book or nuggets or u just have used these dumps?

96. Ratan

November 29th, 2011

Any one have cbt nuggets about 642-637 then plz share with us.

97. syed

November 29th, 2011



@Saqib: Also pls confirm if there are any wrong answers in 92Q dump like D & D ?


@syed use cbt nuggets.

99. syed

November 30th, 2011

@Saqib: Please provide or send it to me @[email protected]

100. Saqib

December 1st, 2011

@syed download from

http://www.filesonic.vn/folder/14346445orhttp://www.filesonic.com/file/2783185775/1l.CNS1028.rar

Comment pages Previous 1 2 3 4 5 ... 9 Next 584

Add a Comment

Name

Submit Comment

Subscribe to comments feedShare your FIREWALL Experience Share your IPS v7.0 Experience

CCNA Security 640-554

Share your (new) CCNA Security Experience

CCNA Security 640-553

LabSimSecurity Fundamentals



Access list Questions

Drag and Drop QuestionsModern Network Security ThreatsSecuring Network Devices

Authentication Authorization & AccountingImplementing Firewall Technologies

IPsec QuestionsSecurity Device Manager SDM

Implementing Intrusion PreventionSecuring Local Area NetworksStorage Area Network SAN

Cryptographic SystemsImplementing Virtual Private Networks

Managing a Secure NetworkShare your CCNA Security Experience

SNRS 642-504

Share your SNRS Experience

SNAF 642-524

Share your SNAF Experience

IPS 642-533

Share your IPS Experience

CANAC 642-591

Share your CANAC Experience

MARS 642-545

Share your MARS Experience



SNAA 642-515

Share your SNAA Experience

New CCNP Security Exams

SECURE 642-637

Share your SECURE Experience

IPS v7.0 642-627

Share your IPS v7.0 Experience

FIREWALL 642-617

Share your FIREWALL Experience

VPN 642-647

Share your VPN Experience

CCIE Security Written 350-018 Exam

Share your CCIE Security Written Experience

CCIE Security Lab Exam



Share your CCIE Security Lab Experience

Network Resources

CCNA Security Knowledge Base

CCNA Website

ROUTE Website

SWITCH Website

TSHOOT Website

CCNA Voice Website

CCNA Security Website

CCDA Website

Support Securitytut

Your contribution will help keep this site updated!

Top

Copyright 2010-2012 CCNA Security

Privacy Policy. Valid XHTML 1.1 and CSS 3.

ccna security » share your secure experience page 3

Documents

secure experiencehttp

secure exam

secure experienceshare

secure experiencejanuary

security exams

home share

ccnp security learners