Pass Your Cisco 642-637 Exam Easy!

PASS my exam. 1 New Question from Cisco.ActualTests.642-637.v2012-08-03.by.Neil.133q.vce
All the simlet and lab, question are the same, but the answer may be not like exactly from the vce.
My score 878 after 30 mintues.

Thanks all, special thanks to Neil.

passed the exam on friday 17th August.......thanks a lot

@ahmed - what was your score on the exam?

@sashans - jesi izlazio na ispit? Vrijedi li ovaj vce?

@muhha
the class-default drop command is not necessery in the ZBFW sim,i think.
look at this

Configuring Zone-Based Policy Firewall Policy-Maps

The policy-map applies firewall policy actions to one or more class-maps to define the service-policy that will be applied to a security zone-pair. When an inspect-type policy-map is created, a default class named class class-default is applied at the end of the class. The class class-default's default policy action is drop, but can be changed to pass. The log option can be added with the drop action. Inspect cannot be applied on class class-default.
sorurce: http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
pozz iz srbije :)

Hi Neil, thanks for your great job, could you please send me the latest version at a.samir.1010@gmail.com, i'm going to take my exam 14 Aug
thanks,

Hi Friends,

Passed today with 860 dump still valid..

Thanks Neil. I am writing this on the 14th So i am really looking forward to getting my hands on your "Cisco.ActualTests.642-637.v2012-08-09.by.dd.129q.vce" as i can not see it up here yet. Please mail me a copy at danie.swart@gmail.com.

Thanks for your great work man.

Hi Guys, I uploded letase release of actual tests. wish you all sucess.!!

pass today, thx to all in this forum

Hi All,

I passed yesterday the exam. It was about 10 new Drag & Drop but those questions are similar to those in neils dump. Thanks to all of you for your contribution!

@nubie this is how I answered yesterday this Drag & Drop question, I hope this is helpful I would suggest to go thru Cisco Press Book you have all explanations there.


- MAB
-this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

- Restricted VLAN
-this solution is used when users fail authentication and have an 802.1x - compliant device

- Guest VLAN
-this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN


- WEB auth
-Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

Hi, nubie, i believe the answers are as follows:

MAB -this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

Restricted VLAN -this solution is used when users fail authentication and have an 802.1x - compliant device

Guest VLAN - -this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

WEB auth Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

anyone can help me to answer this drag and drop question??i really appreciate your help guys,thx

-Guest VLAN
-Restricted VLAN
-MAB
-WEB auth

——————————

-this method is used when clients dont support the 802.1x supplicant but need to be authenticated to an 802.1x network

-this solution is used when users fail authentication and have an 802.1x - compliant device

-this method offers limited access for users without an 802.1x client. by default, it takes 90 seconds for the machine to get assigned to this specific VLAN

-Clients that use this method can be reauthenticated. if reauthentication fails, then the switch can assign the port to the guest VLAN if its not configured

passed today 898, still valid. thanks

I managed to pass today. My score Scored was 827. Guys nt sure why the command #inspect is not accepted after issuing # class type inspect HTTP_POLICY
Pls can any one tell me why

I also tried
Class Class-default as Muhha suggested not accepted too. I think i got 78% on the Lab though.
Thanks to you guys..all the way to CCIE

PASSED!!!!!!!

Score 837 points. This exam is very stressed. A lot of new D&D and few new questions. The questions have a inverse order but with Neil contend you will pass!! Make shure that you will answer all 122 Neil questions because you will fail.

The lab is the same and the Simlet is the same.

A special thanks for Neil for your correction and a kick on ass to Actualtests that offer a dump with a lot of wrong questions

This dump still valid thks to neil. The most stressing exam i wrote 3 news questions and 10 news drag n drop in the exam take in consideration everybody comments below it will helps. Thks to all

I have done the exam and the Neil´s dump is still valid.
I received 890 points and it was 9 additional questions in my test.
some of questions have the sequence or wording of answer changed, but the sense is thesame.
I have received 70 questions as well.
If you do your preparation well those 9 questions will not be an issue.
almost all of them are mentioned by colleagues before, like the reason to err-disable or EAP types and how they work.
Pay attention to this information here, below,
do preparation well and every thing will be ok.
thank to every body again for your help and particularly to Neil.

In the real exam's lab it's being requested for dropping all the traffic that left and doesn't match HTTP. Perhaps Neil's figures are still accurate, but muhha's comments make sense for me. Anyhow I am over to VPN now :)

I would configure the SIM exactly what they ask for. There's nothing in the objects about configure "default class". It's your test so do whatever you like.

The SIM is always the same and if you look back to Neil's dump there is an 989 score using the same configuration for the SIM. Just my two cents. Good luck!

Guys, the sim was the same as in dump: creation of the zone-based firewall. Not sure if I made it correctly. Watch out the policy-map creation, don't confuse "match-any" and "match-all". I guess I screwed it up there. Also please notice the muhha's post for the default class - it sounds he is right.

For about "?" mark - I believe it worked for me.

Anyhow, even though I ruined the lab (assumption) and possible a few new drag-n-drop questions, I still passed with 847. The passing score was 774 which is pretty relaxing and number of questions was 70. Just make sure you've done everything else correctly besides sim.

Major Tom can you tell us about the sim you done on your exam i'll be writing this friday need your feedback pls

Major Tom, what sim did you get in the exam? Is it possible to use the ? after typing part of a relevant command?

The dump is valid. Passed today with 847 score. It was stressing. Loads of drag-n-drops plus some new questions as suggested below. Most of the answers in the questions are shuffled! Watch what you click!

Hi All,

I need help with one of LABs from Neils Dump and I am thinking that Neil missed class class-default command in his configuration.In LAB was requested to match HTTP and drop all other traffic ..Can you please review my configuration its down below, Thanks a lot!!!
LAB:
Note that when performing the configuration, you should use the exact names highlighted in bold below:
- Globally create zones and label them with the following names:
- OUTSIDE
- INSIDE
- Assign interfaces to zones as indicated in the exhibit
- Create a zone pair for traffic flowing from the inside to outside zones named IN-TO-OUT
- Define a zone-based firewall policy named IN-TO-OUT-POLICY
- Use the "match protocol" classification option to statefully inspect HTTP traffic and drop all other traffic
- Use a class-map named HTTP_POLICY
- Apply zone-based firewall policy IN-TO-OUT-POLICY to the zone pair

*** Globally created zones ***
zone security OUTSIDE
exit
zone security INSIDE
exit
*** Assigning zones to the interfaces ***
int fa0/0/0
no shut
zone-member security OUTSIDE
exit
int fa0/0/1
no shut
zone-member security INSIDE
exit
*** Created policy ***
class-map type inspect match-any HTTP_POLICY
match protocol http
exit
policy-map type inspect IN-TO-OUT-POLICY
class type inspect HTTP_POLICY
inspect
class class-default *** This is what I added ***
drop
exit
*** Created zone pair, applied policy. ***
zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
service-policy type inspect IN-TO-OUT-POLICY
end
copy run start

This dump is valid. I had passed with 857/1000 point. This exam have 8-9 new questions. Some new questions are same Alexis's post.

Derly_Ali, I believe everyone here would appreciate if you could mention those 4 questions with different values.. Cheers mate.

Are there any sites similar to networktut for ccnp tshoot for Security ? Any help sites or downloadable labs for CCNP Security track ?

@derly_ali : Congrats... so do u remember those 4 questons ?
n abt d 8 questions, hav u chckd wid the othr dump [muhha], was der ny question frm tat...
n were those 8 question D&D or MCQ
Plzzz reply, I'll be writing xam within few days....
n abt d labs, was it same as in this dump...
nywy congrats once again 4 passing d xam n thnx in advance....

Very stressed but i pass with a 878 score; 8 different questions and 4 of the dump with another values.

Need a beer..

Certainly the longest certification exam ever taken.Dump is valid for the most part

I don't think neither autocomplete nor the question mark were supported (usually they are not), however thanks to Neil I didn't feel this time the need to use them ;-)

@Alexis:
Thank you for your feedback.
just one other question regarding the exam.
does the autocompete works on the CLI on the simlet in the exam or not?
if the question mark is supported on the CLI of the simlet during the exam?
Thank you!

Hi @Loopback, you are right. According to Cisco all these are possible causes for a port to go err-dissabled

Duplex mismatch
Port channel misconfiguration
BPDU guard violation
UniDirectional Link Detection (UDLD) condition
Late-collision detection
Link-flap detection
Security violation
Port Aggregation Protocol (PAgP) flap
Layer 2 Tunneling Protocol (L2TP) guard
DHCP snooping rate-limit
Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
Address Resolution Protocol (ARP) inspection
Inline power

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml

So it may be the specific wording, maybe of the "inline" thing.

BTW, there was one more question I just remembered, it was to match most of these EAP types to its definitions and/or some particular feature of each
■ EAP-MD5
■ PEAPv0-MSCHAPv2
■ LEAP
■ EAP-TLS
■ EAP-TTLS
■ EAP-FAST

Sorry gents. My memory just goes this far :-)

@Alexis:
regarding this question posted:

Which of the folling causes a port to go into error disabled status?

BPDU guard violation
inline power disabled, devide req pow
speed mismatch
dhcp snooping rate limit
port channel misconf

as far as I see, all of them are the possible reasons for err-disable state, or?

Hi Mr Security, I'd say most of them are in Neil's dump, as for the new ones I have transcribed below some of them as far as I can recall them. There were a couple more about policy based NAT and dhcp snooping.

God bless you all && thanks very much again, Neil

____

Which of the folling causes a port to go into error disabled status?

BPDU guard violation
inline power disabled, devide req pow
speed mismatch
dhcp snooping rate limit
port channel misconf

_____

Which of the following belong to the data plane?

traffic filtering
transport protection
traffic conditioning
protection against attacks
RBAC
routing protocol authentication

_____


Match (not all needed)

1.- when this expires, the net id is no longer valid
2.- this needs to be the same for all mgre tunnels in the network
3.- this is used for NMBA networks
4.- this is used by DMVPN tunnel hubs and spokes to authenticate themselves

A.- tunnel key
B.- nhrp hold time
C.- nhrp nhs
D.- nhrp registration
E.- nhrp net id
F.- nhrp autthentication string
______

who uses PHDF?
Multiple options, one was FPM, which I think was the right one

______

Match 802.1x port states definitions

1.- Forced-Authorized
2.- Forced-Unauthorized
3.- Auto


A.- In this state, 802.1x is disabled on the port. All traffic is allowed as normal without restriction. This is the default port state when 802.1x is not globally enabled.

B.- In this mode, the port begins in the unauthorized state and allows only EAPOL, CDP, and STP traffic. After the supplicant is authenticated, the port transitions to the authorized state and normal traffic is allowed.

C.- In this state, the port ignores all traffic, including any attempts to authenticate.

@Alexis : thnx 4 d information.
n abt the D&D questions, were all of them new or also frm the dumps ?

Hi Mr Security, both sim and lab were the same, however the output of the "shows" in the GDOI thing is rather different than that of Neil's (I think he mentions this anyway). In any case I went with Neil's and I passed. So, like the other Mr. Security wrote "Just study this guide well and practice the sim and lab many many times"

Again, thanks Neil && Good Luck to everybody.

Part 3:

5. When configuring URL filtering with the Trend Micro filtering service. Which of these steps must you take to prepare for configuration?

a. Define blacklists and whitelists
b. Categorize traffic types
c. Synchronize clocks via NTP to ensure accuracy of URL filter updates from the service
d. Install the appropriate root CA certificate on the router

Answer on Chips = D
Answer on Neil = B

6. Which of these correct regarding the functionally of DVTI tunnels?

a. DVTI tunnels are created dynamically from a preconfigured template as tunnels are established to the hub
b. DVTI tunnels appear on the hub as tunnel interfaces
c. The hub router needs a static DVTI tunnel to each spoke router in order to establish remote communications from spoke to spoke
d. Spoke router require a virtual template to clone the configuration on which the DVTI tunnel is established

Answer on Chips = D
Answer on Neil = A

7. When implementing GET VPN, which of these is a characteristic of GDOI IKE?

a. GDOI IKE sessions are established between all peers in the network
b. GDOI IKE uses UDP port 500
c. Security associations do not need to linger between members once a group member has authenticated to the key server and obtained the group policy
d. Each pair of peers has a private set of IPsec security associations that is only shared between the two peers

Answer on Chips = D
Answer on Neil = C

Part 2:

3. Refer to the exhibit. Given the output shown, what can be determined?
%SW_DAI-4-ACL_DENY: 1 Invalid ARPs (Req) on Fa1/1, vlan 200. ([0001.ba21.321c/192.168.1.10/0000.0000.0000/192.168.1.20/12:32:18 UTC Mon Sep 20 2010])

a. An attacker has sent a spoofed DHCP address.
b. An attacker has sent a spoofed ARP response that violates a static mapping.
c. The MAC address has matched a deny rule within the ACL.
d. This is an invalid proxy ARP packet, as indicated by the 0000.0000.0000 MAC address on the destination

Answer on Chips = C. The MAC address has matched a deny rule within the ACL.
Answer on Neil = B. An attacker has sent a spoofed ARP response that violates a static mapping.

4. You have configured Management Plane Protection on an interface on a Cisco router. What is the resulting action on implementing MPP?

a. Inspection of protected management interfaces is automatically configured to ensure that management protocols comply with standards.
b. The router gives preference to the configured management interface. If that interface becomes unavailable, management protocols will be allowed on alternate interfaces.
c. Along with normal user data traffic, management traffic is also allowed only on the protected interface.
d. Only management protocols are allowed on the protected interface.

Answer on Chips = C. Along with normal user data traffic, management traffic is also allowed only on the protected interface.
Answer on Neil = D. Only management protocols are allowed on the protected interface.

Need your feedback on these questions on Neil and Chips Dump:

1. Refer to the exhibit. The INSIDE zone has been configured and assigned to two separate router interfaces. All other zones and interfaces have been properly configured. Given the configuration example shown, what can be determined.

a. Hosts in the INSIDE zone, with addresses in the 10.10.10.0/24 network, can access any host in the 10.10.10.0/24 network using the SSH protocol.
b. If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.
c. This is an illegal configuration. You cannot have the same source and destination zones.
d. This policy configuration is not needed, traffic within the same zone is allowed to pass by default.

Answer on Chips = C. This is an illegal configuration. You cannot have the same source and destination zones.
Answer on Neil = B. If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.

2. When using Cisco Easy VPN, what are the three options for entering an XAUTH username and password for establishing a VPN connection from the Cisco Easy VPN remote router? (Choose three.)

a. using an external AAA server
b. entering the information via the router crypto ipsec client ezvpn connect CLI command in privileged EXEC mode
c. using the router local user database
d. entering the information from the PC via a browser
e. storing the XAUTH credentials in the router configuration file

Answer on Chips = B,C,E
Answer on Neil = B,D,E

@Alexis : Was the lab and simlet same as in the dump ?
Plz tell me bcoz i'll be taking xam nxt week.
Is this dump still valid ?

Hi all, just passed with 840, thanks Neil and eveybody here for your great input.

BTW, bought Pass4Sure and flunked first attempt with 750, as of today Pass4sure and Actualtest have the same 122qs, plus quite a few wrong answers and none of the new questions mentioned here.. Rely on Neil's.

Just passed teh 642-637 with score 847.Dump is still valid, a few new D&D questions.Study 802.1x, DHCP snooping, Control Plane.I missed probably 4 D&D questions.Also on the simlet, do not memorize the question order from the dump, they're switched around on the exam.Study the dump and guide, and passing will be a breeze

Passed, now for the last one. neil's dumps is still valid. Had a few new questions. Good luck to all. Definitely the most difficult one of all ! Study hard.

I am going to write 642-637 today !

Thanks to all.

Passed the exam today with 880, neil's 122qs dump is still valid with 7-8 new questions.As discussed all the new questions is from

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.How will interface changes to error-disable

If you cover these 6 topics along with 122qs dump you can surely get more than 950 in this exam.

Thanks Mr.Security :-)

Just study this guide well and practice the sim and lab many many times. You'll still passed if you miss all new drag/drops questions. Honestly I believes I missed all of them. HAHAHAHA.

@Mr Security,

Any suggestions for the exam,i am going to attend the exam on Monday (9th July).

I passed last week with a 8XX. Don't think I got any of the new drag/drop questions right but still passed with 8XX. This guide is still valid.

There is a question somewhere in the dump that asks what transport GET VPN peers use to exchange keys.The answer given in the dump is:
a)Unicast UDP transmission
b)Multicast UDP transmission

However, when reading through the e-book, i came across the following:

Unicast Versus Multicast Rekeying Methods

Unicast
-Might require adjustment of router buffers and queues
if there are a large number of peers
-Use if infrastructure is only unicast capable
*Requires rekey acknowledgment

Multicast
-Must have multicast-capable infrastructure
-Requires rekey acknowledgment Retransmits the key several times
without acknowledgments
-Fastest and most scalable method

The fact that Unicast key transmission requires acknowledgement means that TCP must be the preferred protocol used for Unicast transmission of keys.Somebody correct me if i am wrong

Please help me to answer the question.

1.You are troubleshooting an IPsec VPN problem. During debugging of IPsec operations, you see the message "attributes not acceptable" on the IKE responder after issuing the debug crypto isakmp command. Which step should you take next?
A. verify matching ISAKMP policies on each peer
B. verify that an IKE security association has been established between peers
C. verify that IPsec transform sets match on each peer
D. verify if default IPsec attributes are in place on each peer

2. virtual-access1 unassigned yes unset down down
virtual-access2 192.168.1.1 yes unset up up

When you are using dynamic IPsec VTI tunnels, what can you determine about virtual-access interfaces from the output shown?
A.The Virtual-Access1 interface currently does not have an IPsec peer connection established.
B.The Virtual-Access2 interface does not yet have an IPsec peer defined.
C.The Virtual-Access1 interface is in the down/down state, because the virtual tunnel source physical interface is down.
D.The Virtual-Access1 interface, which is used internally by the Cisco IOS software, is always down.

Thanks shahrian.

I'm planning to take the exam by 7th July, If you guys have any updated dumps,Please share it or mail me @ Zeusrandeep@gmail.com

@Ahmed
there is no way around studying, if you study hard you should have a change..

1. skim the book (only read pages you dont understand by skimming)

2. watch the CBT nuggets and replicate the labs to get the commands in your head

3. take some practise tests like this one, and mere than once

HI all,

I have to take the exam at the end of this month but i didn't start studying yet, i have the Cisco press but it is very big and my time is limited because of work.
can any one advice what to do?
thanks

@ Randeep
checking the correct timing is being used is the most accurate, when dealing with CA on cisco routers you should use NTP or hardware clock
if the IOS can't find any NTP the server will not start then you should use hardware clock instead ie: Router# clock set hh:mm:ss day month year
& if you already correctly configured Ca server it should be enabled automatically.

I have passed the exam 4 days ago but there about 15 new quetions and they are all in the drag and drop

Please help me to answer the question

You have configured a Cisco router to act a PKI certificate server. However,you are experiencing problems starting the server. You have verified that al CA parameters have been correctly configured. What is the next step you should take in troubleshooting this problem?
A. Disable and restart the router's HTTP server function
B. Verify the RSA key pair and generate new keys
C. Verify that correct time is being used and source are reachable
D. Enable the SCEP interface

Please let me know the correct answer of this question.

1.Refer to the exhibit. The INSIDE zone has been configured and assigned to two separate router interfaces. All other zones and interfaces have been properly configured. Given the configuration example shown, what can be determined.

A.
Hosts in the INSIDE zone, with addresses in the 10.10.10.0/24 network, can access any host in the 10.10.10.0/24 network using the SSH protocol.

B.
If a host in the INSIDE zone attempts to communicate via SSH with another host on a different interface within the INSIDE zone, communications must pass through the router self zone using the INTRAZONE policy.

C.
This is an illegal configuration. You cannot have the same source and destination zones.

D.
This policy configuration is notneeded, traffic within the same zone is allowed to pass by default.

This is vaild. I pass my exam yesterday and 13 or 15 new question .......... thx

Hi Guys, Can any one remember new questions?? Planing to take exam.

Can anyone elaborate what is DHCP snooping design plan ?

Just passed , I got totally about 10/12 new questions and drag and drop , some questions were changed a bit , I remember that D&D about dmvpn and nhrp was ..confused , anyway I scored over 950 .
Thanks to all
cheers
bfreeze

I Passed with 898 , i got around 10 new questions as everybody said.
and they are the same
1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable
thanks for your contributions

i'm going for the exam in an hour and i'll tell you once i finish :S

Can someone tell me how many sims are on the exam?? I'm scheduled to take it next month.Thanks

To Mr.Security

I think that most important chapters (for new questions) which you need to read from book are:
- Control plane and data plane functionality for switch and router
- Eap types and their working
- 802.1X port status and design strategy
- DHCP snooping design plan

I've got 857 points and I wasn't sure that I've got correct answers for 5 new questions (mostly drag&drop). Minimum for passing is 776.

I hope It will help you.

To Shoneo,

What did you scored and what chapters did you focus reading on? I thinking about taking this in a few weeks. Thanks!

Yesterday I have passed the exam. This dump is still valid with 7-8 new questions.
##################
@Badorka directed at right target about new questions:

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable

Drag and drop with 802.1x, nhrp and dhcp snooping and how working types of eap. We must attention and read exactly a question.
##################

Tnx to @Mr.Security for answer.

There are about 10 new questions(most of them d&d), dhcp starvation, dhcp snooping, a few about eap and dot1x but with this dump you will pass anyway. Passed today 06.19.2012

To shoneo:

The answer to this question is easy. If you read the question carefully, it stated "You have verified that all CA parameters have been correctly configured".

For CA to work you have to enable SCEP interface and since the configurations have been confirmed correct, you don't need to enable SCEP interface again. Make sense?

Second the question asked for troubleshooting steps so the best answer is:

Verify that correct time is being used and source are reachable.

Daemain guide is correct for this question. I hope this helps.

Thanks Guys,
today i have passed the exam. this dump is valid

can you please know. if it possible to write exam with out lab

I passed my exam today (11.06.2012). We must studying below topic:

1. control plane and data plane functionality for switch and router
2. Eap types and their working
3. 802.1X port status and design strategy (auto, force-authorized, host multi-domain etc.)
4. DHCP snooping design plan
5. NHRP client and server (NHS, NHRP network ID, registration spoke, NBMA etc.)
6.drag and drop - when the interface changes to error-disable

I have a question drag and drop with 802.1x, nhrp and dhcp snooping and how working types of eap. We must attention and read exactly a question.

What is correct answer for this question?

You have configured a Cisco router to act a PKI certificate server. However, you are experiencing problems starting the server. You have verified that all CA parameters have been correctly configured. What is the next step you should take in troubleshooting this problem?

Enable the SCEP interface or Verify that correct time is being used and source are reachable?

Troubleshooting Flow

In the event of problems with the Cisco IOS Software PKI Client not enrolling, follow these steps to troubleshoot the issue:
Step 1. Verify the reachability between the PKI client and the CA server using standard connectivity testing methods. Also, ensure that the SCEP server is functioning by running the debug crypto pki transactions command.
Step 2. Verify that the time on the PKI client is set properly. Incorrect time can cause devices to reject certificates.

Just passed with nearly a 900, still valid. There were about 5 new questions on my exam (some dotx and eap questions).

helloo guys there is any can helps for exam 642-637 lab i'm getting ready to write it at the end of this month. my addresss ageruid@gmail.com

@bfreeze thank you very much for your little advice. I want to encourage you guys to read everything in this dump expecially your lab word for word and configure your lab to work, you will definately pass with a range of 850-870. if your configuration works with the lab.Thanks neil for your dump.

Dears, i got 827 score . and as i told you before the new drag and drop questions was related to Dot1X authentications and transmitting protocols PEAP and EAP.

can anybody upload that 8 to 10 new question please i am going to set in exam end of this month

All questions the same as in the dump but 8-10 new drag and drop questions. I passed today, so the dump is still valid.

@Ayman
Can you pls give some details about the new Drag and Drop questions

Hi Guys,
is there any update on this document since many of you mentioned that there are new questions. I planned to take exam this week but probably will cancel it for now.
10 new questions are too many, I think. Please update it if possible.
Thank's in advance,

Hi Ayman , could u please tell me what is the score that u get .

Dears, i passed today, the dump is mostly valid but there is about 8 new drag and drop questions related to DOT1X authentication and DTVPN.

Hi zoro, thank you very much for the CTB Nugget works great! Awesome! :-)

sorry , I misunderstood :( (:
but if you typed
R1>en
R1#conf t
R1(config)#zone security inside
seems you did alright ...

@bfreeze that is what i got from the examination center. I have failed twice because the console is not working for me

@nico
seems ur IOS doesn't support ZBPF..what are u using ?

Can somebody explain to me how to configure the lab. I open the console and it gave R1> then i try to write R1>Router(config)# zone security INSIDE, but it is saying unknown command. Can somebody who have passed it explain it to me so that when i go back to write, i will be able to pass

Zoro can you help me too with cbt nuggets? dis is my last paper for ccnp sec. mknmkn08@gmail.com..thanks man

copy & past the link. The like willl expire on 16 june. Hope it help

got it from torrent but the link is not working any more. I use https://www.wetransfer.com/ to transfer large files. Try this
https://www.wetransfer.com/dl/o1I0yDon/95930dbab10d2b908a0df9b1b91ae7bbe5a82946e3dd49f506f16fa87ec66849f3c8fe8d3b35ca0

@zoro can you share links to CBT nuggets that we can use for CCNP Security? (SECURE, FIREWALL, etc), or since firewall and vpn have changed there are no cbt available??..thanks!

ur mail please, I will send you the SECURE nugget

Hi, was just looking for a CBT nuggets for SECURE - anyone has a link?

Cheers,

dear all, is there anyone can update and share the new D&D questions??thx

Hi,
I passed my exam yesterday , a few new questions but the dump from neil is still valid. questions I can remember are DHCP snooping implementation, there was a drag and drop on EAP types, another one for reasons for error disable.

Pass today with 817. A lot of new drag & drop from 802.1X and all answers order are mixed up. so you need to learn correct answers very well.

i have just attempted and failed 685, most of the questions from there. but i didn't prepare my self enough.. i think it is all my mistake..

is this dump still valid or not plz?

Luckily I passed in KL this afternoon, with a minimum points ~800 (776 is passing score).
No new single choise/multi choice questions. But the position is change. Some questions they change the answer to another way.
Lab and Sim: same.
Beside about 6 new drag drop question about dot1x.
ExamB question 1, 3, 5, 6, 9, 10 appear in my exam.
You have to understand which traffic is belongs to "Data plan" or "Control Plan". 2 new question about this. Of course the scenario changed.
You have to know what is true positives, true negative, .. 1 new question about this. Offcourse the scenario changed.
Totally I got about 15 drag-drop questions.
Read about the dot1x carefully.
Hope this help.

Not finish reading book but must give the exam today. Poor me !!! So stress.. I will report later for you, guy.

Exam passed.
5 new drag & drop on 802.1x.
!!!

Guys, thanks for all your input with the questions.I am wondering, does anyone have the simulations/testlets that are contained in the exam.I am yet to see any of these

hey bob, your score proves this is not vaild. since I remember all question and anwser before testing, I always got score over 950 on other exam. but, I can find a lot of new question when I got this. I'm still find new dump.

Hi Guys, passed with 856, Dump still valid, most of the questions came from this. around 8 to 10 new questions. robin u might need bit of study.

This is not vaild. I got 726 and failed . most of anser changed. and new question about DHCP snooping

how can I get newest DUMP?!

There are 122 questions all together.
On-click the radio-button for Take122 question from the entire file

You are the man neil

Hi Juice3,
Wish you pass the exam.
How about it? Any changes, please let me know. I also schdule to take this exam next week.

thanks neil

About to go take it right now. I'll report back.

thanks :)
i loveeee u neil