Actual Test 642-637

Cisco 642-637

642-637 Securing Networks with Cisco Routers and

Switches (SECURE) v1.0

Practice TestVersion 3.0

Actu

alTe

sts.

com

QUESTION NO: 1

QUESTION NO: 2

Refer to the exhibit. Given the partial output of the debug command, what can be determined?

A. There is no ID payload in the packet, as indicated by the message ID = 0.

B. The peer has not matched any offered profiles.

C. This is an IKE quick mode negotiation.

D. This is normal output of a successful Phase 1 IKE exchange.

Answer: B

QUESTION NO: 3 DRAG DROP

Answer:

Cisco 642-637: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com 2

Actu

alTe

sts.

com

Explanation:

Existing lists of LAN switches

Existing user credentials

Existing addressing scheme

Existing transport protocols used in the environment.

QUESTION NO: 4



Actu

alTe

sts.

com

Refer to the exhibit. Which two Cisco IOS WebVPN features are enabled with the partial

configuration shown? (Choose two.)

A. The end-user CiscoAnyConnect VPN software will remain installed on the end system.

B. If the CiscoAnyConnect VPN software fails to install on the end-user PC, the end user cannot

use other modes.

C. Client based full tunnel access has been enabled.

D. Traffic destined to the 10.0.0.0/8 network will not be tunneled and will be allowed access via a

split tunnel.

E. Clients will be assigned IP addresses in the 10.10.0.0/16 range.

Answer: A,C

QUESTION NO: 5

Which two of these are benefits of implementing a zone-based policy firewall in transparent mode?

(Choose two.)

A. Less firewall management is needed.

B. It can be easily introduced into an existing network.

C. IP readdressing is unnecessary.



Actu

alTe

sts.

com

D. It adds the ability tostatefully inspect non-IP traffic.

E. It has less impact on data flows.

Answer: B,C

QUESTION NO: 6

When configuring a zone-based policy firewall, what will be the resulting action if you do not

specify any zone pairs for a possible pair of zones?

A. All sessions will pass through the zone without being inspected.

B. All sessions will be denied between these two zones by default.

C. All sessions will have to pass through the router "self zone" for inspection before being allowed

to pass to the destination zone.

D. This configurationstatelessly allows packets to be delivered to the destination zone.

Answer: B

QUESTION NO: 7

Refer to the exhibit. What can be determined from the output of this show command?

A. The IPsec connection is in an idle state.

B. The IKE association is in the process of being set up.

C. The IKE status is authenticated.

D. The ISAKMP state is waiting for quick mode status to authenticate before IPsec parameters are

passed between peers

E. IKE Quick Mode is in the idle state, indicating a problem with IKE phase 1.

Answer: C




Actu

alTe

sts.

comAnswer:

Explanation:

Delete IPsec security association -> clear crypto sa

Verify cryptographic configurations and show SA lifetimes -> show crypto map

Verify the IPsec protection policy settings -> show crypto ipsec transform-set

Verify current IPsec settings in use by the SAs - show cyrpto ipsec sa

Clear active IKE connections - clear crypto isakmp



Actu

alTe

sts.

com

QUESTION NO: 9

You are running Cisco lOS IPS software on your edge router. A new threat has become an issue.

The Cisco lOS IPS software has a signature that can address the new threat, but you previously

retired the signature. You decide to unretire that signature to regain the desired protection level.

How should you act on your decision?

A. Retired signatures are not present in the routers memory. You will need to download a new

signature package to regain the retired signature.

B. You should re-enable the signature and start inspecting traffic for signs of the new threat.

C. Unretiring a signature will cause the router to recompile the signature database, which can

temporarily affect performance.

D. You cannotunretire a signature. To avoid a disruption in traffic flow, it's best to create a custom

signature until you can download a new signature package and reload the router.

Answer: C

QUESTION NO: 10

Which statement best describes inside policy based NAT?

A. Policy NAT rules are those that determine which addresses need to be translated per the

enterprise security policy

B. Policy NAT consists of policy rules based on outside sources attempting to communicate with

inside endpoints.

C. These rules use source addresses as the decision for translation policies.



Actu

alTe

sts.

com

D. These rules are sensitive to all communicating endpoints.

Answer: A

QUESTION NO: 11

Refer to the exhibit. What can be determined about the IPS category configuration shown?

A. All categories are disabled.

B. All categories are retired.

C. After all other categories weredisabled, a custom category named "os ios" was created

D. Only attacks on the Cisco IOS system result in preventative actions.

Answer: D

QUESTION NO: 12

When Cisco IOS IPS is configured to use SDEE for event notification, how are events managed?

A. They are stored in the router's event store and will allow authenticated remote systems to pull

events from the event store.

B. All events are immediately sent to the remote SDEE server.

C. Events are sent viasyslog over a secure SSUTLS communications channel.

D. When the event store reaches its maximum configured number of event notifications, the stored

events are sent via SDEE to a remote authenticated server and a new event store is created.

Answer: A

QUESTION NO: 13

Which two of these will match a regular expression with the following configuration parameters?

[a-zA-Z][0-9][a-z] (Choose two.)



Actu

alTe

sts.

com

A. Q3h

B. B4Mn

C. aaB132AA

D. c7lm

E. BBpjnrIT

Answer: A,D

QUESTION NO: 14

Which of these is a configurable Cisco IOS feature that triggers notifications if an attack attempts

to exhaust critical router resources and if preventative controls have been bypassed or are not

working correctly?

A. Control Plane Protection

B. Management Plane Protection

C. CPU and memorythresholding

D. SNMPv3

Answer: A

QUESTION NO: 15

Which Cisco IOS IPS feature allows to you remove one or more actions from all active signatures

based on the attacker and/or target address criteria, as well as the event risk rating criteria?

A. signature event action filters

B. signature event action overrides

C. signature attack severity rating

D. signature event risk rating

Answer: A

QUESTION NO: 16

You are troubleshooting reported connectivity issues from remote users who are accessing

corporate headquarters via an IPsec VPN connection. What should be your first step in

troubleshooting these issues?

A. issue a show cryptoisakmp policy command to verify matching policies of the tunnel endpoints

B. ping the tunnel endpoint



Actu

alTe

sts.

com

C. run a traceroute to verify the tunnel path

D. debug the connection process and look for any error messages in tunnel establishment

Answer: B

QUESTION NO: 17

Which of these is correct regarding the configuration of virtual-access interfaces?

A. They cannot be saved to the startup configuration.

B. You must use static routes inside the tunnels.

C. DVTI interfaces should be assigned a unique IP address range.

D. The Virtual-Access 1 interface must be enabled in an up/up state administratively

Answer: A

QUESTION NO: 18

Refer to the exhibit. The INSIDE zone has been configured and assigned to two separate router

interfaces. All other zones and interfaces have been properly configured. Given the configuration

example shown, what can be determined.

A. Hosts in the INSIDE zone, with addresses in the 10.10.10.0/24 network, can access any host in

the 10.10.10.0/24 network using the SSH protocol.

B. If a host in the INSIDE zone attempts to communicate via SSH with another host on a different

interface within the INSIDE zone, communications must pass through the router self zone using

the INTRAZONE policy.

C. This is an illegal configuration. You cannot have the same source and destination zones.

D. This policy configuration is notneeded, traffic within the same zone is allowed to pass by

default.



Actu

alTe

sts.

com

Answer: D

QUESTION NO: 19

Which action does the command private-vlan association 100,200 take?

A. configures VLANs 100 and 200 and associates them as a community

B. associates VLANs 100 and 200 with the primary VLAN

C. creates two private VLANs with the designation of VLAN 100 and VLAN 200

D. assigns VLANs 100 and 200 as an association of private VLANs

Answer: B

QUESTION NO: 20

Which of these allows you to add event actions globally based on the risk rating of each event,

without having to configure each signature individually?

A. event action summarization

B. event action filter

C. event action override

D. signature event action processor

Answer: C

QUESTION NO: 21

When using Cisco Easy VPN, what are the three options for entering an XAUTH username and

password for establishing a VPN connection from the Cisco Easy VPN remote router? (Choose

three.)

A. using an external AAA server

B. entering the information via the router cryptoipsec client ezvpn connect CLI command in

privileged EXEC mode

C. using the router local user database

D. entering the information from the PC via a browser

E. storing the XAUTH credentials in the router configuration file

Answer: B,C,E



Actu

alTe

sts.

com

QUESTION NO: 22

Which of these is true regarding tunnel configuration when deploying a Cisco ISR as a DMVPN

hub router?

A. Only one tunnel can be created per tunnel source interface.

B. Only one tunnel can be created and should be associated with a loopback interface for dynamic

redundancy

C. The GRE tunnel key is used to encrypt the traffic going through the tunnel through the hub.

D. You can run multiple parallel DMVPNs on the hub router, but each tunnel requires a unique

tunnel key.

Answer: D

QUESTION NO: 23

Given the Cisco IOS command crypto key generate rsa label MY_KEYS modulus 2048, which

additional command keyword should be added if you would like to use these keys on another

router or have the ability to back them up to another device?

A. redundancy

B. exportable

C. on:USB smart-token

D. usage-keys

Answer: B

QUESTION NO: 24

Which two types of deployments can be implemented for a zone-based policy firewall? (Choose

two.)

A. routed mode

B. interzone mode

C. fail open mode

D. transparent mode

E. inspection mode

Answer: A,E




Actu

alTe

sts.

com

Answer:

Explanation:

Dropping application layer protocol units that do not confirm to the protocol standard.

An application-aware method of filtering that works on OSI layers 3 and 4.

Filtering inside the protocol and its related content

QUESTION NO: 26

What is the result of configuring the command dotlx system-auth-control on a Cisco Catalyst

switch?

A. enables the switch to operate as the 802.1X supplicant

B. globally enables 802.1X on the switch

C. globally enables 802.1X and defines ports as 802.1X-capable

D. places the configuration sub-mode intodotix-auth mode, in which you can identify the

authentication server parameters



Actu

alTe

sts.

com

Answer: B

QUESTION NO: 27

Which information is displayed when you enter the Cisco IOS command show epm session?

A. Enforcement Policy Module sessions

B. External Proxy Mappings, per authenticated sessions

C. Encrypted Policy Management sessions

D. Enhanced Protected Mode sessions

Answer: A

QUESTION NO: 28

Refer to the exhibit. Based on the partial configuration shown, which additional configuration

parameter is needed under the GET VPN group member GDOI configuration?

A. key server IP address

B. local priority

C. mapping of theIPsec profile to the IPsec SA

D. mapping of theIPsec transform set to the GDOI group

Answer: A

QUESTION NO: 29



Actu

alTe

sts.

com

Refer to the exhibit. Given the partial configuration shown, which two statements are correct?

(Choose two.)

A. The tunnel will use the routing protocol configured forGigabitEthemet 1/1 for all tunnel

communication with the peer.

B. The IP route statement to reach the remote network behind the DMVPN peer is incorrect, it

should be ip route 192.168.2.0 255.255.255.0 tunnel 0.

C. This is an example of a static point-to-point VTI tunnel.

D. The tunnel will useesp-sha-hmac encryption in ESP tunnel mode.

E. The tunnel will use 128-bit AES encryption in ESP tunnel mode.

Answer: C,E

QUESTION NO: 30

You are troubleshooting a Cisco Easy VPN installation that is experiencing session establishment

problems. You have verified that matching IKE and IPsec polices exist on both peers. The remote

client has also successfully entered authentication credentials. What is the next step to take in

troubleshooting this problem?

A. verify that the router is not denying traffic from the tunnel

B. verify that the router is able to assign an IP address to the client

C. examine routing tables

D. issue a ping from the client to the router to verifyreachability

Answer: B

QUESTION NO: 31

Which of these is a result of using the same routing protocol process for routing outside and inside

the VPN tunnel?

A. This will provide for routing-protocol-based failover redundancy.



Actu

alTe

sts.

com

B. Spoke routers will able to dynamically learn routes to peer networks.

C. This will allow VPN-encapsulated packets to be routed out the correct physical interface used to

reach the remote peer

D. The tunnel will constantly flap.

Answer: B


Answer:

Explanation:

VLAN Assignment

Time-based access

Endpoint posture assessment

QUESTION NO: 33

Refer to the exhibit. What can be determined from the output of this show command?



Actu

alTe

sts.

com

A. The switch port interface is enabled and operating as a community port.

B. The interface is acting as an isolated switch port operating in VLAN 1.

C. The interface is configured for Private VLAN Edge.

D. The switch port interface is not a trusted port.

Answer: D

QUESTION NO: 34

You are troubleshooting a problem related to IPsec connectivity issues. You see that there is no

ISAKMP security association established between peers. You debug the connection process and

see an error message of 1d00h: ISAKMP (0:1): atts are not acceptable. Next payload is 0. What

does this message indicate?

A. This indicates a policy mismatch.

B. This indicates that the offered attributes did not contain a payload.

C. IKE has failed initial attempts and will resend policy offerings to the peer router.

D. The time stamp of the message shows that it is one day old. This could indicate a possible

mismatch of system clocks and invalidate the connection attempt.

Answer: A

QUESTION NO: 35

Refer to the exhibit. Given the output shown, what can be determined?



Actu

alTe

sts.

com

A. An attacker has sent a spoofed DHCP address.

B. An attacker has sent a spoofed ARP response that violates a static mapping.

C. The MAC address has matched a deny rule within the ACL.

D. This is an invalid proxy ARP packet, as indicated by the 0000.0000.0000 MAC address on the

destination

Answer: C

QUESTION NO: 36

Which command will enable a SCEP interface when you are configuring a Cisco router to be a

certificate server?

A. seep enable (under interface configuration mode)

B. cryptopki seep enable

C. grant auto

D. ip http server

Answer: D

QUESTION NO: 37

When 802.1X is implemented, how do the client (supplicant) and authenticator communicate?

A. RADIUS

B. TACACS+

C. MAB

D. EAPOL

Answer: D

QUESTION NO: 38

Refer to the exhibit. Assuming that all other supporting configurations are correct, what can be

determined from the partial IP admission configuration shown?



Actu

alTe

sts.

com

A. The router will forward authentication requests toa AAA server for authentication and

authorization.

B. The local user password is thl3F4ftvA.

C. The router will intercept incoming HTTP sessions on interface G0/0 for authentication.

D. The SUPERUSER's privilege level is being restricted.

E. The attribute type supplicant-group "SUPERUSER" configuration can be used to match criteria

in the "inspect" class-map type using the match access-group option.

Answer: C

QUESTION NO: 39

Which of these is an implementation guideline when deploying the IP Source Guard feature in an

environment with multiple switches?

A. Do not configure IP Source Guard oninterswitch links.

B. Configure PACLs for DHCP-addressed end devices.

C. IP Source Guard must be configured in the trunksubconfiguration mode to work on interswitch

links.

D. Configure static IP Source Guard mapping for all access ports.

Answer: A




Actu

alTe

sts.

com

Answer:

Explanation:

Dynamic Inside NAT

Dynamic Inside PAT

Static Inside NAT

Static Inside PAT

QUESTION NO: 41

What does the command errdisable recovery cause arp-inspection interval 300 provide for?

A. It will disable a port when the ARP rate limit of 300 packets per second is received and wait a

configured interval time before placing the port back in normal operation.



Actu

alTe

sts.

com

B. It will inspect for ARP-disabled ports every 300 seconds.

C. It will recover a disabled port and limit ARP traffic to 300 packets per second to avoid potential

ARP attacks from reoccurring.

D. It will recover a disabled port due to an ARP inspection condition in 5 minutes.

Answer: D

QUESTION NO: 42

You have configured Management Plane Protection on an interface on a Cisco router. What is the

resulting action on implementing MPP?

A. Inspection of protected management interfaces is automatically configured to ensure that

management protocols comply with standards.

B. The router gives preference to the configured management interface. If that interface becomes

unavailable, management protocols will be allowed on alternate interfaces.

C. Along with normal user data traffic, management traffic is also allowed only on the protected

interface.

D. Only management protocols are allowed on the protected interface.

Answer: C


Answer:



Actu

alTe

sts.

com

Explanation:

Use static access ports

Disable DTP

Avoid trunk native VLAN on access ports

QUESTION NO: 44

Refer to the exhibit. What can be determined from the configuration shown?

A. The community SNMP string is SNMP-MGMT-VIEW.

B. All interfaces will be included in the SNMP GETs.

C. This SNMP group will only allow read access to interface MIBs.

D. The SNMP server group is using 128-bit SHA authentication.

Answer: C

QUESTION NO: 45

When enabling the Cisco IOS IPS feature, which step should you perform to prevent rogue

signature updates from being installed on the router?

A. configure authentication and authorization for maintaining signature updates

B. install a known RSA public key that correlates to a private key used by Cisco

C. manually import signature updates from Cisco to a secure server, and then transfer files from

the secure server to the router

D. use the SDEE protocol for all signature updates from a known secure management station

Answer: B

QUESTION NO: 46

A user has requested a connection to an external website. After initiating the connection, a

message appears in the user's browser stating that access to the requested website has been



Actu

alTe

sts.

com

denied by the company usage policy. What is the most likely reason for this message to appear?

A. An antivirus software program has blocked the session request due to potential malicious

content.

B. The network has been configured with a URL filtering service.

C. The network has been configured for 802.1X authentication and the user has failed to

authenticate

D. The user's configured policy access level does not contain proper permissions

Answer: B

QUESTION NO: 47

Refer to the exhibit. Given the partial configuration shown, what can be determined.

A. This is an example of a dynamic policy PAT rule.

B. This is an example of a static policy NAT rule.

C. Addresses in the 10.10.30.0 network will be exempt from translation when destined for the

10.100.100.0 network.

D. The extended access list provides for one-to-one translation mapping of the 10.10.30.0 network

to the 10.100.100.0 network

Answer: A

QUESTION NO: 48

When is it most appropriate to choose IPS functionality based on Cisco IOS software?

A. when traffic rates are low and a complete signature is not required

B. when accelerated, integrated performance is required using hardware ASIC-based IPS

inspections

C. when integrated policy virtualization is required

D. when promiscuous inspection meets security requirements

Answer: A



Actu

alTe

sts.

com

QUESTION NO: 49

When performing NAT, which of these is a limitation you need to account for?

A. exhaustion of port number translations

B. embedded IP addresses

C. security payload identifiers

D. inability to provide mutual connectivity to networks with overlapping address spaces

Answer: B


Answer:

Explanation:

Routing Protocol Filtering

BPDU Guard

VTP Authentication

Routing Protocol Authentication

QUESTION NO: 51



Actu

alTe

sts.

com

You have enabled Cisco IOS IPS on a router in your network. However, you are not seeing

expected events on your monitoring system (such as Cisco IME). On the router, you see events

being captured. What is the next step in troubleshooting the problem?

A. verify thatsyslog is configured to send events to the correct server

B. verify SDEE communications

C. verify event action rules

D. verify that the IPS license is valid

Answer: B

QUESTION NO: 52

Which two of these are features of control plane security on a Cisco ISR? (Choose two.

A. CoPP

B. RBAC

C. AAA

D. CPPr

E. uRPF

F. FPM

Answer: A,D

QUESTION NO: 53

Which two of these are potential results of an attacker performing a DHCP server spoofing attack?

(Choose two.)

A. DHCP snooping

B. DoS

C. confidentiality breach

D. spoofed MAC addresses

E. switch ports being converted to anuntrusted state

Answer: B,C

QUESTION NO: 54

When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned?



Actu

alTe

sts.

com

A. It is calculated from the Event Risk Rating.

B. It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating

C. It is manually set by the administrator.

D. It is set based upon SEAP functions.

Answer: C

QUESTION NO: 55

Which of these should you do before configuring IP Source Guard on a Cisco Catalyst switch?

A. enable NTP for event correlation

B. enable IP routing authentication

C. configure an access list with exempt DHCP-initiated IP address ranges

D. turn DHCP snooping on at least 24 hours in advance

Answer: D

QUESTION NO: 56

What action will the parameter-map type ooo global command enable?

A. globally initiates tuning of the router's TCPnormalizer parameters for out-of-order packets

B. globally classifies typeooo packets within the parameter map and subsequent policy map

C. enables a parameter map namedooo

D. configures a global parameter map for traffic destined to the router itself

Answer: A




Actu

alTe

sts.

com

Answer:

Explanation:

Port ACLs

Port Security

VLAN ACLs

Private VLANs

QUESTION NO: 58 HOTSPOT

Answer:



Actu

alTe

sts.

com


Answer:



Actu

alTe

sts.

com


Answer:



Actu

alTe

sts.

com


Answer:



Actu

alTe

sts.

com


Answer:



Actu

alTe

sts.

com

QUESTION NO: 63

Which protocol is EAP encapsulated in for communications between the authenticator and the

authentication server?

A. EAP-MD5

B. IPsec

C. EAPOL

D. RADIUS

Answer: D

QUESTION NO: 64

You are loading a basic IPS signature package onto a Cisco router. After a period of time, you see

this message:

%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 275013 ms. What do you expect

happened during downloading and compilation of the files?

A. The files were successfully copied with an elapse time of 275013 ms.The router will continue

with extraction and compilation of the signature database.

B. The signature engines were compiles, but there is no indication that the actual signatures were

compiled.

C. The compilation failed for some of the signature engines. There are 16 engines, but only 6 were

completed according to the %IPS-6 message



Actu

alTe

sts.

com

D. The files were compiled without error.

Answer: D

QUESTION NO: 65

Refer to the exhibit. Given the configuration shown, which of these statements is correct?

A. An external service is providing URL filtering via a subscription service.

B. All HTTP traffic to websites with the name "Gambling" included in the URL will be reset.

C. A service policy on the zone pair needs to be configured in the opposite direction or all return

HTTP traffic will be blocked by policy



Actu

alTe

sts.

com

D. The URL filter policy has been configured in a fail-closed scenario.

Answer: A


Answer:

Explanation:

Spoke-to-hub GRE and IPSec tunnels are created

NHRP mappings are created.

All spoke traffic is forwarded to the hub.

QUESTION NO: 67

Refer to the exhibit. Which two of these are most likely to have caused the issue with NHRP, given

this output of the show command? (Choose two.)



Actu

alTe

sts.

com

A. There was a network ID mismatch.

B. The spoke router has not yet sent a request via Tunnel0.

C. The spoke router received a malformed NHRP packet.

D. There was an authentication key mismatch.

E. The registration request was expecting a return request ID of 1201, but received an ID of 120.

Answer: A,D


Answer:

Explanation:

Event action filter

Event action override

Target value rating

QUESTION NO: 69



Actu

alTe

sts.

com

You have configured a guest VLAN using 802.1X on a Cisco Catalyst switch. A client incapable of

using 802.1X has accessed the port and has been assigned to the guest VLAN. What happens

when a client capable of using 802.1Xjoins the network on the same port?

A. The client capable of using 802.1X is allowed access and proper security policies are applied to

the client.

B. EAPOL packets will not be allowed on the guest VLAN and the access attempt with fail.

C. The port is put into the unauthorized state in the user-configured access VLAN, and

authentication is restarted.

D. This is considered a security breach by the authentication server and all users on the access

port will be placed into the restricted VLAN.

Answer: C

QUESTION NO: 70

Refer to the exhibit. What can be determined from the information shown?

A. The user has been restricted to privilege level 1.

B. The standard access list should be reconfigured as an extended access list to allow desired

user permissions

C. RBAC has been configured with restricted views.

D. IP access list DMZ_ACL has not yet been configured with proper permissions.

Answer: C

QUESTION NO: 71

Refer to the exhibit. Assuming that all other supporting configurations are correct, what can be

determined from the partial IP admission configuration shown?



Actu

alTe

sts.

com

A. The router will forward authentication requests toa AAA server for authentication and

authorization.

B. The user maint3nanc3 will have complete CLI command access once authenticated.

C. After a period of 20 minutes, the user will again be required to provide authentication

credentials.

D. The authentication proxy will fail, because the router's HTTP server has not been enabled.

E. All traffic entering interface GO/1 will be intercepted for authentication, but only Telnet traffic will

be authorized.

Answer: C

QUESTION NO: 72

What will the authentication event fail retry 0 action authorize vlan 300 command accomplish?

A. assigns clients that fail 802.1X authentication into the restricted VLAN 300

B. assigns clients to VLAN 300 and attempts reauthorization

C. assigns a client to the guest VLAN 300 if it does not receive a response from the client to its

EAPOL request/identity frame

D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain

network access again for 300 seconds

Answer: A



Actu

alTe

sts.

com


Answer:

Explanation:

Application Layer Inspections

Payload Minimization

Protocol Minimization

Protocol Verification



Documents

Actual Test 642-637