ATTENTION : Because Cisco 642-825 exam has change recently,Flydumps has updated the Cisco 642-825 exam dumps with all new Cisco 642-825 exam questions and answers, visit flydumps.com to get free Cisco 642-825 PDF and VCE dumps.

Exam A
QUESTION 1
Which statement about xDSL implementations is true?
A. All xDSL standards operate in higher frequencies than the POTS system and therefore can coexist on the same media.
B. All xDSL standards operate in lower frequencies than the POTS system and can therefore coexist on the same media.
C. The ADSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
D. The HDSL standard operates in higher frequencies than the POTS system and can therefore coexist on the same media.
E. Other than providing higher data rates, HDSL is identical to ADSL.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Choose two.)
A. MTU size of the GRE tunnel interface
B. GRE tunnel source interface or IP address, and tunnel destination IP address
C. IPSEC mode (tunnel or transport)
D. GRE tunnel interface IP address
E. crypto ACL number
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 3
When packets in a session match a signature, what are three actions that the Cisco IOS Firewall IPS can take? (Choose three.)
A. notify a centralized management interface of a false positive
B. remove the virus or worm from the packets
C. use the signature micro-engine to prevent a CAM Table Overflow Attack
D. reset the connection
E. drop the packets
F. send an alarm to a syslog server
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Which three statements are true when configuring Cisco IOS Firewall features using the SDM? (Choose three.)
A. A custom application security policy can be configured in the Advanced Firewall Security Configuration dialog box.
B. An optional DMZ interface can be specified in the Advanced Firewall Interface Configuration dialog box.
C. Custom application policies for e-mail, instant messaging, HTTP, and peer-to-peer services can be created using the Intermediate Firewall wizard.
D. Only the outside (untrusted) interface is specified in the Basic Firewall Interface Configuration dialog box.
E. The outside interface that SDM can be launched from is configured in the Configuring Firewall for Remote Access dialog box.
F. The SDM provides a basic, intermediate, and advanced firewall wizard.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
How can application layer attacks be mitigated?
A. Install the latest patches.
B. Implement RFC 2827 filtering.
C. Implement traffic rate limiting.
D. Implement Anti-DoS features.
E. Disable port redirection.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which command sequence is an example of a correctly configured AAA configuration that uses the local database?
A. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication LOCAL_AUTH
B. RTA(config)# username Bob password cisco RTA(config)# aaa new-model RTA(config)# aaa authentication login LOCAL_AUTH local RTA(config)# line con 0 RTA(config-line)# login authentication default
C. RTA(config)# aaa new-model RTA(config)# tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA (config-line)# login authentication default
D. RTA(config)# aaa new-model RTA(config)# tacacs-server host 10.1.1.10 RTA(config)# tacacs-server key cisco123 RTA(config)# aaa authentication login LOCAL_AUTH group tacacs+ RTA(config)# line con 0 RTA (config-line)# login authentication LOCAL_AUTH
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?

A. alarm
B. drop
C. reset
D. denyFlowInline
E. denyAttackerInline
F. deny-connection-inline
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which statement about the aaa authentication enable default group radius enable command is true?”
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AAA authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which three modulation signaling standards are used in broadband cable technology? (Choose three.)
A. S-Video
B. PAL
C. NTSC
D. SECAM
E. FDM
F. FEC

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the exhibit. What is needed to complete the PPPoA configuration?

A. A static route to the ISP needs to be configured.
B. The VPDN group needs to be created.
C. The ATM PVC needs to be configured.
D. PPPoE encapsulation needs to be configured on the ATM interface.
E. PAP authentication needs to be configured.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Refer to the exhibit. What is the result of the ACL configuration that is displayed?

A. Inbound packets to request a TCP session with the 10.10.10.0/24 network are allowed.
B. TCP responses from the outside network for TCP connections that originated on the inside network are allowed.
C. TCP responses from the inside network for TCP connections that originated on the outside network are denied.
D. Any inbound packet with the SYN flag set to be routed is permitted.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What technique can help to counter a reconnaissance attack?
A. Implement a switched infrastructure.
B. Disable accounts after a specific number of unsuccessful logins.
C. Disable port redirection.
D. Configure RFC 2827 filtering.
Correct Answer: A Section: (none) Explanation Explanation/Reference:
QUESTION 13
Refer to the exhibit. MPLS must be enabled on all routers in the MPLS domain that consists of Cisco routers and equipment of other vendors. What MPLS distribution protocol(s) should be used on router R2 FastEthernet interface Fa0/0 so that the Label Information Base (LIB) table is populated across the MPLS domain?

A. Only LDP should be enabled on Fa0/0 interface.
B. Only TDP should be enabled on Fa0/0 interface.
C. Both distribution protocols LDP and TDP should be enabled on the Fa0/0 interface.
D. MPLS cannot be enabled in a domain consisting of Cisco and non-Cisco devices.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL.
F. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Refer to the exhibit. The configuration in the exhibit is found on an Internet service provider (ISP) Multiprotocol Label Switching (MPLS) network. What is its purpose?

A. to prevent man-in-the-middle attacks
B. to use CBAC to shut down Distributed Denial of Service attacks
C. to use IPS to protect against session-replay attacks
D. to prevent customers from running TDP with the ISP routers
E. to prevent customers from running LDP with the ISP routers
F. to prevent other ISPs from running LDP with the ISP routers

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which two statements are true about Cisco IOS Firewall? (Choose two.)
A. It enhances security for TCP applications only.
B. It enhances security for TCP and UDP applications.
C. It enhances security for UDP applications only.
D. It is implemented as a per-application process.
E. It is implemented as a per-destination process.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Refer to the exhibit. Routers RTB and RTC have established LDP neighbor sessions. Troubleshooting discovered that labels are being distributed between the two routers but no label swapping information is in the LFIB. What is the most likely cause of this problem?

A. The IGP is summarizing the address space.
B. IP CEF has not been enabled on both routers RTB and RTC.
C. BGP neighbor sessions have not been configured on both routers.
D. LDP has been enabled on one router and TDP has been enabled on the other.
E. LDP is using the loopback address as the LDP ID and the loopback address is not in the routing table.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which statement is true about signature-based intrusion detection?
A. It performs analysis that is based on a predefined network security policy.
B. It performs analysis that is based on known intrusive activities by matching predefined patterns in network traffic.
C. It performs analysis that is based on anomalies in packets or packet sequences. It also verifies anomalies in traffic behavior.
D. It performs analysis by intercepting the procedural calls to the operating system kernel.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which three statements are correct about a GRE over IPsec VPN tunnel configuration on Cisco IOS routers? (Choose three.)
A. The crypto map must be applied on the physical interface.
B. The crypto map must be applied on the tunnel interface.
C. A dynamic routing protocol can be configured to run over the tunnel interface.
D. A crypto ACL will dictate the GRE traffic to be encrypted between the two IPsec peers.
E. A crypto ACL will dictate the ISAKMP and IPsec traffic to be encrypted between the two IPsec peers.
F. Crypto maps must specify the use of IPsec transport mode.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which statement is true about the SDM IPS Policies wizard?
A. In order to configure the IPS, the wizard requires that customized signature files be created.
B. The IPS Policies wizard only allows the use of default signatures which cannot be modified.
C. The IPS Policies wizard can be used to modify, delete, or disable signatures that have been deployed on the router.
D. When initially enabling the IPS Policies wizard, SDM automatically checks and downloads updates of default signatures available from CCO (cisco.com).
E. The wizard verifies whether the command is correct but does not verify available router resources before the signatures are deployed to the router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

The actual Cisco 642-825 exam questions and answers will sharpen your skills and expand your knowledge to obtain a definite success.save your money and time on your preparation for your Cisco 642-825 certification exam.You will find we are a trustful partner if you choose us as your assistance on your Cisco 642-825 certification exam.Now we add the latest Cisco 642-825 content and to print and share content.