Welcome to download the newest Examwind 225-030 Certification dumps: http://www.examwind.com/225-030.html
The service establishes the baseline for ongoing sup-port and security management operations of the new environment. The key Cisco 642-825 exam sample questions benefit of this service is providing the capability for security organizations to internalize and adapt quickly to the FLYDUMPS Cisco 642-825 virtualized and cloud platforms to minimize transition risk. Analysts expect Cisco 642-825 to beat expectations aided by the new Cisco 642-825 Foundation contracts as the company holds a dominating position in this segment. Moreover, increasing adoption of cloud computing technology and expansions in the FLYDUMPS database will boost Cisco 642-825 demand for Cisco 642-825 exam sample questions, which in turn is Cisco 642-825 exam expected to drive top-line growth going forward.
QUESTION 85
What are the four steps that occur with an IPsec VPN setup?
A. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
B. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A. DDoS signatures
B. strong signatures
C. exploit signatures
D. numeric signatures
E. spoofing signatures
F. connection signatures
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. What action should be taken to correct this problem?
A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, change the MTU value to 1500 using the ip mtu 1500 command.
C. On the Ethernet 0/1 interface, add the dialer pool-member 0 command.
D. On the Ethernet 0/1 interface, add the dialer pool-member 1 command.
E. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 0 command.
F. On the Ethernet 0/1 interface, add the pppoe-client dial-pool-number 1 command.
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What are two principles to follow when configuring ACLs with IOS Firewall? (Choose two.)
A. Prevent traffic that will be inspected by IOS Firewall from leaving the network through the firewall.
B. Configure extended ACLs to prevent IOS Firewall return traffic from entering the network through the firewall.
C. Configure an ACL to deny traffic from the protected networks to the unprotected networks.
D. Permit broadcast messages with a source address of 255.255.255.255.
E. Allow traffic that will be inspected by IOS Firewall to leave the network through the firewall.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 90
With MPLS, what is the function of the protocol ID (PID) in a Layer 2 header?
A. It specifies that the bottom-of-stack bit immediately follows.
B. It specifies that the payload starts with a label and is followed by an IP header.
C. It specifies that the receiving router use the top label only.
D. It specifies how many labels immediately follow.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Refer to the exhibit. Which three tasks can be configured using the IPS Policies wizard via the Cisco Security Device Manager(SDM)? (Choose three.)
A. the configuration of an IP address and the enabling of the interface
B. the selection of the encapsulation on the WAN interfaces
C. the selection of the interface to apply the IPS rule
D. the selection of the traffic flow direction that should be inspected by the IPS rules
E. the creation of the signature definition file (SDF) to be used by the router
F. the location of the signature definition file (SDF) to be used by the router
Correct Answer: CDF Section: (none) Explanation Explanation/Reference:
QUESTION 92
Which statement identifies a limitation in the way Cisco IOS Firewall tracks UDP connections versus TCP connections?
A. It cannot track the source IP.
B. It cannot track the source port.
C. It cannot track the destination IP.
D. It cannot track the destination port.
E. It cannot track sequence numbers and flags.
F. It cannot track multicast or broadcast packets.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 93
What are three options for viewing Security Device Event Exchange (SDEE) messages in Security Device Manager (SDM)? (Choose three.)
A. to view SDEE status messages
B. to view SDEE keepalive messages
C. to view all SDEE messages
D. to view SDEE statistics
E. to view SDEE alerts
F. to view SDEE actions
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Refer to the exhibit. A network administrator wishes to mitigate network threats. Given that purpose, which two statements about the IOS firewall configuration that is revealed by the output are true? (Choose two.)
A. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/0.
B. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/1.
C. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/0.
D. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/1.
E. The configuration excerpt is an example of a CBAC list.
F. The configuration excerpt is an example of a reflexive ACL.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Refer to the exhibit. Which statement is true about the partial MPLS configuration that is shown?
A. The route-target both 100:2 command sets import and export route-targets for vrf2.
B. The route-target both 100:2 command changes a VPNv4 route to a IPv4 route.
C. The route-target import 100:1 command sets import route-targets routes specified by the route map.
D. The route-target import 100:1 command sets import route-targets for vrf2 that override the other route-target configuration.
Correct Answer: A Section: (none) Explanation Explanation/Reference:
QUESTION 96
Which IOS command would display IPS default values that may not be displayed using the show running-config command?
A. show ip ips configuration
B. show ip ips interface
C. show ip ips statistics
D. show ip ips session
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which statement describes the Authentication Proxy feature?
A. All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
B. A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
C. Prior to responding to a proxy ARP, the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
D. The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which two actions will take place when One-Step Lockdown is implemented? (Choose two.)
A. CDP will be enabled.
B. A banner will be set.
C. Logging will be enabled.
D. Security passwords will be required to be a minimum of 8 characters.
E. Telnet settings will be disabled.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit. Which order correctly identifies the steps to provision a cable modem to connect to a headend as defined by the DOCSIS standard?
A. A, D, C, G, E, F, B
B. A, D, E, G, C, F, B
C. C, D, F, G, E, A, B
D. C, D, F, G, A, E, B
E. F, D, C, G, A, E, B
F. F, D, C, G, E, A, B
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. What does the “26” in the first two hop outputs indicate?
A. the outer label used to determine the next hop
B. the IPv4 label for the destination network
C. the IPv4 label for the forwarding router
D. the IPv4 label for the destination router
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 101
What are the two main features of Cisco IOS Firewall? (Choose two.)
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Refer to the exhibit. Which two statements about the Network Time Protocol (NTP) are true? (Choose two.)
A. Router RTA will adjust for eastern daylight savings time.
B. To enable authentication, the ntp authenticate command is required on routers RTA and RTB.
C. To enable NTP, the ntp master command must be configured on routers RTA and RTB.
D. Only NTP time requests are allowed from the host with IP address 10.1.1.1.
E. The preferred time source located at 130.207.244.240 will be used for synchronization regardless of the other time sources.
Correct Answer: AB Section: (none) Explanation Explanation/Reference:
QUESTION 103
Refer to the exhibit. Which two statements are true based on the output of the show crypto isakmp sa command? (Choose two.)
A. All current security associations (SA) are displayed.
B. The settings of the current SAs are displayed.
C. QM_idle indicates an active IPsec SA.
D. QM_idle indicates an inactive IKE SA.
E. QM_idle indicates an active IKE SA.
F. QM_idle indicates an inactive IPsec SA.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which two statements about an IDS are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS can send TCP resets to the source device.
C. The IDS can send TCP resets to the destination device.
D. The IDS listens promiscuously to all traffic on the network.
E. Default operation is for the IDS to discard malicious traffic.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which statement is true about the management protocols?
A. TFTP data is sent encrypted.
B. Syslog data is sent encrypted between the server and device.
C. SNMP v1/v2 can be compromised because the community string information for authentication is sent in clear text.
D. NTP v.3 does not support a cryptographic authentication mechanism between peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 106
Refer to the exhibit. What are the two options that are used to provide High Availability IPsec? (Choose two.)
e
A. RRI
B. IPsec Backup Peerings
C. Dynamic Crypto Map
D. HSRP
E. IPsec Stateful Switchover (SSO)
F. Dual Router Mode (DRM) IPsec
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 107
What are two ways to mitigate IP spoofing attacks? (Choose two.)
A. Disable ICMP echo.
B. Use RFC 3704 filtering (formerly know as RFC 2827).
C. Use encryption.
D. Configure trust levels.
E. Use NBAR.
F. Use MPLS.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference: QUESTION 108
Refer to the exhibit.
On the basis of the presented information, which configuration was completed on the router CPE?
A. CPE(config)# ip nat inside source list 101 interface Dialer0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
B. CPE(config)# ip nat inside source list 101 interface Dialer0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
C. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
D. CPE(config)# ip nat inside source list 101 interface Ethernet 0/0 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
E. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 CPE(config)# access-list 101 permit ip
10.0.0.0 0.255.255.255 any
F. CPE(config)# ip nat inside source list 101 interface Ethernet 0/1 overload CPE(config)# access-list 101 permit ip 10.0.0.0 0.255.255.255 any
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Refer to the exhibit. Which ACL configuration will prevent a DoS TCP SYN attack from a spoofed source into the internal network?
A. R1(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 R1(config)# interface Serial0/0 R1(config-if)# ip access-group 120 in
B. R1(config)# access-list 120 deny ip any host 10.0.0.255 log R1(config)# access-list 120 permit ip any
10.0.0.0 0.0.0.255 log R1(config)# interface Serial0/0
R1(config-if)# ip access-group 120 in
C. R1(config)# access-list 120 deny icmp any any echo log R1(config)# access-list 120 deny icmp any any redirect log R1(config)# access-list 120 permit icmp any
10.0.0.0 0.0.0.255 R1(config)# interface Serial0/0
R1(config-if)# ip access-group 120 in
D. R1(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established R1(config)# access-list 120 deny ip any any log R1(config)# interface FastEthernet0/0 R1(config-if)# ip access-group 120 in
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Refer to the exhibit. Which two statements about the SDF Locations window of the IPS Rule wizard are true? (Choose two.)
A. An HTTP SDF file location can be specified by clicking the Add button.
B. If all specified SDF locations fail to load, the signature file that is named default.sdf will be loaded.
C. The Autosave feature automatically saves the SDF alarms if the router crashes.
D. The Autosave feature is automatically enabled for the default built-in signature file.
E. The name of the built-in signature file is default.sdf.
F. The Use Built-In Signatures (as backup) check box is selected by default.
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Refer to the exhibit. Assume that a signature can identify an IP address as the source of an attack. Which action would automatically create an ACL that denies all traffic from an attacking IP address?
A. alarm
B. drop
C. reset
D. denyFlowInline
E. denyAttackerInline
F. deny-connection-inline
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 112
What technology must be enabled as a prerequisite to running MPLS on a Cisco router?
A. process switching
B. routing-table driven switching
C. cache driven switching
D. CEF switching
E. fast switching
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Refer to the exhibit.
Router RTA is unable to establish an ADSL connection with its provider. What action can be taken to correct this problem?
A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, change the MTU value to 1500 by using the ip mtu 1500 command.
C. On the Dialer0 interface, change the pool number to 0 by using the dialer pool 0 command.
D. On the Dialer0 interface, enter the ip address negotiated command.
E. On the Ethernet 0/1 interface, change the pool number to 0 by using the pppoe-client dial-pool-number 0 command.
F. On the Ethernet 0/1 interface, enter the ip address negotiated command.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Refer to the exhibit. On the basis of the information that is provided, which statement is true?
A. The IOS firewall has allowed an HTTP session between two devices.
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
C. A UDP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
D. Telnet is the only protocol allowed through this IOS firewall configuration.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Refer to the exhibit.
Which network threat would the configuration in the exhibit mitigate?
A. DoS ping attacks
B. DoS TCP SYN attack
C. IP address spoofing attack – inbound
D. IP address spoofing attack – outbound
E. SNMP service filtering attack
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Refer to the exhibit. Router RTA is unable to establish an ADSL connection with its provider. Which action would correct this problem?
e
A. On the Dialer0 interface, add the pppoe enable command.
B. On the Dialer0 interface, add the ip mtu 1496 command.
C. On the ATM0/0 interface, add the dialer pool-member 0 command.
D. On the ATM0/0 interface, add the dialer pool-member 1 command.
E. On the ATM0/0 interface, add the pppoe-client dial-pool-number 0 command.
F. On the ATM0/0 interface, add the pppoe-client dial-pool-number 1 command.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration. Which command needs to be applied to the SOHO77 to complete the configuration?
A. encapsulation aal5snap applied to the PVC.
B. encapsulation aal5ciscoppp applied to the PVC
C. encapsulation aal5ciscoppp applied to the ATM0 interface
D. encapsulation aal5mux ppp dialer applied to the ATM0 interface
E. encapsulation aal5mux ppp dialer applied to the PVC
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two statements are true about signatures in a Cisco IOS IPS? (Choose two.)
A. The action of a signature can be enabled on a per-TCP-session basis.
B. Common signatures are hard-coded into the IOS image.
C. IOS IPS signatures are propagated with the SDEE protocol.
D. IOS IPS signatures are stored in the startup config of the router.
E. Selection of an SDF file should be based on the amount of RAM memory available on the router.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Refer to the exhibit. MPLS has been configured on all routers in the domain. In order for R2 and R3 to forward frames between them with label headers, what additional configuration will be required on devices that are attached to the LAN segment?
A. Decrease the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
B. Increase the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
C. No additional configuration is required. Interface MTU size will be automatically adjusted to accommodate the larger size frames.
D. No additional configuration is required. Frames with larger MTU size will be automatically fragmented and forwarded on all LAN segments.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Refer to the exhibit. What information can be derived from the SDM firewall configuration that is shown?
A. Access-list 100 was configured for the trusted interface, and access-list 101 was configured for the untrusted interface.
B. Access-list 101 was configured for the trusted interface, and access-list 100 was configured for the untrusted interface.
C. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the trusted interface.
D. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the untrusted interface.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
You will pass your Cisco 642-825 exam GUARANTEED using our accurate Cisco 642-825 practice questions and answers PDF&VCE dumps. Flydumps Cisco 642-825 exam dumps will help you not only pass in the first try, but also save your valuable time. Give your career a boost and start earning your Microsoft certification today!
Welcome to download the newest Examwind 225-030 Certification dumps: http://www.examwind.com/225-030.html
Cisco 642-825 Practice Test, Most Reliable Cisco 642-825 Real Demo With Accurate Answers