100% Pass With A High Score Cisco 642-825 Certification,Easily To Pass Cisco 642-825 Certification Material Provider Online Shop

Attention Please:Professional new version Cisco 642-825 PDF and VCE dumps can now free download on Flydumps.com, all are updated timely by our experts covering all Cisco 642-825 new questions and questions.100 percent pass your exam.

Exam A
QUESTION 1
When configuring the Cisco VPN Client with transparent tunneling, what is true about the IPSec over TCP option?
A. The port number is negotiated automatically.
B. Clients will have access to the secured tunnel and local resources.
C. The port number must match the configuration on the secure gateway.
D. Packets are encapsulated using Protocol 50 (Encapsulating Security Payload, or ESP).
Correct Answer: C Section: (none) Explanation
QUESTION 2
Refer to the exhibit.

MPLS must be enabled on all routers in the MPLS domain that consists of Cisco routers and equipment of other vendors. What MPLS distribution protocol(s) should be used on router R2 Fast Ethernet interface Fa0/0 so that the Label Information Base (LIB) table is populated across the MPLS domain?
A. Only LDP should be enabled on Fa0/0 interface.
B. Only TDP should be enabled on Fa0/0 interface.
C. Both distribution protocols LDP and TDP should be enabled on the Fa0/0 interface.
D. MPLS cannot be enabled in a domain consisting of Cisco and non-Cisco devices.
Correct Answer: C Section: (none) Explanation
QUESTION 3
Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the- middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the- middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Correct Answer: AE Section: (none) Explanation
QUESTION 4
Which two statements about worms, viruses, or Trojan horses are true? (Choose two.)
A. A Trojan horse has three components: an enabling vulnerability, a propagation mechanism, and a payload.
B. A Trojan horse virus propagates itself by infecting other programs on the same computer.
C. A virus cannot spread to a new computer without human assistance.
D. A virus has three components: an enabling vulnerability, a propagation mechanism, and a payload.
E. A worm can spread itself automatically from one computer to the next over an unprotected network.
F. A worm is a program that appears desirable but actually contains something harmful.
Correct Answer: CE Section: (none) Explanation
QUESTION 5
Which two statements about management protocols are true? (Choose two.)
A. Syslog version 2 or above should be used because it provides encryption of the syslog messages.
B. NTP version 3 or above should be used because these versions support a cryptographic authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for management packets.
D. SSH, SSL and Telnet are recommended protocols to remotely manage infrastructure devices.
E. TFTP authentication (username and password) is sent in an encrypted format, and no additional encryption is required.
Correct Answer: BC Section: (none) Explanation
QUESTION 6
Which two statements about the Cisco Autosecure feature are true? (Choose two.)
A. All passwords entered during the Autosecure configuration must be a minimum of 8 characters in length.
B. Cisco 123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.

Correct Answer: CE Section: (none) Explanation
QUESTION 7
Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-iniated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced overhead?
A. 3DES
B. multipoint GRE
C. tunnel
D. transport
Correct Answer: D Section: (none) Explanation
QUESTION 9
Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Correct Answer: BD Section: (none) Explanation

QUESTION 10
Refer to the exhibit.

Which two statements about the AAA configuration are true? (Choose two.)
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available. then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.
Correct Answer: DF Section: (none) Explanation
QUESTION 11
Which two statements are correct about mitigating attacks by the use of access control lists (ACLs)? (Choose two.)
A. Extended ACLs on routers should always be placed as close to the destination as possible.
B. Each ACL that is created ends with an implicit permit all statement.
C. Ensure that earlier statements in the ACL do not negate any statements that are found later in the list.
D. Denied packets should be logged by an ACL that traps informational (level 6) messages.
E. IP packets that contain the source address of any internal hosts or networks inbound to a private network should be permitted.
F. More specific ACL statements should be placed earlier in the ACL.
Correct Answer: DF Section: (none) Explanation
QUESTION 12
Refer to the exhibit.

What is needed to complete the PPPoA configuration?
A. A static route to the ISP needs to be configured.
B. The VPDN group needs to be created.
C. The ATM PVC needs to be configured.
D. PPP0E encapsulation needs to be configured on the ATM interface.
E. PAP authentication needs to be configured.

Correct Answer: C Section: (none) Explanation
QUESTION 13
Which three configuration steps must be taken to connect a DSL ATM interface to a service provider? (Choose three.)
A. Enable VPDN.
B. Configure PPP0E on the VPDN group.
C. Configure the ATM PVC.
D. Assign a VPDN group name.
E. Configure a dialer interface.
F. Configure the correct PPP encapsulation on the ATM virtual circuit.
Correct Answer: CEF Section: (none) Explanation
QUESTION 14
When configuring the Cisco software VPN client on a PC, which values need to be entered to complete the setup when pre-shared key authentication is used?
A. IP address of server, groupname, and password
B. IP address of server, groupname and password, and default gateway
C. IP address of server, groupname and password, default gateway, and DNS servers
D. IP address of server, groupname and password, default gateway, DNS servers, and local IP address
Correct Answer: A Section: (none) Explanation
QUESTION 15
What is one benefit of AutoSecure?
A. By default, all passwords are encrypted with level 7 encryption.
B. By default, a password is enabled on all ports.
C. Command line questions are created that automate the configuration of security features.
D. A multiuser logon screen is created with different privileges assigned to each member.
Correct Answer: C Section: (none) Explanation
QUESTION 16
Which two steps must be taken for SSH to be implemented on a router? (Choose two.)
A. Ensure that the Cisco lOS Firewall feature set is installed on the devices.
B. Ensure that the target routers are configured for MA either locally or through a database
C. Ensure that each router is using the correct domain name for the network
D. Ensure that an ACL is configured on the VTY lines to block Telnet access
Correct Answer: BC Section: (none) Explanation
QUESTION 17
What is meant by the attack classification of “false positive” on a Cisco IPS device?
A. A signature is fired for nonmalicious traffic, benign activity.
B. A signature is not fired when offending traffic is detected.
C. A signature is correctly fired when offending traffic is detected and an alarm is generated.
D. A signature is not fired when non-offending traffic is captured and analyzed.
Correct Answer: A Section: (none) Explanation QUESTION 18
Which statement is true about signature-based intrusion detection?
A. It performs analysis that is based on a predefined network security policy.
B. It performs analysis that is based on known intrusive activities by matching predefined patterns in network traffic.
C. It performs analysis that is based on anomalies in packets or packet sequences. It also verifies anomalies in traffic behavior.
D. It performs analysis by intercepting the procedural calls to the operating system kernel.
Correct Answer: B Section: (none) Explanation
QUESTION 19
What are three objectives that the no ip inspect command achieves? (Choose three.)
A. removes the entire CBAC configuration
B. removes all associated static ACLs
C. turns off the automatic audit feature in SDM
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E. resets all global timeouts and thresholds to the defaults
F. deletes all existing sessions
Correct Answer: AEF Section: (none) Explanation
QUESTION 20
When packets in a session match a signature, what are three actions that the Cisco lOS Firewall IPS can take? (Choose three.)
A. notify a centralized management interface of a false positive
B. remove the virus or worm from the packets
C. use the signature micro-engine to prevent a CAM Table Overflow Attack
D. reset the connection
E. drop the packets
F. send an alarm to a syslog server
Correct Answer: DEF Section: (none) Explanation

The Cisco 642-825 training is a vital way of becoming the best.This Cisco 642-825 certification has helped the candidates to enhance their capabilities by providing a great learning platform to them so that they can polish their skills.