Cisco 642-825 Demo Download, Latest Updated Cisco 642-825 Exam Collection On Our Store

Good News! With Cisco 642-825 exam dumps, you will never worry about your Cisco 642-825 exam, all the questions and answers are updated timely by our experts.Also now  Flydumps.com is offering free Cisco 642-825 exam VCE player and PDF files for free on their website.

QUESTION 1
If you want to mitigate a worm attack ,what are two steps that must be taken ? (Choose two.)
A. Quarantine infected machines.
B. Apply authentication.
C. Limit traffic rate.
D. Inoculate systems by applying update patches.
Correct Answer: AD Section: (none) Explanation
QUESTION 2
Which two statements correctly describe the transmission of signals over a cable network? (Choose two.)
A. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 5 to 42 MHz.
B. Upstream signals travel from the subscriber to the cable operator and use frequencies in the range of 5 to 42 MHz.
C. Upstream signals travel from the subscriber to the cable operator and use frequencies in the range of 50 to 860 MHz.
D. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 50 to 860 MHz.
Correct Answer: BD Section: (none) Explanation
QUESTION 3
Refer to the exhibit. What is one of the objectives that the default startup configuration file created by the SDM will accomplish?

A. blocks both Telnet and SSH
B. encrypts all HTTP traffic to prevent man-in-the-middle attacks
C. prevents the router from ever being used as an HTTP server
D. enables local logging to support the log monitoring function
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 4
Study the exhibit carefully. Which two descriptions are correct about the information that is shown from the Cisco VPN screens? (Choose two.)

A. Selecting Enable Transparent Tunneling on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.
B. Selecting Allow Local LAN Access on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.
C. Selecting IPSec over TCP on the connection entry on the right allows Local LAN Routes to be available on the Route Details on the left screen.
D. The 10.10.32.32 network entry in the Route Details screen represents the IP address of the server end of the encrypted tunnel.
E. The 10.10.32.32 network entry in the Route Details screen represents an IP address that will be accessed without traversing the VPN.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two steps must be taken when mitigating a worm attack? (Choose two.)
A. Quarantine infected machines.
B. Apply authentication.
C. Enable anti-spoof measures
D. Inoculate systems by applying update patches.
Correct Answer: AD Section: (none) Explanation
QUESTION 6
A packet sniffer is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. Which two statements about packet sniffers or packet sniffing are true? (Choose two.)
A. Packet sniffers can only work in a switched Ethernet environment.
B. A packet sniffer requires the use of a network adapter card in nonpromiscuous mode to capture all network packets that are sent across a LAN.
C. To reduce the risk of packet sniffing, strong authentication, such as one time passwords, should be used.
D. To reduce the risk of packet sniffing, cryptographic protocols such as Secure Shell Protocol (SSH) and Secure Sockets Layer (SSL) should be used.
Correct Answer: CD Section: (none) Explanation
QUESTION 7
Which two descriptions about Cisco Easy VPN are correct? (Choose two.)
A. Easy VPN tunnel endpoint addresses can be the virtual IP address of an HSRP configuration.
B. Easy VPN does not support split tunnels.
C. A VPN client can also be configured to operate as an Easy VPN server.
D. An IOS router, a PIX firewall or a VPN client can operate as an Easy VPN terminal point.
E. Easy VPN is only appropriate for smaller deployments.
Correct Answer: AD Section: (none) Explanation
QUESTION 8
Examine the following options. What is a recommended practice for secure configuration management?
A. Use secure Telnet.
B. Use SSH or SSL.
C. Disable port scan.
D. Deny echo replies on all edge routers.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 9
You work as a network technician at pass4sure.com.When you are using the SDM to configure a GRE tunnel over IPsec, which two parameters are required when defining the tunnel interface information? (Choose two.)
A. MTU size of the GRE tunnel interface
B. GRE tunnel source interface or IP address, and tunnel destination IP address
C. IPSEC mode (tunnel or transport)
D. GRE tunnel interface IP address
Correct Answer: BD Section: (none) Explanation
QUESTION 10
You work as a network engineer, Look at the following statements. Which three of these would be classified as access attacks? (Choose three.)
A. ping sweeps
B. port scans
C. trust exploitation
D. port redirection
E. man-in-the-middle attacks
Correct Answer: CDE Section: (none) Explanation
QUESTION 11
Which three techniques would be used for securing management protocols? (Choose three.)
A. Encrypt TFTP and syslog traffic in an IPSec tunnel.
B. Configure SNMP with only read-only community strings.
C. Implement RFC 2827 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D. Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.
Correct Answer: ABC Section: (none) Explanation
QUESTION 12
Which two statements are correct about network attack? (Choose two.)
A. DoS attacks can consist of IP spoofing and DDoS attacks.
B. IP spoofing exploits known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
C. Access attacks can consist of UDP and TCP SYN flooding, ICMP echo-request floods, and ICMP directed broadcasts.
D. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
Correct Answer: AD Section: (none) Explanation
QUESTION 13
After examining the following options, then tell me which two devices are used as the main endpoint components in a DSL data service network? (Choose two.)
A. CO switch
B. ATU-C
C. ATU-R
D. SOHO workstation
Correct Answer: BC Section: (none) Explanation
QUESTION 14
Which description is correct in terms of this exhibit?

A. A PPPoE session is established.
B. A PPPoE session is rejected because of the per-MAC session limit.
C. The MAC address of the remote router is 0001.c9f0.0c1c.
D. The CPE router is configured as a PPPoE client over an Ethernet interface.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
You work as a network technician at pass4sure.com, based on the exhibit below. Which statement

A. The LIST1 list will disable authentication on the console port.
B. The default login authentication will automatically be applied to all login connections.
C. All login requests will be authenticated using the group tacacs+ method.
D. Because no method list is specified, the LIST1 list will not authenticate anyone on the console port.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16
MPLS is a very important technology.What are the four fields in an MPLS label? (Choose four.)
A. protocol
B. bottom-of-stack indicator
C. TTL
D. version
E. experimental
F. label
Correct Answer: BCEF Section: (none) Explanation
QUESTION 17
What three objectives does the no ip inspect command accomplish? (Choose three.)
A. removes the entire CBAC configuration
B. deletes all existing sessions
C. resets all global timeouts and thresholds to the defaults
D. denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
Correct Answer: ABC Section: (none) Explanation
QUESTION 18
Which two descriptions about the Security Device Manager (SDM) Intrusion Prevention System (IPS) Rule wizard are correct? (Choose two.)
A. Changes to the IPS rules can be made using the Configure IPS tab.
B. By default, the Use Built-In Signatures (as backup) checkbox is not selected.
C. Changes to the IPS rules can be made using the Edit Firewall Policy/ACL tab.
D. When using the wizard for the first time, you will be prompted to enable the Security Device Event Exchange (SDEE).
E. Once all interfaces have rules applied to them, you cannot re-initiate the IPS Rule wizard to make changes.
F. Once all interfaces have rules applied to them, you can re-initiate the IPS Rule wizard to make changes.
Correct Answer: DF Section: (none) Explanation
QUESTION 19
Study the exhibit carefully. Which description about Security Device Event Exchange (SDEE) is true?

A. It is an application level communications protocol that is used to exchange IPS messages between IPS clients and servers.
B. It is an OSI level-7 protocol, and it is used to exchange IPS messages between IPS agents.
C. It is a process for ensuring IPS communication between the SDM-enabled devices.
D. It is a suite of protocols for ensuring IPS communication between the SDM-enabled devices.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Cisco IOS Firewall helps ensure your network’s availability and the security of your company’s resources by protecting the network infrastructure against network- and application-layer attacks, viruses, and worms. Which three statements about IOS Firewall configurations are true? (Choose three.)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. For temporary openings to be created dynamically by Cisco IOS Firewall, the IP inspection rule must be applied to the secured interface.
D. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
Correct Answer: ABD Section: (none) Explanation
QUESTION 21
Do you know which size should the MTU on LAN interfaces be set in the implementation of MPLS VPNs with traffic engineering?
A. 1512 bytes
B. 1524 bytes
C. 1516 bytes
D. 1520 bytes
Correct Answer: A Section: (none) Explanation
QUESTION 22
Which two devices are used as the main endpoint components in a DSL data service network? (Choose two.)
A. POTS splitter
B. ATU-C
C. ATU-R
D. SOHO workstation
Correct Answer: BC Section: (none) Explanation
QUESTION 23
Which three descriptions are correct about MPLS? (Choose three.)
A. The two major components of MPLS include the control plane and the data plane.
B. OSPF, EIGRP, IS-IS, RIP, and BGP can be used in the control plane.
C. MPLS is designed for use with frame-based Layer 2 encapsulation protocols such as Frame Relay, but is not supported by ATM because of ATM fixed-length cells.
D. Cisco Express Forwarding (CEF) must be enabled as a prerequisite to running MPLS on a Cisco router.
Correct Answer: ABD Section: (none) Explanation
QUESTION 24
As a network technician ,can you tell me which three protocols are available for local redundancy in a backup VPN scenario? (Choose three.)
A. GLBP
B. RSVP
C. a routing protocol

D. VRRP
E. proxy ARP
F. HSRP
Correct Answer: ADF Section: (none) Explanation
QUESTION 25
Study the exhibit carefully. In the SDM Site-to-Site VPN wizard, what are three requirements that are accessed by the Add button? (Choose three.)

A. IKE lifetime
B. IPsec proposal priority
C. keyed-hash message authentication code
D. IPsec authentication method
E. Diffie-Hellman group
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 26
PPPoE, Point-to-Point Protocol over Ethernet, is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. Which PPPoE configuration statement is correct?
A. The encapsulation ppp command must be applied on the Ethernet interface.
B. When the pppoe enable command is applied on the Ethernet interface, a PVC will be created.
C. A PVC must be created before the pppoe enable command on the Ethernet interface is entered.
D. The ip mtu 1492 command must be applied on the dialer interface.
Correct Answer: D Section: (none) Explanation
QUESTION 27
Which PPPoE configuration description is correct?
A. The dsl operating-mode auto command is required.
B. The encapsulation ppp command must be applied on the Ethernet interface.
C. A PVC must be created before the pppoe enable command on the Ethernet interface is entered.
D. The ip mtu 1492 command must be applied on the dialer interface.
Correct Answer: D Section: (none) Explanation QUESTION 28
You work as a network engineer at pass4sure.com, study the exhibit carefully. When editing the Invalid DHCP Packet signature using security device manager (SDM), which additional severity levels can be chosen? (Choose three.)

A. informational
B. debug
C. low
D. urgent
E. high
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Which two statements about the functions and operations of IDS and IPS systems are true? (Choose two.)
A. An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.
B. Profile-based intrusion detection is also known as “anomaly detection”.
C. A network administrator entering a wrong password would generate a true-negative alarm.
D. A false positive alarm is generated when an IDS/IPS signature is correctly identified.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 30
Study the exhibit carefully. What conclusion can be made from the output of the debug ppp negotiation command?

A. There is an authentication failure.
B. There is no PPP response from the remote router.
C. Link Control Protocol (LCP) is not opened.
D. There are IP Control Protocol (IPCP) failures.
E. PPP has set up a functional connection.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 31
As a network engineer, can you tell me which four outbound ICMP message types would normally be permitted? (Choose four.)
A. time exceeded
B. echo reply
C. echo
D. parameter problem
E. packet too big
F. source quench
Correct Answer: CDEF Section: (none) Explanation QUESTION 32
As a network engineer , do you know at what size should the MTU on LAN interfaces be set in the implementation of MPLS VPNs with traffic engineering?
A. 1512 bytes
B. 1528 bytes
C. 1524 bytes
D. 1520 bytes
Correct Answer: A Section: (none) Explanation
QUESTION 33
Which two options about the transmission of signals over a cable network are correct? (Choose two.)
A. Downstream and upstream signals operate in the same frequency ranges.
B. Upstream signals travel from the subscriber to the cable operator and use frequencies in the range of 5 to 42 MHz.
C. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 5 to 42 MHz.
D. Downstream signals travel from the cable operator to the subscriber and use frequencies in the range of 50 to 860 MHz.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 34
Study the exhibit below carefully. Based on the information in the exhibit, which two statements are true? (Choose two.)

A. The Edit IPS window is currently displaying the Global Settings information.
B. The Edit IPS window is currently displaying the signatures in Details view.
C. Any traffic matching signature 1107 will generate an alarm, reset the connection, and be dropped.
D. Signature 1102 has been triggered because of matching traffic.
E. Signature 1102 has been modified, but the changes have not been applied to the router.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Refer to the exhibit. On the basis of the partial output that is shown in the exhibit, which two statements are

A. The output is the result of the debug ppp negotiation command.
B. The output is the result of the debug pppoe events command.
C. This is the CPE router.
D. The ISP router initiated the connection to the CPE router.
E. The output is the result of the debug ppp authentication command.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Network reconnaissance is a process that is also defined as port scanning. What are three methods of network reconnaissance? (Choose three.)
A. dictionary attack
B. IP spoofing
C. one-time password
D. port scan
E. packet sniffer
F. ping sweep
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference:
QUESTION 37

A. the IPv4 label for the forwarding router
B. the IPv4 label for the destination network
C. the IPv4 label for the destination router
D. the outer label used to determine the next hop
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Part of the Pass4sure WAN is shown below, regarding this exhibit. Which configuration option would

A. Pass4sure-R (config)# interface Fa0/1
Pass4sure-R (config-if)# ip access-group 150 out
B. Pass4sure-R (config)# interface Fa0/0 Pass4sure-R (config-if)# ip access-group 150 out
C. Pass4sure-R (config)# interface Fa0/1 Pass4sure-R (config-if)# ip access-group 150 in
D. Pass4sure-R (config)# interface Fa0/0 Pass4sure-R (config-if)# ip access-group 150 in
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Part of the Pass4sure WAN is shown below, please study the exhibit carefully. Based on the presented information, which statement is correct?

A. ACL 109 is designed to prevent outbound IP address spoofing attacks.
B. ACL 109 is designed to prevent any inbound packets with the ACK flag set from entering the router.
C. ACL 109 is designed to prevent any inbound packets with the SYN flag set from entering the router.
D. ACL 109 is designed to allow packets with the ACK flag set to enter the router.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 40
Which three configurable parameters should be used in order to edit signatures in Security Device Manager (SDM)? (Choose three.)
A. EventAction
B. AlarmKeepalive
C. AlarmSeverity
D. AlarmTraits
Correct Answer: ACD Section: (none) Explanation QUESTION 41
Study the exhibit carefully. In order to prevent a DoS TCP SYN attack from a spoofed source into the

A. P4S-R(config)# access-list 120 deny udp 10.0.0.0 0.0.255.255 host 255.255.255.255 eq 512 P4S-R(config)# interface Serial0/0 P4S-R(config-if)# ip access-group 120 in
B. P4S-R(config)# access-list 120 deny ip any host 10.0.0.255 log P4S-R(config)# access-list 120 permit ip any 10.0.0.0 0.0.0.255 log P4S-R(config)# interface Serial0/0 P4S-R(config-if)# ip access-group 120 in
C. P4S-R(config)# access-list 120 deny icmp any any echo log P4S-R(config)# access-list 120 deny icmp any any redirect log P4S-R(config)# access-list 120 permit icmp any 10.0.0.0 0.0.0.255 P4S-R(config)# interface Serial0/0 P4S-R(config-if)# ip access-group 120 in
D. P4S-R(config)# access-list 120 permit tcp any 172.16.10.0 0.0.0.255 established P4S-R(config)# access-list 120 deny ip any any log P4S-R(config)# interface FastEthernet0/0 P4S-R(config-if)# ip access-group 120 in
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 42
You work as a network engineer at pass4sure.com, refer to the exhibit.

A. MPLS is not enabled on that link, so only the VPN label is needed.
B. MPLS is not enabled on that link, so only the LSP label is needed.
C. The PHP process on that link has removed the VPN label, leaving only the LSP label.
D. That link is directly connected to the customer, so only the VPN label is needed.
E. The PHP process on that link has removed the LSP label, leaving only the VPN label.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 43
When One-Step Lockdown is implemented, which two actions will take place? (Choose two.)
A. CDP will be enabled.
B. Logging will be enabled.
C. A banner will be set.
D. Telnet settings will be disabled.
Correct Answer: BC Section: (none) Explanation
QUESTION 44
On the basis of the exhibit. Routers P4S-A and P4S-B are customer routers. Routers P4S-1, P4S-2, P4S-3, and P4S-4 are provider routers. The routers are operating with various IOS versions. Which description is correct about frame mode MPLS configuration?

A. Before MPLS is enabled, the ip cef command is only required on routers P4S-1 and P4S-4 .
B. After MPLS is enabled, the ip cef command is only required on routers P4S-1 and P4S-4.
C. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers P4S-1 and P4S-4.
D. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers P4S-1 and P4S-4.
E. Before MPLS is enabled, the ip cef command must be applied to all provider routers.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 45
For the following options, based on the exhibit below. What type of high-availability option is being implemented?

A. Hot Standby Router Protocol
B. IPsec dead peer detection
C. IPsec stateful failover
D. backing up a WAN connection with an IPsec VPN
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 46
Which three DSL technologies support an analog POTS channel and use the entire bandwidth of the copper to carry data? (Choose three.)
A. VDSL
B. SDSL
C. IDSL

D. ADSL
E. RADSL
Correct Answer: ADE Section: (none) Explanation
QUESTION 47
Which two options correctly describe a GRE over IPsec VPN tunnel configuration on Cisco IOS routers?
(Choose two.)
A. A crypto ACL will dictate the ISAKMP and IPsec traffic to be encrypted between the two IPsec peers.
B. A crypto ACL will dictate the GRE traffic to be encrypted between the two IPsec peers.
C. The crypto map must be applied on the tunnel interface.
D. A dynamic routing protocol can be configured to run over the tunnel interface.
Correct Answer: BD Section: (none) Explanation
QUESTION 48
You work as a network engineer at pass4sure.com, refer to the exhibit.
The SDM IPS Policies wizard is displaying the Select Interfaces window. Which procedure correctly
A. Apply the IPS rules both in the inbound and outbound direction on all interfaces.
B. Apply the rules in the inbound direction on interfaces where outgoing malicious traffic is likely.
C. Apply the IPS rules in the inbound direction on interfaces where incoming malicious traffic is likely.
D. Apply the IPS rules in the outbound direction on interfaces where outgoing malicious traffic is likely.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 49
Based on the information provided in the exhibit, which description is correct?

A. The IOS firewall has allowed an HTTP session between two devices.
B. A TCP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
C. Telnet is the only protocol allowed through this IOS firewall configuration.
D. A UDP session that started between 192.168.1.116 and 192.168.101.115 caused dynamic ACL entries to be created.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 50
As a network technician ,you must know the important protocol PPPoA. Which statement about PPPoA configuration is true?
A. The dsl operating-mode auto command is required if the default mode has been changed.
B. The ip mtu 1492 command must be applied on the dialer interface.
C. The ip mtu 1496 command must be applied on the Ethernet interface.
D. The encapsulation ppp command is required.
Correct Answer: A Section: (none) Explanation Exam F
QUESTION 1
An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. Which two IDS statements are true? (Choose two.)
A. The IDS is in the traffic path.
B. The IDS listens promiscuously to all traffic on the network.
C. Default operation is for the IDS to discard malicious traffic.
D. The IDS can send TCP resets to the source device.
Correct Answer: BD Section: (none) Explanation
QUESTION 2
Intrusion prevention systems (IPS) were invented in the late 1990s to resolve ambiguities in passive network monitoring by placing detection systems in-line. Which two proactive preventive actions will be taken by an intrusion prevention system (IPS) when malicious traffic is detected? (Choose two.)
A. The IPS enables a dynamic access list.
B. The IPS shuts down intermediary ports.
C. The IPS denies malicious traffic.
D. The IPS invokes SNMP-enabled controls.
E. The IPS sends an alert to the management station.
Correct Answer: CE Section: (none) Explanation
QUESTION 3
NTP is a protocol designed to synchronize the clocks of computers over a network. Which two statements about Network Time Protocol (NTP) are correct? (Choose two.)
A. Whenever possible, configure NTP version 5 because it automatically provides authentication and encryption services.
B. NTP operates on IP networks using User Datagram Protocol (UDP) port 123.
C. NTP is enabled on all interfaces by default, and all interfaces receive NTP packets.
D. A stratum 0 time server is required for NTP operation.
Correct Answer: BC Section: (none) Explanation
QUESTION 4
Which two statements correctly describe the AutoSecure feature? (Choose two.)
A. AutoSecure automatically disables the CDP feature.
B. If you enable AutoSecure, the minimum length of the login and enable passwords is set to 6 characters.
C. The auto secure full command automatically configures the management and forwarding planes without any user interaction.
D. Once AutoSecure has been configured, the user can launch the SDM Web interface to perform a security audit.
Correct Answer: AB Section: (none) Explanation
QUESTION 5
Which three features are of the Cisco IOS Firewall feature set? (Choose three.)
A. AAA services
B. IPS
C. authentication proxy
D. network-based application recognition (NBAR)
E. stateful packet filtering
Correct Answer: BCE Section: (none) Explanation
QUESTION 6
You work as a network technician at pass4sure.com , examine the exhibit.
Based on the partial output shown in the exhibit, which two statements are correct? (Choose two.)
A. The output is the result of the debug pppoe events command.
B. The output is the result of the debug ppp negotiation command.
C. This is the CPE router.
D. The ISP router initiated the connection to the CPE router.
E. The output is the result of the debug ppp authentication command.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which two main features are of Cisco IOS Firewall? (Choose two.)
A. AAA

B. TACACS+
C. Cisco Secure Access Control Server
D. Authentication Proxy
E. Intrusion Prevention System
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 8
On the basis of the exhibit. Which type of security solution will be provided for the inside network?

A. The ACL will prevent router P4S-R from forwarding broadcast traffic to the inside LAN network.
B. The ACL will block all ICMP echo requests coming from an external host.
C. The ACL will filter all packets whose TCP headers have the SYN flag set.
D. The ACL will allow TCP connections into the inside network, but will reset the connections in case of a TCP SYN attack.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 9
Study the exhibit carefully. A Pass4sure network administrator wants to mitigate network threats. For that purpose, which two statements correctly describe the IOS firewall configuration that is revealed by the output ? (Choose two.)

A. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/0.
B. The command ip inspect FIREWALL_ACL out must be applied on interface FastEthernet 0/1.
C. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/0.
D. The command ip access-group FIREWALL_ACL in must be applied on interface FastEthernet 0/1.
E. The configuration excerpt is an example of a CBAC list.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 10
Which two options about the Data-over-Cable Service Interface Specifications are correct? (Choose two.)
A. Euro-DOCSIS requires the European cable channels to conform to PAL-based standards, whereas DOCSIS requires the North American cable channels to conform to the NTSC standard.
B. DOCSIS defines a set of frequency allocation bands that are common to both U.S. and European cable systems
C. DOCSIS is an international standard developed by CableLabs.
D. DOCSIS defines cable operations at Layer 1, Layer 2, and Layer 3 of the OSI model.
Correct Answer: AC Section: (none) Explanation
QUESTION 11
What is an MPLS forwarding equivalence class?
A. a set of source networks forwarded to the same egress router
B. a set of destination networks forwarded to the same egress router
C. a set of destination networks forwarded from the same ingress router
D. a set of source networks forwarded from the same ingress router
Correct Answer: B Section: (none) Explanation
QUESTION 12
The Network Time Protocol (NTP) is widely used to synchronize a computer to Internet time servers or other sources, such as a radio or satellite receiver or telephone modem service. If you want to authenticate the NTP associations with other systems for security purposes, which key type algorithm or algorithms are supported?
A. MD5 only
B. MD7 only
C. plain text and MD5
D. plain text and MD7
Correct Answer: A Section: (none) Explanation
QUESTION 13
You are a network technician at pass4sure.com, study the exhibit carefully. The configured access list is being used in conjunction with an IPsec VPN. Which traffic will be passed through the IPSec VPN?

A. a TFTP file transfer from host 10.1.1.25 to server 10.1.2.1
B. Telnet traffic from host 10.1.1.1 to host 10.1.2.1
C. a ping from host 10.1.1.1 to host 10.1.2.1
D. a routing update from a router on the 10.1.1.0 network to a router on network 10.1.2.1
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two statements accurately describe management protocols ? (Choose two.)
A. SNMP version 3 is recommended since it provides a RADIUS-based authentication mechanism between peers.
B. SNMP version 3 is recommended since it provides authentication and encryption services for management packets.
C. NTP version 3 or later should be used because these versions support the use of a cryptographic authentication mechanism between peers.
D. NTP version 3 or later should be used because these versions support the use of a RADIUS-based authentication mechanism between peers.
Correct Answer: BC Section: (none) Explanation
QUESTION 15
How to propagate overlapping customer prefixes in an MPLS VPN implementation?
A. Separate BGP sessions are established between each customer edge LSR.
B. A separate instance of the core IGP is used for each customer.
C. Because customers have their own interfaces, distributed CEFs keep the forwarding tables separate.
D. A route distinguisher is attached to each customer prefix.
Correct Answer: D Section: (none) Explanation
QUESTION 16
The exhibit below shows a PPPoA DSL diagram and partial configuration.
You want to allow the router to automatically receive its IP address from the service provider’s DSLAM.
Which configuration statement or statements do you need to add to SOHO77, and to which interface or
interfaces?
A. ip address negotiated applied to the ATM0/0 interface
B. ip address negotiated applied to the dialer0 interface
C. ip nat outside applied to the ATM0 interface
D. ip address 0.0.0.0 255.255.255.255 applied to the ATM0/0 interface and ip nat outside applied to the dialer0 interface
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Study the exhibit carefully. On the basis of the configuration, what will happen to the IPSec VPN between the Remote router and the Head-End router with IP address 172.31.1.100 if receiving no dead-peer detection hello messages for 20 seconds?

A. The IPSec VPN will transition to a peering relationship with the Head-End router at 172.31.1.200, with a down-time determined by the time required to tear-down and build the peerings.
B. The IPSec VPN will terminate but will rebuild with the same peer because 3 hello messages have not yet been missed.
C. The IPSec VPN will not be affected.
D. The IPSec VPN will transition with no down-time to a peering relationship with the Head-End router at
172.31.1.200.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Based on the exhibit below. Which one of these options is the ACL used to mitigate in this configuration?

A. ICMP message attacks
B. DOS smurf attacks
C. traceroute message attacks
D. IP address spoofing attacks
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 19
This exhibit is about firewall implementation, inside users should be permitted to browse the Internet. However, users have indicated that all attempts fail. As a result of troubleshooting, you have determined that the issue is related to the firewall implementation.
What corrective action should you take?

A. Add the global command line ip inspect name OUTSIDE www.
B. Add the global command line ip inspect name INSIDE www.
C. Add the ACL command line permit tcp any any eq 80 to INSIDEACL.
D. Change the access group on Fa0/0 from the inbound direction to the outbound direction.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
How to propagate overlapping customer prefixes in an MPLS VPN implementation?
A. Separate BGP sessions are established between each pair of customer edge LSRs.
B. Each customer is given a unique IGP instance.
C. A unique route target is attached to each customer routing update.
D. A route distinguisher is attached to each customer prefix.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Study the exhibit carefully. Which statement best describes this Cisco IOS Firewall configuration?

A. OUTSIDEACL permits outbound HTTP sessions; OUTSIDEACL is applied to the inside interface in the inbound direction.
B. INSIDEACL permits inbound SMTP and HTTP; INSIDEACL is applied to the outside interface in the inbound direction.
C. Outside hosts are allowed to initiate sessions with the SMTP server (200.1.2.1) and HTTP server
(200.1.2.2) located in the enterprise DMZ.
D. The inspection rules include the generic TCP inspection and are applied to outbound connections on the inside interface and to inbound sessions on the outside interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 22
What objective does Cisco SDM using Security Device Event Exchange accomplish?
A. to provide a keepalive mechanism
B. to pull event logs from the router
C. to extract relevant SNMP information
D. to perform application-level accounting
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 23
Which statement is correct in terms of the exhibit?

A. The router failed to train or successfully initialize because of a Layer 1 issue.
B. The router failed to train or successfully initialize because of a PPP negotiation issue.
C. The router cannot activate the line because the ISP has not provided the requested IP address.
D. The router cannot activate the line because of a Layer 2 authentication issue.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 24
You are a network technician at pass4sure.com, study the exhibit carefully. Which type of attack does the

A. TCP SYN DOS attacks
B. DOS smurf attack
C. traceroute message attacks
D. IP address spoofing attack
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Router B and C have establisted LDP nei session. During troubleshoot, the labels are being distributed in between 2 router B & C. But no label swapping information in LFIP table. What is most likely cause ?

A. Not yet enable CEF on all router.
B. Not yet run IGP between core-routers
C. Create wrong vrf for every customer.
D. LDP Router-id of this router but point LDP router-id of another router.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 26

Why the HostA can NOT ping Server1 ???
A. The tunnel number is diffirent on two router
B. Router 1 have configured wrong tunnel source
C. Router 1 have configured wrong tunnel destination
D. Router 2 have configured wrong tunnel source
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Exam G
QUESTION 1
Drag the protocols that are used to distribute MPLS labels from the above to the target area on the below. (Not all options will be used)

Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 2
Drag each element of the Cisco IOS Firewall Feature Set from the above and drop onto its description on the below.

Select and Place:

Correct Answer: Section: (none) Explanation

Explanation/Reference:
QUESTION 3
Match the xDSL type on the above to the most appropriate implementation on the below.

Select and Place:

Correct Answer: Section: (none) Explanation Explanation/Reference:

QUESTION 4

Select and Place:

Correct Answer:

Section: (none) Explanation Explanation/Reference:
QUESTION 5

Select and Place: Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Drag the DSL technologies on the left to their maximum(down/up) data rate values on the below.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it describes on the below.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Drag and drop each management protocol on the above to the correct category on the below.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Drag the IPsec protocol description from the above to the correct protocol type on the below.(Not all descriptions will be used)
Drag and Drop question, drag each item to its proper location.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Drag and drop the steps in the process for provisioning a cable modem to connect to a headend on the above to the below in the order defined by the DOCSIS standard.

Select and Place: Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Drag the correct statements about MPLS-based VPN on the left to the boxes on the right .(Not all statements will be used)

Select and Place: Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Drag and drop the Cisco IOS commands that would be used to configure the dialer Interface portion of a PPPoE client implementation where the client is facing the internet and private IP addressing is used on the internal network.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Drag and drop the Cisco IOS commands that would be used to configure the physical interface portion of a PPPoE client configuration.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.1.1.0.30 network on interface serial 0/0 to the correct target area on the right.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
Example of Tunnel Configuration from Cisco Website…
Configuring GRE/IPv4 Tunnels: Examples
The following example shows a simple configuration of GRE tunneling. Note that Ethernet interface 0/1 is the tunnel source for Router A and the tunnel destination for Router B. Fast Ethernet interface 0/1 is the tunnel source for Router B and the tunnel destination for Router A.
Router A
interface Tunnel0 ip address 10.1.1.2 255.255.255.0 tunnel source Ethernet0/1tunnel destination 192.168.3.2 tunnel mode gre ip

! interface Ethernet0/1ip address 192.168.4.2 255.255.255.0
Router B
interface Tunnel0 ip address 10.1.1.1 255.255.255.0tunnel source FastEthernet0/1 tunnel destination 192.168.4.2 tunnel mode gre ip

! interface FastEthernet0/1 ip address 192.168.3.2 255.255.255.0
================================== note:

Tunnel destination 10.1.1.2
should be
Tunnel destination <Remote Router IP Address>
QUESTION 15
Identify the recommended steps for worm attack mitigation by dragging and dropping them into the target area in the correct order.

Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference:
Exam H
QUESTION 1
Pass4sure is a small export company .This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP. Its network is up and operating normally. As part of its network expansion, Pass4sure has decided to connect to the internet by a broadband cable ISP. Your task is to enable this connection by use of the information below.

Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0
You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172.16.1.1
Note: Routing to the ISP: Manually configured default route
P4S-R# show ip route …. Gateway of last resort is not set
192.168.1.0/27 is subnetted, 7 subnets C 192.168.1.0 is directly connected, Ethernet0/1 D 192.168.1.32 [90/307200] via 192.168.1.2, 00:02:16,Ethernet0/1 D 192.168.1.64 [90/307200] via 192.168.1.2, 00:02:17,Ethernet0/1 D 192.168.1.96 [90/307200] via 192.168.1.2, 00:02:17,Ethernet0/1 D 192.168.1.128 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1 D 192.168.1.192 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1 D 192.168.1.224 [90/307200] via 192.168.1.3, 00:02:17,Ethernet0/1
P4S-R# show run ….
no service password-encryption
! hostname P4S-R ! boot-start-marker boot-end-marker
! no aaa new-model resource policy clock timezone PST 0 ip subnet-zero no ip dhcp use vrf connected
!
interface Ethernet0/0 description link to cable modem no ip address shutdown
!
interface Ethernet0/1 description link to corporate nework ip address 192.168.1.1 255.255.255.224
! interface Ethernet0/2 no ip address ! interface Ethernet0/3
no ip address
shutdown
!

router eigrp 1 network 192.168.1.0 auto-summary
! line con 0 line vty 0 15 end
A. Configuration sequence:
int e0/0
pppoe enable
pppoe-client dial-pool-number 1
no shutdown
exit

int dialer1
encapsulation ppp
ip address negotiated
dialer pool 1
ip mtu 1492
no shutdown
exit

ip route 0.0.0.0 0.0.0.0 dialer1
copy run start

The test ip address given in the scenario:

P4S-R# ping 172.16.1.1
!!!!! <—– if ping successful, you have completed this lab!

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 2

A company in installed new router R1 in their network. As a administrator you need to configure TACACS for the router with following configuration given below.
1.
Enable the TACACS server in R1

2.
Configure console and Aux for default authentication

3.
Cinfigure VTY for TACACS server authentication

4.
Configure the Tacacs server ip 10.2.2.2 and share key 123

5.
Login to R2 using provided username and password ( username R2, password COL )

6.
From R2 login to R1 using SSH and check the R1 TACACS ( username R1, Passwork TAC )
A. Configuration
aaa new-model
tacacs-server host 10.2.2.2 key 123 ( IP and Key may change)
aaa authentication login default local
aaa authentication login CUSTOM_LIST group tacacs+ ( Only required to allow TACACS )
line console 0
login authentication default
line aux 0
login authentication default
line vty 0 15
login authentication CUSTOM_LIST
exit
copy run start
Login to R2 with provided credentials.
R2>username R2
R2>pass : COL
R2# ssh -l 192.168.1.1 ( It should be successful !!!)
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Exam I QUESTION 1
What is preventing the 192.168.1.150 network from appearing in the P4S-HQ router’s routing table?

A. The default route is missing from the P4S-Branch4 router.
B. The IP address on the E0/0 interface for the P4S-Branch4 router has the wrong IP mask. It should be
255.255.255.252
C. The network statement under router EIGRP on the P4S-Branch4 router is incorrect. It should be network 192.168.1.0.0.0.255.
D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
E. The IP address on the tunnel interface on P4S-Branch4 is incorrect. It should be 192.168.1.12
255.255.255.252.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 2
What is the reason that tunnel 5 on the P4S-HQ router is down when its companion tunnel on the P4S-Branch5 router is up?

A. The IP address on the tunnel interface on P4S-Branch5 is incorrect. It shoud be 192.168.1.16
255.255.255.252.
B. The tunnel source for tunnel 5 is incorrect on the P4S-HQ router. It should be serial 2/0.
C. The tunnel numbers for tunnel between the P4S-HQ router and the P4S-Branch5 router do not match.
D. The tunnel destination address for tunnel 5 is incorrect on the P4S-HQ router. It should be 10.2.5.1 to match the interface address of the P4S-Branch5 router.
E. The tunnel interface for tunnel 5 on the P4S-HQ router is in the administrative down state.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 3
What is preventing the P4S-HQ router and the P4S-Branch1 router from building up an EIGRP neighbor relationship?

A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
B. The tunnel destination address is incorrect on the P4S-HQ router. It should be 10.2.1.1 to match the interface address of the P4S-Branch1 router.
C. The tunnel source is incorrect on the P4S-Branch1 router. It should be serial 2/0.
D. The default route is missing from the P4S-Branch1 router.
E. The tunnel interface numbers for the tunnel between the P4S-HQ router and P4S-Branch1 router do not match.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
www.ExamWorx.com
QUESTION 4
For the following statements, what is preventing a successful ping between the P4S-HQ router and the
192.168.1.10 interface on the P4S-Branch3 router?

A. The default route is missing from the P4S-Branch3 router.
B. The tunnel interface numbers for the tunnel between the P4S-HQ router and the P4S-Branch3 router do not match.
C. The tunnel source is incorrect on the P4S-Branch3 router. It should be serial 2/0.
D. The IP address on the tunnel interface for the P4S-Branch3 router has wrong IP mask. It should be
255.255.255.252.
E. The network statement under router EIGRP on the P4S-Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What is the reason for the ping between the P4S-HQ router and the 192.168.1.193 interface on the P4S-Branch2 router failing?

A. The default route is missing from the P4S-Branch2 router.
B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
C. The tunnel numbers for the tunnel between the P4S-HQ router and the P4S-Branch2 router do not match.
D. The tunnel source is incorrect on the P4S-Branch2 router. It should be serial 2/0.
E. The AS number for the EIGRP process on P4S-Branch2 should be 1 and not 11.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Why is the ping between the P4S-HQ router and the 192.168.1.193 interface on the P4S-Branch2 router failing?

A. The default route is missing from the P4S-Branch2 router.
B. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
C. The tunnel numbers for the tunnel between the P4S-HQ router and the P4S-Branch2 router do not match.
D. The tunnel source is incorrect on the P4S-Branch2 router. It should be serial 2/0.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
What is preventing a successful ping between the P4S-HQ router and the 192.168.1.10 interface on the P4S-Branch3 router?

A. The default route is missing from the P4S-Branch3 router.
B. The tunnel interface numbers for the tunnel between the P4S-HQ router and the P4S-Branch3 router do not match.
C. The tunnel source is incorrect on the P4S-Branch3 router. It should be serial 2/0.
D. The IP address on the tunnel interface for the P4S-Branch3 router has wrong IP mask. It should be
255.255.255.252.
E. The network statement under router EIGRP on the P4S-Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 8
What is preventing the P4S-HQ router and the P4S-Branch1 router from establishing an EIGRP neighbor relationship?

A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
B. The tunnel destination address is incorrect on the P4S-HQ router. It should be 10.2.1.1 to match the interface address of the P4S-Branch1 router.
C. The tunnel source is incorrect on the P4S-Branch1 router. It should be serial 2/0.
D. The default route is missing from the P4S-Branch1 router.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
What is the reason that tunnel 5 on the P4S-HQ router down while its companion tunnel on the P4S-Branch5 router is up?

A. The IP address on the tunnel interface on P4S-Branch5 is incorrect. It shoud be 192.168.1.16
255.255.255.252.
B. The tunnel source for tunnel 5 is incorrect on the P4S-HQ router. It should be serial 2/0.
C. The tunnel numbers for tunnel between the P4S-HQ router and the P4S-Branch5 router do not match.
D. The tunnel destination address for tunnel 5 is incorrect on the P4S-HQ router. It should be 10.2.5.1 to match the interface address of the P4S-Branch5 router.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 10
What is preventing the 192.168.1.150 network from showing up in the P4S-HQ router’s routing table?

A. The default route is missing from the P4S-Branch4 router.
B. The IP address on the E0/0 interface for the P4S-Branch4 router has the wrong IP mask. It should be
255.255.255.252
C. The network statement under router EIGRP on the P4S-Branch4 router is incorrect. It should be network 192.168.1.0.0.0.255.
D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Exam J QUESTION 1
A. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface.
B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interface.
C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface.
D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 2
A. The packet has a source address of 172.16.29.12
B. The packet has a source address of 10.94.61.29
C. The session originated from a trusted interface.
D. The application is not specified within the inspection rule SDM_LOW.
E. The packet has a source address of 198.133.219.144
F. The session originated from a untrusted interface.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
A. The packet has a source address of 10.94.61.118
B. The packet has a source address of 172.16.29.12
C. The packet has a source address of 198.133.219.16
D. The destination address is not specified within the inspection rule SDM_LOW.
E. The destination address is specified within the inspection rule SDM_LOW.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Off Shore Industry is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, your task is with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which statement is correct?

A. Both FastEthermet 0/0 and Serial 0/0/0 are trusted interface.
B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces.
C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface.
D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would specify a permissible incoming TCP packet on a trusted interface inthis configuration? (Choose two.)

A. The packet has a source address of 10.79.233.107
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.40
D. The destination address is not specified within the inspection rule SDM_LOW.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two options would be correct for a permissible incoming TCP packet on an untrusted Interface in the this configuration? (Choose two.)

A. The packedt has a source address of 10.79.233.186
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.135
D. The session originated from an untrusted interface
E. The session originated from a trusted Interface
Correct Answer: CE Section: (none) Explanation
Explanation/Reference: Exam K
QUESTION 1 You are a network engineer at pass4sure.com, can you tell me which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two.)

A. Transport Mode
B. Tunnel Mode
C. Digital Certificate
D. Pre-Shared Key
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 2 Which algorithm as defined by the transform set is used to provide data confidentiality when connected to Type?

A. ESP-3DES-SHA
B. ESP-3DES-SHA1
C. ESP-3DES-SHA2
D. ESP-3DES
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 3
Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP)
communications. Which IPSec rule is used for the Onlympia branch and what does it define?
(Choose two.)
A. 127
B. 116

C. 102
D. IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN.
E. IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 4 You work as a network engineer at pass4sure.com, can you tell me which defined peer IP address and local subnet belong to Crete? (Choose two.)

A. peer address 192.168.55.159
B. peer address 192.168.77.120
C. peer address 192.168.167.85
D. subnet 10.5.15.0/24
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:

Preparing Cisco 642-825 exam is not difficult now.You can prepare from Cisco 642-825 Certification or Cisco 642-825 dumps.Here we have mentioned some sample questions.You can use our Cisco 642-825 study material notes for test preparation. Latest Cisco 642-825 study material available.